ClientsPulse

Legal

Privacy Policy

Last updated April 27, 20265 min read
On this page
  1. 1. Overview & Roles
  2. 2. Data About You
  3. 3. Data About Your Clients
  4. 4. Subprocessors
  5. 5. Data Retention
  6. 6. Your Rights
  7. 7. Security
  8. 8. Cookies
  9. 9. Changes
  10. 10. Contact

1. Overview and Roles

TL;DR: We're the controller of your account data. We're the processor of your clients' data — you control it.

ClientsPulse ("we," "us," "Service") processes personal data in two distinct capacities:

  • Controller: We control personal data you provide when creating an account (your name, email, billing details).
  • Processor: We process your clients' personal data on your behalf. You are the data controller for your clients' data; ClientsPulse is your processor. See our Data Processing Addendum for details.

2. Data We Collect About You (Operators)

TL;DR: Account info, billing IDs (no card numbers), aggregate usage, and an audit log.

  • Account data: Name, email, business name (via Clerk).
  • Billing data: Subscription tier, PayPal transaction IDs (we never store full card numbers — PayPal handles that).
  • Usage data: Activation funnel events, NPS responses, feature usage (aggregate, not per-message).
  • Audit log: Actions you take within the app (client created, nudge approved, etc.).

3. Data We Process on Your Behalf (Your Clients)

TL;DR: We handle your client records only to run the Service. Never sold, never used for ads.

When you use ClientsPulse, you import and create records about your clients. This includes:

  • Client names and email addresses
  • Email content (BCC-ingested messages)
  • Approval decisions and comments
  • Invoice amounts and payment status
  • Uploaded files

We process this data only to provide the Service to you. We do not sell it, use it for advertising, or share it with third parties except as described in this policy.

4. Subprocessors

TL;DR: The vendors that power the Service. Each gets only the data they need.

We use the following subprocessors to deliver the Service:

  • Supabase — database, storage, and edge functions (US-East)
  • Clerk — operator authentication
  • Vercel — application hosting
  • Resend — transactional email
  • Postmark — inbound email processing
  • PayPal — subscription billing and invoicing
  • Groq — AI inference for nudge drafting (only the specific context needed for drafting is sent; no full email histories)

5. Data Retention

TL;DR: Active = kept. Deleted = 30 days then gone. Audit log = 12 months. Billing = 7 years (legal). Cancelled = 90 days then purged.

  • Active account data: retained while your subscription is active.
  • Deleted clients: 30-day soft-delete window, then permanently deleted unless you request earlier erasure.
  • Audit log: 12 months.
  • Billing records: 7 years (legal requirement).
  • Cancelled accounts: 90 days after cancellation, then purged.

6. Your Rights (GDPR / CCPA)

TL;DR: Access, fix, delete, export, or object. Email privacy@clientspulse.app — we respond in 30 days.

You have the right to:

  • Access — request a copy of your data (Settings → Export)
  • Rectification — correct inaccurate data
  • Erasure — delete your account and all associated data
  • Portability — export your data in JSON format (Settings → Export)
  • Objection — object to certain processing activities

Email privacy@clientspulse.app to exercise any right. We respond within 30 days.

7. Security

TL;DR: Encrypted in transit and at rest. Tenant isolation enforced at the database. No PII in logs.

We encrypt all data at rest and in transit (TLS 1.2+). Row-level security enforces tenant isolation at the database level. Portal tokens use HMAC-SHA256 signatures. We do not log PII.

8. Cookies

TL;DR: Session cookies only. No tracking, no ad pixels.

We use session cookies for authentication (HttpOnly, SameSite=Strict). We do not use tracking cookies or third-party ad pixels.

9. Changes

We will email you 14 days before any material change to this policy. The latest version is always at clientspulse.app/privacy.

10. Contact

Data protection inquiries: privacy@clientspulse.app.