1. Data we handle
Account creation stores the name, email address, password hash, workspace name, plan, connection status, normalized marketing metrics, and saved insight reports required to provide the product. Passwords are hashed and are not stored in plain text.
2. Demo and connected data
The public demo uses deterministic fictional data. Signed-in workspaces also use clearly labeled demo data until normalized rows are imported. CSV and automation ingestion store only the submitted daily aggregates. Automation tokens are displayed once and stored as hashes. When Stripe Payments sync is activated, its key stays server-side and PulseDeck stores only daily aggregate payment counts and revenue—not card details.
3. Sessions and service providers
PulseDeck uses a secure session cookie for authentication. A deployment operator may use Vercel for hosting, a buyer-selected database provider, Stripe for billing or payment metrics, and Anthropic for AI responses. Each provider processes data under its own terms.
4. Use, retention, and disclosure
Data is used to operate, secure, and improve the service. PulseDeck does not sell personal data. The operator may retain records while an account is active and for a reasonable period afterward for security, legal, and backup purposes. Data may be disclosed when required by law or during an asset transfer subject to appropriate safeguards.
5. Your choices
Users may request access, correction, export, or deletion through the contact method in the marketplace listing or the operator details supplied after acquisition. Disconnecting an integration removes that channel's stored metric rows and stops future syncs; deleting an account may require operator assistance in this evaluation build.
6. Security and changes
Reasonable technical controls include server-side credentials, signed sessions, tenant scoping, rate limits, and security headers. No system is risk-free. Material policy changes should be dated and published by the deployment operator before commercial launch.