1. Introduction

PulseGuardian LLC ("PulseGuardian," "we," "our," or "us") is committed to protecting your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at pulseguardian.com and our mobile application (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our Service.

PulseGuardian LLC is registered in the United States and operates globally. We take your privacy seriously and comply with applicable data protection laws including GDPR for European users.

2. Information We Collect

We collect several types of information to provide and improve our Service:

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our health monitoring Service
• To generate AI-powered personalized health insights and weekly reports
• To send health alerts, anomaly notifications, and medication reminders
• To process subscription payments and manage your billing
• To send transactional emails such as account confirmations and receipts
• To improve and personalize your experience on our platform
• To analyze usage patterns and improve our Service features
• To provide customer support and respond to your inquiries
• To detect and prevent fraudulent or unauthorized use
• To comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Service Providers: Trusted third-party vendors who assist in operating our platform, such as Stripe (payments), SendGrid (emails), and Supabase (database hosting). These providers are bound by strict data processing agreements.
• AI Processing: Health data is sent to OpenAI's API solely to generate your personalized health insights. OpenAI does not retain this data for training purposes under our enterprise agreement.
• Family/Team Members: If you invite members to your Family or Business plan, aggregated health scores are visible to the account owner only with your explicit consent.
• Legal Requirements: We may disclose your information if required by law, court order, or to protect the rights and safety of our users.
• Business Transfers: In the event of a merger or acquisition, your data may be transferred as part of that transaction with prior notice to you.

5. Data Security

We implement industry-leading security measures to protect your personal and health data:

• All data is encrypted using AES-256 encryption at rest
• All data transmitted between your device and our servers uses TLS 1.3 encryption
• Passwords are hashed using bcrypt with salt — we never store plain text passwords
• Payment data is handled exclusively by Stripe (PCI DSS Level 1 compliant)
• We use Row Level Security (RLS) to ensure users can only access their own data
• Regular security audits and vulnerability assessments are conducted
• Two-factor authentication (2FA) is available for all accounts

While we implement these safeguards, no method of transmission over the Internet is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services:

• Active accounts: Data is retained for the lifetime of your account
• Cancelled accounts: Data is retained for 30 days after cancellation, then permanently deleted
• Health data: Deleted immediately upon your request or within 30 days of account closure
• Payment records: Retained for 7 years as required by tax and financial regulations
• Support communications: Retained for 2 years for quality assurance

You may request deletion of your data at any time by contacting us at privacy@pulseguardian.com.

7. Your Rights

Depending on your location, you have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct any inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@pulseguardian.com. We will respond within 30 days.

8. Cookies & Tracking

We use cookies and similar tracking technologies to improve your experience:

• Essential Cookies: Required for the platform to function (login sessions, security tokens)
• Analytics Cookies: Help us understand how users interact with our platform (Google Analytics)
• Preference Cookies: Remember your settings and preferences

You can control cookie settings through your browser settings. Disabling essential cookies may affect the functionality of our Service.

9. Children's Privacy

Our Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@pulseguardian.com and we will delete such information immediately.

10. International Data Transfers

PulseGuardian LLC is based in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

For users in the European Economic Area (EEA), we ensure that any transfer of personal data outside the EEA is subject to appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by:

• Sending an email notification to your registered email address
• Displaying a prominent notice on our website
• Updating the "Last Updated" date at the top of this policy

Your continued use of our Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@pulseguardian.com
• Support: support@pulseguardian.com
• Website: pulseguardian.com
• Company: PulseGuardian LLC