Privacy Policy

Effective: March 4, 2026

This Privacy Policy ("Policy") describes how Flynn McConneloug ("Pulse," "we," "us," or "our") collects, uses, stores, and protects information obtained from users ("you" or "your") of the Pulse mobile application and website (collectively, the "Service"). By accessing or using the Service, you consent to the data practices described in this Policy.

1. Information We Collect

We collect the following categories of information:

1.1 Account Information. When you create an account using Sign in with Apple, we receive your name and email address (or an Apple-generated relay address, if you choose to hide your email). We store a unique user identifier, display name, and authentication credentials.

1.2 Calendar and Scheduling Data. With your explicit permission, Pulse accesses calendar events from Apple Calendar (via EventKit) and/or Google Calendar (via Google OAuth2). This includes event titles, dates, times, locations, and associated notes. Calendar data from Apple Calendar is read locally on your device and transmitted to our server only when you initiate a chat request.

1.3 Email Data. With your explicit permission, Pulse accesses email metadata from Gmail (via Google OAuth2) and/or Apple Mail (via IMAP). This includes sender names, subject lines, dates, and message snippets. We access email content solely to provide you with summaries and to facilitate email-related actions you request.

1.4 Reminders and Tasks. With your explicit permission, Pulse accesses incomplete reminders from Apple Reminders (via EventKit) and tasks from Google Tasks (via Google OAuth2). This includes task titles, due dates, and notes.

1.5 Chat Data. We store messages you send to and receive from the Pulse AI assistant, including any text, images, or attachments you provide. Chat history is associated with your user account.

1.6 Device Information. We collect device push notification tokens for the sole purpose of delivering notifications you have configured. We do not collect device identifiers, IP addresses, or usage analytics.

1.7 Beta Tester Information. If you sign up as a beta tester via our website, we collect your name and Apple ID email address for the sole purpose of sending TestFlight invitations.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery. To display your schedule, reminders, emails, and tasks within the app, and to respond to your queries through the AI assistant.
• AI Processing. Your messages, along with contextual data from your connected accounts (calendar events, reminders, email metadata), are transmitted to Anthropic, PBC ("Anthropic") for processing by the Claude AI model. This processing is necessary to generate relevant, context-aware responses. Anthropic's data handling is governed by their Privacy Policy and their Usage Policy, which prohibit the use of API inputs to train their models.
• Automated Tasks. To execute automations you configure, such as morning briefings, deadline alerts, and email digests.
• Notifications. To deliver push notifications for reminders, automation results, and alerts you have enabled.
• Action Execution. To create, modify, or delete calendar events, reminders, and tasks on your behalf when you explicitly request such actions through the AI assistant.

3. Data Storage and Security

3.1 Server-Side Storage. Your account data, chat history, integration credentials, and automation configurations are stored in a PostgreSQL database hosted by Supabase, Inc. ("Supabase"). Supabase provides:

• Encryption in transit via TLS 1.2+
• Encryption at rest via AES-256
• Row Level Security (RLS) policies ensuring each user can only access their own data
• SOC 2 Type II compliance

3.2 Device-Side Storage. Authentication tokens and sensitive credentials are stored in the iOS Keychain, Apple's encrypted on-device credential storage. Non-sensitive preferences are stored in UserDefaults.

3.3 OAuth Token Security. Google OAuth2 tokens and Apple Mail credentials are stored in the Supabase database, accessible only through authenticated API requests scoped to your user account. Tokens are never exposed in client-side code or transmitted to any party other than the respective service provider (Google, Apple).

3.4 Backend Infrastructure. Our application server is hosted on a Virtual Private Server (VPS) secured with SSH key authentication, firewall rules, and HTTPS via automated TLS certificates.

4. Data Sharing and Disclosure

We do not sell, rent, lease, or trade your personal information. We share your data only with the following parties, solely as necessary to provide the Service:

• Anthropic, PBC — Receives your chat messages and connected account context for AI processing. Anthropic does not use API inputs to train models and deletes inputs within 30 days per their data retention policy.
• Supabase, Inc. — Hosts our database and authentication infrastructure. Acts as a data processor on our behalf.
• Google LLC — Receives OAuth2 token requests to access your Google Calendar, Gmail, and Google Tasks data on your behalf.
• Apple Inc. — Processes Sign in with Apple authentication and provides access to Apple Calendar and Reminders via on-device frameworks.

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Pulse, our users, or the public.

5. Google API Services Compliance

Pulse's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request access to Google data that is necessary for the features you use.
• We do not use Google data for advertising purposes.
• We do not transfer Google data to third parties except as necessary to provide the Service (i.e., Anthropic for AI processing), with your consent, for security purposes, or to comply with applicable law.
• We do not use Google data to train machine learning or AI models.

6. Data Retention

We retain your data for the following periods:

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Chat history: Conversations older than 90 days are automatically deleted. You may manually delete individual conversations at any time.
• Integration tokens: Deleted immediately when you disconnect an integration or delete your account.
• Automation results: Retained while associated automation is active.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access. You may request a copy of the personal information we hold about you.
• Deletion. You may request deletion of your account and all associated data. We will process deletion requests within 30 days.
• Disconnection. You may disconnect any third-party integration at any time through the app's Settings screen. Disconnection immediately revokes our access to that service's data.
• Portability. You may request your data in a machine-readable format.
• Correction. You may request correction of inaccurate personal information.

To exercise any of these rights, contact us at johnflynn850@gmail.com.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us at johnflynn850@gmail.com.

9. State Privacy Rights

California Residents (CCPA/CPRA). California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at johnflynn850@gmail.com.

Other U.S. States. Residents of states with applicable privacy laws (including Virginia, Colorado, Connecticut, and Utah) may have similar rights. Contact us to exercise any applicable rights.

10. International Data Transfers

Your data may be processed in the United States regardless of your location. By using the Service, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or via email at least 7 days before the changes take effect. The "Effective" date at the top of this Policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Flynn McConneloug
Email: johnflynn850@gmail.com
Salt Lake City, Utah, United States