Privacy Policy
Last updated: April 10, 2026
This Privacy Policy explains how CompanyPulse collects, uses, shares, and protects personal data when you use our website and product.
1. Information We Collect
We collect the following categories of data:
- Account data: name, email address, profile avatar, authentication provider identifiers, and role in your organization.
- Workspace data: status updates, blocker notes, survey responses, idea boards, comments, action plans, and related metadata.
- Integration data: integration connection metadata and activity summaries from connected tools (for example issue titles, PR status, event timestamps). We do not ingest your source code repository contents unless explicitly provided through integration APIs.
- Usage and device data: IP address, browser type, device identifiers, log timestamps, and security events.
- Cookie/session data: essential session and authentication cookies needed to operate the service.
2. How We Use Information
We use personal data to:
- Provide and operate CompanyPulse features and accounts.
- Generate AI summaries, digests, and insights in-product.
- Send service notifications and support messages.
- Detect abuse, fraud, and unauthorized access.
- Improve reliability, product quality, and UX.
- Comply with legal and regulatory obligations.
We do not sell personal data. We do not use customer data to train public AI models.
3. Sharing and Subprocessors
We share data only with subprocessors necessary to provide the service, under contractual confidentiality and data protection commitments.
| Provider | Purpose | Region |
|---|---|---|
| Hetzner | Infrastructure hosting | Germany (EU) |
| Anthropic | AI summarization and insight processing | United States |
| SMTP provider | Transactional email delivery | EU/US (provider dependent) |
| Cloudflare | CDN, network security, DDoS protection | Global |
A dedicated subprocessor list will be maintained at /privacy/subprocessors.
4. Retention and Security
- Account data is retained while your account is active and up to 30 days after deletion requests are completed.
- Workspace data is retained according to your organization settings and applicable legal obligations.
- Notification logs are typically pruned after 90 days.
- Data is encrypted in transit (TLS 1.2+) and protected at rest through infrastructure-level encryption controls.
5. Your Rights
Depending on your jurisdiction (including under GDPR), you may have rights to access, rectify, erase, restrict processing, object, and request portability of your personal data. You can also request data export where available.
To exercise these rights, contact office@getcompanypulse.com.
6. International Transfers
Primary infrastructure is hosted in the EU (Germany). Some processing operations, such as AI inference and certain support services, may involve transfers outside the EU (including the US). We apply appropriate safeguards as required by applicable law.
7. Cookies
CompanyPulse uses essential cookies and session storage required for authentication, security, and core product functionality. We do not run third-party advertising cookies.
8. Children
CompanyPulse is not directed at children under 16. We do not knowingly collect personal data from children.
9. Data Controller and DPO
CompanyPulse acts as data controller for website and account administration data, and as processor for customer workspace data where applicable. For data protection matters, contact office@getcompanypulse.com.
10. Changes and Contact
We may update this policy periodically. Material changes will be reflected by updating the date on this page.
General inquiries: office@getcompanypulse.com
Privacy inquiries: office@getcompanypulse.com