PULSE · Privacy

Privacy Policy

Last updated · June 2026

For legal accuracy this document is maintained only in English. Other language versions, where provided, are convenience translations — the English version is the authoritative one.

What we collect

When you create an account and use PULSE, we collect:

  • Email address — for authentication, password resets, and account communication
  • Device fingerprint — a SHA-256 hash derived from your hardware identifiers (disk volume serial, CPU model, Windows machine GUID, and computer name) to enforce per-device slot limits. The raw values are never transmitted — only the hash is sent.
  • Device metadata — hostname, OS version, and app version (for admin analytics and support)
  • Country — auto-detected from your IP address via Cloudflare (ISO country code only, not precise location)
  • Subscription data — tier (Free or Pro), subscription status, billing dates, and payment metadata via Paddle (our Merchant of Record)

Separately, and independent of any account, PULSE processes two categories of anonymous data described in detail below — anonymous product analytics (on by default, opt-out) and crash/error reporting (off by default, opt-in). Neither is linked to your account or identity.

  • Anonymous product analytics (on by default — you can disable it) — to understand which features are used and to find and fix problems, PULSE sends anonymous usage and diagnostic events (feature usage, page views, session duration, command latency, and non-personal error codes). Each batch carries a random install identifier (a UUID generated once on your device, not derived from your hardware and resettable), the app version, OS version, and GPU vendor. It is not tied to your account — anonymous (signed-out) events are stored with no user ID. No name, email, file paths, machine fingerprint, or game data are included. You can turn this off entirely in Settings → Privacy, and you can reset the install identifier.
  • Crash & error reports (off by default — opt-in) — if you enable crash reporting in Settings, the app sends crash and error reports to Sentry to help us diagnose failures. These contain the stack trace, app version, OS version, and a redacted GPU/CPU model. Error text is scrubbed to remove personal data before it is sent. No file contents or game data are included. This is disabled until you explicitly turn it on, and you can disable it again at any time.

What PULSE stores locally

PULSE stores the following data on your computer at %LOCALAPPDATA%\com.pulse.app\:

  • Auth session — stored in Windows Credential Manager (not a file), contains access/refresh tokens
  • Configuration files — optimization settings, game profiles, startup delay preferences
  • Debug logs (pulse.log) — contains hardware model names, GPU/CPU info, driver versions, and operation timestamps. Rotated at 10 MB, maximum 3 files kept
  • Optimization backup — snapshot of your system settings before optimization, used for rollback

What we don't collect

  • We don't collect game data, screenshots, or gameplay information
  • We don't collect browsing history or keystrokes
  • We don't sell or share your data with third parties
  • We don't use tracking pixels or advertising identifiers
  • The anonymous product analytics described above carry no personal data — no name, email, file paths, machine fingerprint, or hardware-derived identifier. The install identifier is a random value generated on your device, not a fingerprint, and you can reset it or disable analytics entirely in Settings at any time

Network connections

PULSE connects to the internet only for the following purposes:

  • Account authentication — connects to Supabase (our auth provider) for login, signup, and session management
  • Device validation — calls pulse-account-api.valone-010.workers.dev (sends access token + device fingerprint hash)
  • Update checks — fetches pulse-optimization.com/api/version.json once every 24 hours to check for new releases (sends only the app version as User-Agent)
  • Anonymous analytics — sends batched, anonymous usage and diagnostic events to our analytics endpoint (a Cloudflare Worker). Each batch is keyed by the random install identifier, not your account. On by default; disable it in Settings → Privacy
  • Crash reports — sends scrubbed stack traces to Sentry when an unhandled error occurs (opt-in; only if you enable crash reporting in Settings)
  • Latency testing — pings standard DNS servers (8.8.8.8, 1.1.1.1) and the game servers you select on the Network page

The app does not phone home for any other reason. The anonymous analytics are aggregate product usage and diagnostics only — there is no behavioral profiling and nothing is linked to your identity. You can turn analytics off (Settings → Privacy), and crash reporting stays off until you opt in.

How we use your data

  • Account authentication and session management
  • Device slot enforcement (limiting devices per subscription)
  • Delivering software updates
  • Aggregate analytics (total users, country distribution — no individual tracking)
  • Anonymous product analytics — measuring which features are used, diagnosing problems, and prioritizing improvements (keyed only by a random install identifier, never your account)
  • No other purpose — we don't profile individuals, build behavioral profiles, or monetize your data

Data storage

Account data is stored in Supabase (PostgreSQL on AWS). API requests are processed by Cloudflare Workers. All connections use HTTPS/TLS encryption. Device fingerprints are stored as irreversible SHA-256 hashes.

Sub-processors

PULSE uses the following third-party sub-processors to deliver the service. Each has a signed Data Processing Agreement (DPA) where applicable:

  • Supabase — authentication, PostgreSQL database, and private file storage for email attachments. Region: AWS (multi-region). Supabase Privacy · DPA
  • Cloudflare — CDN, DNS, Workers (API), and Email Routing (inbound mail for support@, business@, hello@, [email protected]). Cloudflare Privacy · DPA
  • Paddle — payment processing as Merchant of Record (handles card data, tax/VAT collection, and remittance on our behalf). We never see or store card numbers. Paddle Privacy · DPA
  • Resend — transactional email (account verifications, receipts, support replies) and inbound parsing relay. Resend Privacy · DPA
  • Sentry — crash and error reporting (opt-in; off by default, enable in app Settings → Privacy). Receives scrubbed stack traces, app version, OS version, and redacted hardware identifiers only. No PII or game data. Sentry Privacy · DPA
  • Cloudflare Workers — anonymous product analytics ingest (the analytics endpoint and storage). Receives anonymous usage/diagnostic events keyed by the random install identifier, never your account. Already listed above for API and CDN. Cloudflare Privacy · DPA

Email communications

When you contact us at any of our published addresses (support@, business@, hello@, [email protected]), your email is routed through Cloudflare Email Routing to our worker, which stores the message body and any attachments in our private Supabase project so the support team can read and reply. Specifically we store:

  • Sender email, display name, subject, plain-text and/or HTML body, and the RFC 5322 Message-Id headers used for threading
  • Any attachments you include — stored as binary objects in a private Supabase Storage bucket (email-attachments) capped at 25 MB per file
  • Received/read/replied/archived timestamps used internally for inbox status

Email contents are visible only to the admin allow-list (set via the worker's ADMIN_EMAILS secret) — they are not accessible to the public, to other users, or to staff outside the allow-list. We retain emails for as long as needed to provide support, then either archive or delete on request. Email us to ask for deletion or export at any time and we will comply within 30 days. Outgoing mail we send you (account, billing, support replies) is delivered via Resend; their privacy policy governs in-transit handling.

Payment processing

Payments are processed by Paddle (our Merchant of Record). We never see or store your full credit card number. Paddle handles billing, tax/VAT collection, and remittance on our behalf. Paddle's privacy policy applies to payment data.

Data retention

Your account data is retained as long as your account exists. You can request deletion by emailing [email protected]. We will delete your account and associated data within 30 days.

Raw anonymous analytics events are retained for up to 90 days and then automatically dropped. We keep an aggregate, anonymous monthly summary (e.g. app-version and error-code trends) for longer so we can track product health over time; that summary contains no personal data and no event-level detail.

Website analytics

This website counts page views first-party and anonymously — one event per page load, sent to our own analytics endpoint (a Cloudflare Worker we operate). No third-party analytics scripts, tracking pixels, or advertising identifiers are loaded by any page. Like any website, requests are processed by our hosting provider (Cloudflare, listed under sub-processors above) in order to serve the pages.

Each event carries only the page path and a random identifier — a UUID generated in your browser and kept in localStorage, not derived from your hardware or identity, never linked to an account, and cleared whenever you clear site data. No cookies are set, there is no behavioral profiling or engagement tracking, and the counter stays silent when your browser sends the Do Not Track or Global Privacy Control signal.

Page-view counting is currently on in this browser.

Cookies

This website sets no cookies — no third-party tracking cookies, advertising IDs, or fingerprinting scripts are loaded. Browser-side storage is limited to localStorage: your theme and language preferences and, unless you opt out above, the random analytics identifier.

Your rights (GDPR / CCPA)

You have the right to:

  • Access your account data — request a copy by emailing support
  • Correct inaccurate data — update your email or country directly in account settings
  • Delete your account and all associated data — request via email or in-app
  • Export your data in a machine-readable format (JSON)
  • Opt out of anonymous product analytics — turn it off in app Settings → Privacy (on by default), and reset the random install identifier there too
  • Withdraw consent for crash & error reporting — turn it off in app Settings → Privacy (off by default)
  • Object to processing for any reason — contact support

We respond to requests within 30 days. There is no charge for any of these actions.

Children's privacy

PULSE is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete the account.

Changes

We may update this policy as the product and our legal obligations evolve. Material changes are announced via the in-app changelog and the website. The "Last updated" date at the top of this page always reflects the most recent revision.

Contact

Privacy questions or rights requests? Email [email protected] or join the PULSE Discord.

Related: Terms of Service · Help