Privacy Policy

1. Information We Collect

When you use Pulso Dashboard, we may collect the following categories of information:

• Account information: Email address and password used to create your Pulso account.
• Meta (Facebook & Instagram) data: When you authorize Pulso via Facebook Login for Business, we receive a System User access token that grants read-only access to: (a) your basic Facebook profile (id, name) for account association; (b) the Facebook Pages you choose to share, including page name, follower count, and engagement metrics (likes, comments, shares on posts you publish); (c) Facebook Page insights such as reach, impressions, page views, and follower demographics over time; (d) the Instagram Business Account linked to those Pages, including profile data (username, biography, follower count, media count) and media items (posts, reels, stories) with their associated like/comment/save/reach counts; (e) Instagram audience insights (top countries, cities, age, gender split, online followers by hour); (f) the Meta Ad Accounts you choose to share, including campaign performance metrics (spend, clicks, impressions, conversions, CTR) for the past 30 days. We never receive or read messages, DMs, or content authored by people other than you.
• Other third-party platform data: When you connect TikTok, LinkedIn, Google Analytics, Google Search Console, or Google Ads, we access analytics metrics through their official read-only APIs.
• Usage data: Dashboard interactions, feature usage, and AI-generated insights requested.
• Payment information: Processed securely via Stripe. We do not store credit card numbers.

2. How We Use Your Data

We use collected data exclusively to:

• Display marketing analytics and performance metrics within your dashboard.
• Generate AI-powered insights and recommendations based on your connected platform data.
• Track your token balance and usage for billing purposes.
• Improve platform performance and user experience.

We do not sell, rent, or share your personal data or marketing metrics with third parties for advertising or marketing purposes.

3. Third-Party Platform Access

When you connect accounts from Instagram (Meta), TikTok, LinkedIn, or Google services:

• We request only the minimum permissions necessary to read your analytics data.
• For Meta (Facebook & Instagram), we use Facebook Login for Business with System User access tokens. These tokens are scoped read-only to the specific assets (Page, Instagram Business Account, Ad Account) you explicitly select during the OAuth authorization.
• Access tokens are stored securely on our servers, never exposed to the browser.
• We access data in read-only mode — we never post, modify, or delete content on your behalf, and we never read direct messages, comments, or content authored by people other than you.
• You can disconnect any platform at any time from your Settings panel; this immediately deletes the stored access token from our database.

4. Data Storage and Security

• Your data is stored in Supabase (PostgreSQL) with Row-Level Security policies ensuring tenant isolation.
• All API communications use HTTPS encryption.
• Authentication tokens are held in memory during sessions — never stored in browser local storage.
• Third-party API credentials are stored server-side in encrypted environment variables.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account:

• Your personal information and stored tokens are deleted within 30 days.
• Connected third-party tokens are revoked immediately.
• Anonymised usage statistics may be retained for service improvement.

6. Your Rights (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated data.
• Export your data in a portable format.
• Withdraw consent for data processing at any time.
• Object to processing or request restriction.

To exercise these rights, contact us at matias@pulsodashboard.com.

7. Cookies and Analytics

The Pulso Dashboard application itself (app.pulsodashboard.com) does not use tracking cookies or third-party analytics. Authentication uses essential session tokens only.

Our public website (pulsodashboard.com) and policy pages use Google Analytics (gtag.js) to measure aggregate visitor metrics. This applies only to the public-facing pages, not to the authenticated dashboard or the Meta-derived data.

8. Children's Privacy

Pulso Dashboard is a business-to-business service and is not intended for use by individuals under the age of 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top reflects the most recent revision.

10. Contact