Enterprise Customer Privacy Policy

Last updated: 2023-09-22 Contact: support@pulsedive.com You may also contact us via the Contact form. Pulsedive Enterprise is a dedicated, threat intelligence platform provided by Pulsedive. You can read more about Pulsedive Enterprise at pulsedive.com/enterprise. Please be sure to read our Terms of Service, which governs your use of our Services. A separate agreement may have been executed which supersedes our Terms of Service regarding the use of Pulsedive Enterprise or other premium services. This Privacy Policy covers topics related to your personal data, including:

What data we collect from you
How we use this data
Who we share the data with
Our security practices
Your rights as a user

A separate Privacy Policy for Pulsedive Community and related services is available at pulsedive.com/privacy.

Definitions

"We," "our," "us," "Pulsedive" refers to Pulsedive LLC. "You," "yourself," "your" means users and clients of Pulsedive and our Services, defined below. "Services" means all websites, APIs, products, subscriptions, and any other paid and free services and software developed, produced, provided by, and otherwise created by Pulsedive, and furnished to you through your Pulsedive Enterprise instance. "Content" refers to any information, text, reports, graphics, links, audio, photos, videos, or other materials uploaded, downloaded, or appearing on the Services. "Personal data" means any information relating to an identified or identifiable natural person. "Data processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Consent and Lawful Processing

By using and accessing the Services, you agree that you have read, understood, and consent to be bound by the latest revision of this Privacy Policy, as well as our Terms of Service, which governs your use of our Services, or any separate agreement which may have been executed that supersedes our Terms of Service. There may be certain conditions that are not based on consent where data processing is deemed lawful and necessary. Such conditions are summarized below and may differ by jurisdiction.

Anonymization and Non-Personal Information

Processing of data that is anonymized, or otherwise cannot be used to identify you, is not considered personal data and is outside the scope of this Privacy Policy.

Legal Obligations

Data processing may be necessary for compliance with certain legal obligations.

Performance of a Contract

Data processing may be necessary for the performance of an agreement with you.

Legitimate Interests

Data processing may be necessary for the purposes of legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

Security

Data processing may be necessary for our security, for example to protect our Services from abuse or performance degradation, or to enforce data limits for our Services.

What data do we collect, and how?

While you're using the Services, we collect data from you. Some data is collected automatically, while other data you may provide voluntarily.

Technical Data

This is data that we collect automatically when you access the Services. Since some of the technical data we collect may be used to identify an individual, it is considered personal information. We collect the following technical data automatically:

IP address
Browser user-agent
Session cookie
User ID*
API key*

* A user account must be created to access Pulsedive Enterprise. Your API key and user ID are collected only if you have an account in your Pulsedive Enterprise instance.

Account Data

This is data that you provide to us when you create a Pulsedive Enterprise account. Account data includes:

Email address
Username
Password
Job title (optional)
Company (optional)

Financial Data

When you purchase a service from Pulsedive, you are required to provide financial data to provide payment. Pulsedive provides multiple ways of purchasing Pulsedive Enterprise. The information below may differ based on the parties authorizing and providing payment and the method of payment for Pulsedive Enterprise. Financial data may include, depending on the nature of the transaction:

Point-of-contact details, including first name, last name, and email address
Details of any organizations and partners directly associated with procurement, including physical address and email address
Payment information such as credit card or bank details
Billing email address
Billing address and shipping address

Integrations Data

Enterprise users have the ability to use our native third-party integrations with third-party services such as VirusTotal. You must provide your API key for the third-party services you wish to use. This functionality is completely optional.

How do we use your data?

This section covers how we use the data we collect from you.

Rate Limiting

We use your user ID, API key, IP address, and session cookie to limit your user requests to our Services. Data processing for this purpose is necessary to enforce data limits for our Services, as well as to protect our infrastructure from degradation from too many concurrent user requests.

Security Logging and Troubleshooting

We store your IP address, browser user-agent, session cookie, API key, and user ID, as well as request details like the pages you visit, automatically while you use our Services. This is necessary for security purposes, including detecting infiltration attempts and abuse, and for identifying problems with the operation of our Services.

User Registration

We use the account data you provide during user registration to create your Pulsedive Enterprise account. When you create a Pulsedive Enterprise account, you provide explicit consent to process your data for this purpose.

Customer Support and Communication

We may use your technical and account data to resolve customer support requests that you submit, to reply to your feedback and other requests, or to otherwise communicate important account updates with you.

Purchases

We use the financial data you provide during the purchase process to execute a financial transaction for granting you the necessary access to use our Services. Data processing for this purpose is necessary for compliance with certain legal obligations, and to fulfill an agreement with you.

User Submissions

If you choose to submit content to Pulsedive Enterprise, we will use that data to improve the data set in your Pulsedive Enterprise instance. This data will be made available through your Pulsedive Enterprise instance, and will not be available outside of your Pulsedive Enterprise instance. Read our Terms of Service or other relevant executed agreements for more information. When you create a Pulsedive Enterprise account, You provide explicit consent for this purpose.

Third Party Integrations

We use third-party API keys that you provide for the native third-party integrations functionality in order to fetch data from these third-party services on your behalf. This functionality is completely optional. Data processing for this purpose is necessary to fulfill an agreement with you.

Marketing

With your explicit written consent, we may use your name, job title, or company information to promote our services.

How do we store your data?

This section covers how we store data that we process ourselves. Data may be stored via other means once it is shared with third parties; data sharing is covered in the next section.

Country

Pulsedive is a US-based company. Our main storage locations are located in the United States of America. Your Pulsedive Enterprise instance may be hosted in a different country, with your consent, to reduce latency and improve performance during your use of Pulsedive Enterprise.

Database

Web logs, API logs, account data, submission data, and integrations data are all stored in the database on your Pulsedive Enterprise instance.

Backups

We periodically perform backups of the database on your Pulsedive Enterprise instance and storage volumes where the database resides.

Infrastructure

Our infrastructure resides with our hosting provider, DigitalOcean.

How do we share your data?

This section summarizes what we share or reserve the right to share with other parties.

Google Workspace

Google's Privacy Policy: policies.google.com/privacy We use Google Workspace and Google Drive internally to keep track of customers, sales cycles, user requests, legal documents, and more. This is done both for compliance purposes and to enable us to run our business efficiently. If you create a Pulsedive account, purchase a Pulsedive service, or provide your contact information to us, your information may be stored in internal documents that are uploaded to Google Drive, modified with Google Docs or Google Sheets, or otherwise shared with Google via similar means.

Monday

Monday's Privacy Policy: monday.com/privacy We use Monday internally as a project management tool, and to keep track of customers, sales cycles, user requests, and more. This helps us to run our business efficiently. If you create a Pulsedive account, purchase a Pulsedive service, or provide your contact information to us, your information may be stored in Monday items or internal documents that are uploaded to Monday.

SendGrid

Twilio's Privacy Policy: twilio.com/privacy We use SendGrid to send automated emails, including registration emails, password recovery emails, and more. In order for us to send automated emails using SendGrid, your email address must be shared with them.

Stripe

Stripe's Privacy Policy: stripe.com/privacy We use Stripe as our payment processor. If you purchase Pulsedive Enterprise, your financial information may be shared and stored with Stripe.

Quickbooks Online (QBO)

Intuit's Privacy Policy: intuit.com/privacy We use Quickbooks Online internally to track our finances. If you've purchased Pulsedive Enterprise, relevant financial, contact, and organizational information may be stored in Quickbooks Online.

Typeform

Typeform's Privacy Policy: admin.typeform.com/to/dwk6gt/ We may use Typeform to collect information for payment requests. If you’ve sent a request for an alternate payment for Pulsedive Enterprise through Typeform, your responses to our questionnaire are saved in Typeform. Responses are periodically deleted from Typeform about every 3 months.

Third Party Integrations

You have the ability to use our native third-party integrations with third-party services after you provide your third-party API key to Pulsedive. For us to deliver this functionality, we must share your third-party API key with the respective third-parties, which are listed below. VirusTotal Privacy Policy: support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy Shodan Privacy Policy: account.shodan.io/privacy AbuseIPDB Privacy Policy: abuseipdb.com/legal

External Links

Our Services may contain links to third-party websites or resources. They may also contain comments and/or posts with non-anchored linked URLs. These links are not bound by this Privacy Policy and may be subject to different terms. We are not responsible for information collected upon visiting these links.

Public Information

Information you provide in your Pulsedive Enterprise instance is not displayed publicly.

Laws and Legal Requirements

Notwithstanding anything to the contrary in this Privacy Policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our or our users’ rights or property. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.

Merger or Acquisition

In the event that Pulsedive is involved in a merger, acquisition, exclusive licensing transaction, or asset sale, we may disclose or transfer any information collected, including your personal information, to our prospective counterparty.

How do we protect your data?

This section covers some of the security controls and practices that we have in place in order to protect your data. This is not an exhaustive list.

"Need-To-Know"

We avoid collecting information we don't need or use. Information on data processing is outlined in the sections above.

Encrypted Communications

Our services will always operate over HTTPS to protect communications to and from Pulsedive. You can read more on HTTPS here.

Password Storage

Your password is obfuscated securely using the bcrypt password hashing algorithm and a randomly generated salt. You can read more on password hashing and bcrypt here.

Input Sanitation

We implement best practices to sanitize all unsafe inputs across our technology stack to prevent successful attacks such as cross-site scripting attacks and JavaScript injection.

Prepared Statements

All of our database statements are executed as prepared statements to prevent successful attacks such as SQL injection.

How do we use cookies?

A cookie is a small data file that is transferred to your device when you visit a website. You can read more on browser cookies here. This section describes how we use cookies. Although most web browsers automatically accept cookies, some browsers’ settings can be modified to decline cookies or alert you when a website is attempting to place a cookie on your computer or mobile device. Blocking or disabling cookies will prevent Pulsedive Enterprise from logging you in and maintaining your session. Pulsedive Enterprise will not function properly without this functionality.

Login Session

We use cookies to retain a unique session identifier that allows us to keep your login session open. This is required to access and use some features in Pulsedive Enterprise.

Your rights, and how to exercise them

Every user is entitled to certain data protection rights, which are listed below along with an explanation of how to reasonably exercise them.

Accessing Your Data

You can access your Pulsedive Enterprise account information, submission data, web logs, and API logs via the Account page in your Pulsedive Enterprise instance.

Updating Your Data

You can update your Pulsedive Enterprise account information (under certain conditions), including your email address, job title, organization name, and password via the Account page in your Pulsedive Enterprise instance. You may request that your Pulsedive Enterprise username be changed by contacting us. We may deny this request for security, compliance, or auditing purposes. You can update your billing and financial information by contacting us.

Deleting Your Data

Some of your Pulsedive Enterprise information can be modified and removed via the Account page in your Pulsedive Enterprise instance, including your job title and company. You can delete your Pulsedive Enterprise account, and all associated data that is not kept for compliance purposes, security purposes, record-keeping, request tracking, and other legitimate and reasonable purposes, via the Account page in your Pulsedive Enterprise instance.

Withdrawing Consent for Data Processing

You can withdraw consent for data processing, under certain conditions, by deleting your Pulsedive Enterprise account.

Policy Updates

This Privacy Policy may be updated at any time, with or without notice. Updates will be reflected in the Privacy Policy in your Pulsedive Enterprise instance. Only the most current version of this Privacy Policy will govern our data processing and sharing activities. By continuing to use our Services, you agree to be bound by the latest revision of this Privacy Policy. We may attempt to communicate updates to the Privacy Policy via our services in compliance with international data protection and processing regulations and contractual obligations.