Enterprise Customer Privacy Policy
Last updated: 2024-08-28
Contact:
support@pulsedive.com
You may also contact us via the Contact form.
Pulsedive Enterprise is a dedicated, threat intelligence platform provided by Pulsedive. You can read more about Pulsedive Enterprise at
pulsedive.com/enterprise.
Please be sure to read our
Terms of Service, which governs your use of our Services. A separate agreement may have been executed which supersedes our Terms of Service regarding the use of Pulsedive Enterprise or other premium services.
This Privacy Policy covers topics related to your personal data, including:
- What data we collect from you
- How we use this data
- Who we share the data with
- Our security practices
- Your rights as a user
A separate Privacy Policy for Pulsedive Community and related services is available at
pulsedive.com/privacy.
Definitions
"We," "our," "us," "Pulsedive" refers to Pulsedive LLC.
"You," "yourself," "your" means users and clients of Pulsedive and our Services, defined below.
"Services" means all websites, APIs, products, subscriptions, and any other paid and free services and software developed, produced, provided by, and otherwise created by Pulsedive, and furnished to you through your Pulsedive Enterprise instance.
"Content" refers to any information, text, reports, graphics, links, audio, photos, videos, or other materials uploaded, downloaded, or appearing on the Services.
"Personal data" means any information relating to an identified or identifiable natural person.
"Data processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Consent and Lawful Processing
By using and accessing the Services, you agree that you have read, understood, and consent to be bound by the latest revision of this Privacy Policy, as well as our
Terms of Service, which governs your use of our Services, or any separate agreement which may have been executed that supersedes our Terms of Service.
There may be certain conditions that are not based on consent where data processing is deemed lawful and necessary. Such conditions are summarized below and may differ by jurisdiction.
Anonymization and Non-Personal Information
Processing of data that is anonymized, or otherwise cannot be used to identify you, is not considered personal data and is outside the scope of this Privacy Policy.
Legal Obligations
Data processing may be necessary for compliance with certain legal obligations.
Performance of a Contract
Data processing may be necessary for the performance of an agreement with you.
Legitimate Interests
Data processing may be necessary for the purposes of legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
Security
Data processing may be necessary for our security, for example to protect our Services from abuse or performance degradation, or to enforce data limits for our Services.
What data do we collect, and how?
While you're using the Services, we collect data from you. Some data is collected automatically, while other data you may provide voluntarily.
Technical Data
This is data that we collect automatically when you access the Services. Since some of the technical data we collect may be used to identify an individual, it is considered personal information.
We collect the following technical data automatically:
- IP address
- Reverse DNS (PTR) record
- Browser user-agent
- Session cookie
- HTTP referer
- User ID*
- API key*
* A user account must be created to access Pulsedive Enterprise. Your API key and user ID are collected only if you have an account in your Pulsedive Enterprise instance.
Account Data
This is data that you provide to us when you create a Pulsedive Enterprise account.
Account data includes:
- Email address
- Username
- Password
- Job title (optional)
- Company (optional)
Financial Data
When you purchase a service from Pulsedive, you are required to provide financial data to provide payment. Pulsedive provides multiple ways of purchasing Pulsedive Enterprise.
The information below may differ based on the parties authorizing and providing payment and the method of payment for Pulsedive Enterprise.
Financial data may include, depending on the nature of the transaction:
- Point-of-contact details, including first name, last name, and email address
- Details of any organizations and partners directly associated with procurement, including physical address and email address
- Payment information such as credit card or bank details
- Billing email address
- Billing address and shipping address
Integrations Data
Enterprise users have the ability to use our native third-party integrations with third-party services such as VirusTotal. You must provide your API key for the third-party services you wish to use. This functionality is completely optional.
How do we use your data?
This section covers how we use the data we collect from you.
Rate Limiting
We use your user ID, API key, IP address, and session cookie to limit your user requests to our Services. Data processing for this purpose is necessary to enforce data limits for our Services, as well as to protect our infrastructure from degradation from too many concurrent user requests.
Security Logging and Troubleshooting
We store your IP address, browser user-agent, session cookie, API key, and user ID, as well as request details like the pages you visit, automatically while you use our Services. This is necessary for security purposes, including detecting infiltration attempts and abuse, and for identifying problems with the operation of our Services.
User Registration
We use the account data you provide during user registration to create your Pulsedive Enterprise account. When you create a Pulsedive Enterprise account, you provide explicit consent to process your data for this purpose.
Customer Support and Communication
We may use your technical and account data to resolve customer support requests that you submit, to reply to your feedback and other requests, or to otherwise communicate important account updates with you.
Purchases
We use the financial data you provide during the purchase process to execute a financial transaction for granting you the necessary access to use our Services. Data processing for this purpose is necessary for compliance with certain legal obligations, and to fulfill an agreement with you.
User Submissions
If you choose to submit content to Pulsedive Enterprise, we will use that data to improve the data set in your Pulsedive Enterprise instance. This data will be made available through your Pulsedive Enterprise instance, and will not be available outside of your Pulsedive Enterprise instance. Read our
Terms of Service or other relevant executed agreements for more information. When you create a Pulsedive Enterprise account, You provide explicit consent for this purpose.
Third Party Integrations
We use third-party API keys that you provide for the native third-party integrations functionality in order to fetch data from these third-party services on your behalf. This functionality is completely optional. Data processing for this purpose is necessary to fulfill an agreement with you.
Marketing
With your explicit written consent, we may use your name, job title, or company information to promote our services.
How do we store your data?
This section covers how we store data that we process ourselves. Data may be stored via other means once it is shared with third parties; data sharing is covered in the next section.
Country
Pulsedive is a US-based company. Our main storage locations are located in the United States of America. Your Pulsedive Enterprise instance may be hosted in a different country, with your consent, to reduce latency and improve performance during your use of Pulsedive Enterprise.
Database
Web logs, API logs, account data, submission data, and integrations data are all stored in the database on your Pulsedive Enterprise instance.
Backups
We periodically perform backups of the database on your Pulsedive Enterprise instance and storage volumes where the database resides.
Infrastructure
Our infrastructure resides with our hosting provider,
DigitalOcean.
How do we share your data?
This section summarizes what we share or reserve the right to share with other parties.
Google Workspace
Google's Privacy Policy: policies.google.com/privacy
We use Google Workspace and Google Drive internally to keep track of customers, sales cycles, user requests, legal documents, and more. This is done both for compliance purposes and to enable us to run our business efficiently.
If you create a Pulsedive account, purchase a Pulsedive service, or provide your contact information to us, your information may be stored in internal documents that are uploaded to Google Drive, modified with Google Docs or Google Sheets, or otherwise shared with Google via similar means.
Monday
Monday's Privacy Policy: monday.com/privacy
We use Monday internally as a project management tool, and to keep track of customers, sales cycles, user requests, and more. This helps us to run our business efficiently. If you create a Pulsedive account, purchase a Pulsedive service, or provide your contact information to us, your information may be stored in Monday items or internal documents that are uploaded to Monday.
SendGrid
Twilio's Privacy Policy: twilio.com/privacy
We use SendGrid to send automated emails, including registration emails, password recovery emails, and more. In order for us to send automated emails using SendGrid, your email address must be shared with them.
Stripe
Stripe's Privacy Policy: stripe.com/privacy
We use Stripe as our payment processor. If you purchase Pulsedive Enterprise, your financial information may be shared and stored with Stripe.
Quickbooks Online (QBO)
Intuit's Privacy Policy: intuit.com/privacy
We use Quickbooks Online internally to track our finances. If you've purchased Pulsedive Enterprise, relevant financial, contact, and organizational information may be stored in Quickbooks Online.
Typeform
Typeform's Privacy Policy: admin.typeform.com/to/dwk6gt/
We may use Typeform to collect information for payment requests. If you’ve sent a request for an alternate payment for Pulsedive Enterprise through Typeform, your responses to our questionnaire are saved in Typeform. Responses are periodically deleted from Typeform about every 3 months.
Third Party Integrations
You have the ability to use our native third-party integrations with third-party services after you provide your third-party API key to Pulsedive. For us to deliver this functionality, we must share your third-party API key with the respective third-parties, which are listed below.
VirusTotal
Privacy Policy: support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy
Shodan
Privacy Policy: account.shodan.io/privacy
AbuseIPDB
Privacy Policy: abuseipdb.com/legal
External Links
Our Services may contain links to third-party websites or resources. They may also contain comments and/or posts with non-anchored linked URLs. These links are not bound by this Privacy Policy and may be subject to different terms. We are not responsible for information collected upon visiting these links.
Public Information
Information you provide in your Pulsedive Enterprise instance is not displayed publicly.
Laws and Legal Requirements
Notwithstanding anything to the contrary in this Privacy Policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our or our users’ rights or property. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
Merger or Acquisition
In the event that Pulsedive is involved in a merger, acquisition, exclusive licensing transaction, or asset sale, we may disclose or transfer any information collected, including your personal information, to our prospective counterparty.
How do we protect your data?
This section covers some of the security controls and practices that we have in place in order to protect your data. This is not an exhaustive list.
"Need-To-Know"
We avoid collecting information we don't need or use. Information on data processing is outlined in the sections above.
Encrypted Communications
Our services will always operate over HTTPS to protect communications to and from Pulsedive. You can read more on HTTPS
here.
Password Storage
Your password is obfuscated securely using the bcrypt password hashing algorithm and a randomly generated salt. You can read more on password hashing and bcrypt
here.
Input Sanitation
We implement best practices to sanitize all unsafe inputs across our technology stack to prevent successful attacks such as cross-site scripting attacks and JavaScript injection.
Prepared Statements
All of our database statements are executed as prepared statements to prevent successful attacks such as SQL injection.
How do we use cookies?
A cookie is a small data file that is transferred to your device when you visit a website. You can read more on browser cookies
here. This section describes how we use cookies.
Although most web browsers automatically accept cookies, some browsers’ settings can be modified to decline cookies or alert you when a website is attempting to place a cookie on your computer or mobile device. Blocking or disabling cookies will prevent Pulsedive Enterprise from logging you in and maintaining your session. Pulsedive Enterprise will not function properly without this functionality.
Login Session
We use cookies to retain a unique session identifier that allows us to keep your login session open. This is required to access and use some features in Pulsedive Enterprise.
Your rights, and how to exercise them
Every user is entitled to certain data protection rights, which are listed below along with an explanation of how to reasonably exercise them.
Accessing Your Data
You can access your Pulsedive Enterprise account information, submission data, web logs, and API logs via the Account page in your Pulsedive Enterprise instance.
You may request the export of additional data if you are the designated owner of your Enterprise instance by emailing support@pulsedive.com. Before fulfilling such requests, we will review each request for feasibility of fulfillment and compliance with applicable laws, regulations, and executed agreements. We will approve or deny requests on a case-by-case basis. Please include the following information in your request:
- Name
- Proof of authorization, which may include written consent from the designated point-of-contact or instance owner
- Company name and Enterprise instance
- Reason for request
- Type of data requested
- Mechanism or process for delivery of data
In the event of Pulsedive’s bankruptcy, insolvency, liquidation, or similar proceedings, we will make commercially reasonable efforts to preserve your data and respond to data export requests in compliance with any internal company policies, applicable laws and regulations, and executed agreements.
Updating Your Data
You can update your Pulsedive Enterprise account information (under certain conditions), including your email address, job title, organization name, and password via the Account page in your Pulsedive Enterprise instance.
You may request that your Pulsedive Enterprise username be changed by contacting us. We may deny this request for security, compliance, or auditing purposes.
You can update your billing and financial information by contacting us.
Deleting Your Data
Some of your Pulsedive Enterprise information can be modified and removed via the Account page in your Pulsedive Enterprise instance, including your job title and company.
You can delete your Pulsedive Enterprise account, and all associated data that is not kept for compliance purposes, security purposes, record-keeping, request tracking, and other legitimate and reasonable purposes, via the Account page in your Pulsedive Enterprise instance.
Withdrawing Consent for Data Processing
You can withdraw consent for data processing, under certain conditions, by deleting your Pulsedive Enterprise account.
Government Information Requests
Pulsedive may disclose your information to a legal authority if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our or our users’ rights or property. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
Unless Pulsedive is prohibited from doing so or there is an indication of illegal conduct or risk of harm, Pulsedive will make reasonable efforts to notify you of the request before disclosing your information so that you may seek legal remedies.
Information requests from legal authorities should be directed to support@pulsedive.com and must include the following information:
- Requesting party
- Reason for request and relevant criminal matter
- Customer or user name, email, username, and/or IP address
- Type of data requested
Policy Updates
This Privacy Policy may be updated at any time, with or without notice. Updates will be reflected in the Privacy Policy in your Pulsedive Enterprise instance. Only the most current version of this Privacy Policy will govern our data processing and sharing activities. By continuing to use our Services, you agree to be bound by the latest revision of this Privacy Policy.
We may attempt to communicate updates to the Privacy Policy via our services in compliance with international data protection and processing regulations and contractual obligations.