Privacy Policy

Last updated: 2023-06-14 Contact: support@pulsedive.com You may also contact us via the Contact form. Please be sure to read our Terms of Service, which governs your use of our services. This Privacy Policy covers topics related to your personal data, including:

What data we collect from you
How we use this data
Who we share the data with
Our security practices
Your rights as a user

Definitions

"We," "our," "us," "Pulsedive" refers to Pulsedive LLC. "You," "yourself," "your" means users and clients of Pulsedive and our services, defined below. "Services" means all websites, APIs, products, subscriptions, and any other paid and free services and software developed, produced, provided by, and otherwise created by Pulsedive, and furnished to you through pulsedive.com. "Content" refers to any information, text, reports, graphics, links, audio, photos, videos, or other materials uploaded, downloaded, or appearing on the Services. "Personal data" means any information relating to an identified or identifiable natural person. "Data processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Consent and Lawful Processing

By using and accessing our services, you agree that you have read, understood, and consent to be bound by the latest revision of this Privacy Policy, as well as our Terms of Service, which governs your use of our services. There may be certain conditions that are not based on consent where data processing is deemed lawful and necessary. Such conditions are summarized below and may differ by jurisdiction.

Anonymization and Non-Personal Information

Processing of data that is anonymized, or otherwise cannot be used to identify you, is not considered personal data and is outside the scope of this Privacy Policy.

Legal Obligations

Data processing may be necessary for compliance with certain legal obligations.

Performance of a Contract

Data processing may be necessary for the performance of an agreement with you.

Legitimate Interests

Data processing may be necessary for the purposes of legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

Security

Data processing may be necessary for our security, for example to protect our services from abuse or performance degradation, or to enforce data limits for our services.

What data do we collect, and how?

While you're using Pulsedive, we collect data from you. Some data is collected automatically, while other data you may provide voluntarily.

Technical Data

This is data that we collect automatically when you access Pulsedive and any of our services. Since some of the technical data we collect may be used to identify an individual, it is considered personal information. We collect the following technical data automatically:

IP address
Browser user-agent
Session cookie
User ID*
API key*

* Your API key and user ID are collected only if you have an account with Pulsedive.

Account Data

This is data that you provide to us when you create a Pulsedive account. Account data includes:

Email address
Username
Password
Job title (optional)
Company (optional)

Financial Data

When you purchase a service from Pulsedive, you are required to provide financial data to provide payment. Financial data includes:

First name
Last name
Payment information such as credit card or bank details
Billing email address, if different than your Pulsedive account email address
In some cases, we may require you to provide your billing address

Pro Integrations Data

If you are a Pulsedive Pro user, you have the ability to use our native Pro integrations with third-party services such as VirusTotal. You must provide your API key for the third-party services you wish to use. This functionality is completely optional.

Contributor Vetting Data

When you apply to be a Pulsedive Contributor, we ask you for additional information so we can verify your identity and experience in handling threat intelligence data. This process is completely optional. Contributor vetting data includes:

Email address
US state or country
Company
Job title

Contact Information

When you contact us via email or the Contact form, you must provide an email address for us to respond to you.

How do we use your data?

This section covers how we use the data we collect from you.

User Analytics

We use your browsing activity on our services to understand how our users engage with Pulsedive. This guides our decision-making for new features and UX enhancements, and helps us identify potential issues with our services. We use Google Analytics and Plausible to measure, correlate, and analyze service activity. We send details like your IP address and browser user-agent to understand demographic data like general geographic location (city, country) and how users are accessing our services. Your IP address is anonymized after it is sent to Google Analytics and Plausible, but before it is stored. Once the IP is anonymized, it cannot be used to identify you and is thus no longer considered personal information. We use the existing browser session cookie to tie together events from the same user session, so no cookies from Google Analytics or Plausible are stored on your device. After you create an account with Pulsedive, we may send your user ID to Google Analytics and Plausible to understand how individuals are using our services. When you register with Pulsedive, you provide explicit consent to process your data for this purpose.

Rate Limiting

We use your user ID, API key, IP address, and session cookie to limit your user requests to our services. Data processing for this purpose is necessary to enforce data limits for our services, as well as to protect our infrastructure from degradation from too many concurrent user requests.

Security Logging and Troubleshooting

We store your IP address, browser user-agent, session cookie, API key, and user ID, as well as request details like the pages you visit, automatically while you use our services. This is necessary for security purposes, including detecting infiltration attempts and abuse, and for identifying problems with the operation of our services.

User Registration

We use the account data you provide during user registration to create your Pulsedive account. You provide explicit consent for this purpose when you register with Pulsedive.

Customer Support and Communication

We may use your technical and account data to resolve customer support requests that you submit, to reply to your feedback and other requests, or to otherwise communicate important account updates with you.

Purchases

We use the financial data you provide during the purchase process to execute a financial transaction for granting you the necessary access to use our services. Data processing for this purpose is necessary for compliance with certain legal obligations, and to fulfill an agreement with you.

User Submissions

If you choose to submit content to Pulsedive, we will use that data to improve our data set. This data will be made available through our free and premium services. Read our Terms of Service for more information. You provide explicit consent for this purpose when you register with Pulsedive.

Pro Integrations

We use third-party API keys that you provide for the Pulsedive Pro integrations functionality in order to fetch data from these third-party services on your behalf. This functionality is completely optional. Data processing for this purpose is necessary to fulfill an agreement with you.

Contributor Requests

If you submit a request to be a Pulsedive Contributor, we will ask for information such as your email address, your US state or country of residence, the company you work for, your job title, and your responsibilities so we can verify your identity and experience in handling threat intelligence data. For elevated access to modify Pulsedive data, Contributors must have accountability for making changes. This process is completely optional, and you are able to submit content to Pulsedive without being a Contributor. Data processing for this purpose is necessary for security purposes, to fulfill an agreement with you, and for legitimate interests.

Marketing

With your explicit written consent, we may use your name, job title, or company information to promote our services.

How do we store your data?

This section covers how we store data that we process ourselves. Data may be stored via other means once it is shared with third parties; data sharing is covered in the next section.

Country

Pulsedive is a US-based company. Our main storage locations are located in the United States of America.

Database

Web logs, API logs, account data, submission data, and Pro integrations data are all stored in our database.

Backups

We periodically perform backups of our database and storage volumes where the database resides.

Infrastructure

Our infrastructure resides with our hosting provider, DigitalOcean.

How do we share your data?

This section summarizes what we share or reserve the right to share with other parties.

Google Analytics

Google's Privacy Policy: policies.google.com/privacy We use Google Analytics to help us understand how our users interact with and discover our services. This in part guides our decision-making and helps us identify issues. We share your IP address with Google Analytics, which is then anonymized before it is stored. Once the IP address is anonymized, it is no longer considered personal information as it can not be used to identify you. If you are a registered user, we may share your user ID with Google Analytics to better understand how you use our services. The user ID is a pseudonymized identifier generated by Pulsedive. Only Pulsedive admins are able to tie a user ID back to a user account.

Plausible

Plausible's Privacy Policy: plausible.io/privacy We use Plausible to help us understand how our users interact with and discover our services. This in part guides our decision-making and helps us identify issues. We share your IP address with Plausible, which is then anonymized before it is stored. Once the IP address is anonymized, it is no longer considered personal information as it can not be used to identify you. If you are a registered user, we may share your user ID with Plausible to better understand how you use our services. The user ID is a pseudonymized identifier generated by Pulsedive. Only Pulsedive admins are able to tie a user ID back to a user account.

Google Workspace

Google's Privacy Policy: policies.google.com/privacy We use Google Workspace and Google Drive internally to keep track of customers, sales cycles, user requests, legal documents, and more. This is done both for compliance purposes and to enable us to run our business efficiently. If you create a Pulsedive account, purchase a Pulsedive service, or provide your contact information to us, your information may be stored in internal documents that are uploaded to Google Drive, modified with Google Docs or Google Sheets, or otherwise shared with Google via similar means.

Monday

Monday's Privacy Policy: monday.com/privacy We use Monday internally as a project management tool, and to keep track of customers, sales cycles, user requests, and more. This helps us to run our business efficiently. If you create a Pulsedive account, purchase a Pulsedive service, or provide your contact information to us, your information may be stored in Monday items or internal documents that are uploaded to Monday.

SendGrid

Twilio's Privacy Policy: twilio.com/privacy We use SendGrid to send automated emails, including registration emails, password recovery emails, and more. In order for us to send automated emails using SendGrid, your email address must be shared with them.

Stripe

Stripe's Privacy Policy: stripe.com/privacy We use Stripe as our payment processor. If you purchase a Pulsedive premium service, your financial information will be shared and stored with Stripe.

Quickbooks Online (QBO)

Intuit's Privacy Policy: intuit.com/privacy We use Quickbooks Online internally to track our finances. If you've purchased a Pulsedive service, your contact information and company may be stored in Quickbooks Online.

Typeform

Typeform's Privacy Policy: admin.typeform.com/to/dwk6gt/ We use Typeform to collect information for Contributor requests. If you've applied to become a Pulsedive Contributor, your responses to our questionnaire is saved in Typeform. Responses are periodically deleted from Typeform about every 3 months.

Pro Integrations

If you are a Pulsedive Pro user, you have the ability to use our native Pro integrations with third-party services after you provide your third-party API key to Pulsedive. For us to deliver this functionality, we must share your third-party API key with the respective third-parties, which are listed below. VirusTotal Privacy Policy: support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy Shodan Privacy Policy: account.shodan.io/privacy AbuseIPDB Privacy Policy: abuseipdb.com/legal

External Links

Our services may contain links to third-party websites or resources. They may also contain comments and/or posts with non-anchored linked URLs. These links are not bound by this Privacy Policy and may be subject to different terms. We are not responsible for information collected upon visiting these links.

Public Information

Some information you provide may be publicly displayed on our services. Such publicly displayed information is limited to your username and job title if provided, and any content you submit or upload to our services. We reserve the right to share such public information with any party. You can remove or change your job title from your account settings at any time to remove it from or change it in our services.

Laws and Legal Requirements

Notwithstanding anything to the contrary in this Privacy Policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our or our users’ rights or property. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.

Merger or Acquisition

In the event that Pulsedive is involved in a merger, acquisition, exclusive licensing transaction, or asset sale, we may disclose or transfer any information collected, including your personal information, to our prospective counterparty.

How do we protect your data?

This section covers some of the security controls and practices that we have in place in order to protect your data. This is not an exhaustive list.

"Need-To-Know"

We avoid collecting information we don't need or use. Information on data processing is outlined in the sections above.

Encrypted Communications

Our services will always operate over HTTPS to protect communications to and from Pulsedive. You can read more on HTTPS here.

Password Storage

Your password is obfuscated securely using the bcrypt password hashing algorithm and a randomly generated salt. You can read more on password hashing and bcrypt here.

Input Sanitation

We implement best practices to sanitize all unsafe inputs across our technology stack to prevent successful attacks such as cross-site scripting attacks and JavaScript injection.

Prepared Statements

All of our database statements are executed as prepared statements to prevent successful attacks such as SQL injection.

How do we use cookies?

A cookie is a small data file that is transferred to your device when you visit a website. You can read more on browser cookies here. This section describes how we use cookies. Although most web browsers automatically accept cookies, some browsers’ settings can be modified to decline cookies or alert you when a website is attempting to place a cookie on your computer or mobile device. Blocking or disabling cookies will prevent Pulsedive from logging you in and maintaining your session. Many of our services will not function properly without this functionality.

Login Session

We use cookies to retain a unique session identifier that allows us to keep your login session open. This is required to access some features of our services.

Fraud Detection

Stripe, our payment processor, uses cookies for fraud detection. You can learn more about the cookies that Stripe stores on your device in their Privacy Center.

User Analytics

Your rights, and how to exercise them

Every user is entitled to certain data protection rights, which are listed below along with an explanation of how to reasonably exercise them.

Accessing Your Data

You can access your account information, financial information (under certain conditions), submission data, web logs, and API logs via your Account page.

Updating Your Data

You can update your account information and financial information (under certain conditions), including your email address, billing email address, credit card information, job title, organization name, and password via the Account page. You may request that your username be changed by contacting us. We may deny this request for security, compliance, or auditing purposes. If you've purchased a Pulsedive service through a separate agreement, reseller, or any means other than our Purchase page, you can update your billing and financial information by contacting us.

Deleting Your Data

Some of your information can be modified and removed via the Account page, including your job title and company. You can delete your account, and all associated data that is not kept for compliance purposes, security purposes, record-keeping, request tracking, and other legitimate and reasonable purposes, via the Account page.

Withdrawing Consent for Data Processing

You can withdraw consent for data processing, under certain conditions, by deleting your Pulsedive account and cancelling all purchased Pulsedive services.

Policy Updates

This Privacy Policy may be updated at any time, with or without notice. Any updates will be reflected here. Only the most current version of this Privacy Policy will govern our data processing and sharing activities. By continuing to use our services, you agree to be bound by the latest revision of this Privacy Policy. We may attempt to communicate updates to the Privacy Policy via our services in compliance with international data protection and processing regulations.