Privacy Policy
Last updated: 2024-08-28
Contact:
support@pulsedive.com
You may also contact us via the Contact form.
Please be sure to read our
Terms of Service, which governs your use of our services.
This Privacy Policy covers topics related to your personal data, including:
- What data we collect from you
- How we use this data
- Who we share the data with
- Our security practices
- Your rights as a user
Definitions
"We," "our," "us," "Pulsedive" refers to Pulsedive LLC.
"You," "yourself," "your" means users and clients of Pulsedive and our services, defined below.
"Services" means all websites, APIs, products, subscriptions, and any other paid and free services and software developed, produced, provided by, and otherwise created by Pulsedive, and furnished to you through
pulsedive.com.
"Content" refers to any information, text, reports, graphics, links, audio, photos, videos, or other materials uploaded, downloaded, or appearing on the Services.
"Personal data" means any information relating to an identified or identifiable natural person.
"Data processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Consent and Lawful Processing
By using and accessing our services, you agree that you have read, understood, and consent to be bound by the latest revision of this Privacy Policy, as well as our
Terms of Service, which governs your use of our services.
There may be certain conditions that are not based on consent where data processing is deemed lawful and necessary. Such conditions are summarized below and may differ by jurisdiction.
Anonymization and Non-Personal Information
Processing of data that is anonymized, or otherwise cannot be used to identify you, is not considered personal data and is outside the scope of this Privacy Policy.
Legal Obligations
Data processing may be necessary for compliance with certain legal obligations.
Performance of a Contract
Data processing may be necessary for the performance of an agreement with you.
Legitimate Interests
Data processing may be necessary for the purposes of legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
Security
Data processing may be necessary for our security, for example to protect our services from abuse or performance degradation, or to enforce data limits for our services.
What data do we collect, and how?
While you're using Pulsedive, we collect data from you. Some data is collected automatically, while other data you may provide voluntarily.
Technical Data
This is data that we collect automatically when you access Pulsedive and any of our services. Since some of the technical data we collect may be used to identify an individual, it is considered personal information.
We collect the following technical data automatically:
- IP address
- Reverse DNS (PTR) record
- Browser user-agent
- Session cookie
- HTTP referer
- User ID*
- API key*
* Your API key and user ID are collected only if you have an account with Pulsedive.
Account Data
This is data that you provide to us when you create a Pulsedive account.
Account data includes:
- Email address
- Username
- Password
- Job title (optional)
- Company (optional)
Financial Data
When you purchase a service from Pulsedive, you are required to provide financial data to provide payment.
Financial data includes:
- First name
- Last name
- Payment information such as credit card or bank details
- Billing email address, if different than your Pulsedive account email address
- In some cases, we may require you to provide your billing address
Pro Integrations Data
If you are a
Pulsedive Pro user, you have the ability to use our native Pro integrations with third-party services such as
VirusTotal. You must provide your API key for the third-party services you wish to use. This functionality is completely optional.
Contributor Vetting Data
When you apply to be a Pulsedive Contributor, we ask you for additional information so we can verify your identity and experience in handling threat intelligence data. This process is completely optional.
Contributor vetting data includes:
- Email address
- US state or country
- Company
- Job title
Contact Information
When you contact us via email or the
Contact form, you must provide an email address for us to respond to you.
How do we use your data?
This section covers how we use the data we collect from you.
User Analytics
We use your browsing activity on our services to understand how our users engage with Pulsedive. This guides our decision-making for new features and UX enhancements, and helps us identify potential issues with our services.
We use
Plausible to measure, correlate, and analyze service activity. We send details like your IP address and browser user-agent to understand demographic data like general geographic location (city, country) and how users are accessing our services. Your IP address is anonymized after it is sent to Plausible, but before it is stored. Once the IP is anonymized, it cannot be used to identify you and is thus no longer considered personal information.
We use the existing browser session cookie to tie together events from the same user session, so no cookies from Plausible are stored on your device.
After you create an account with Pulsedive, we may send your user ID to Plausible to understand how individuals are using our services. When you register with Pulsedive, you provide explicit consent to process your data for this purpose.
Rate Limiting
We use your user ID, API key, IP address, and session cookie to limit your user requests to our services. Data processing for this purpose is necessary to enforce data limits for our services, as well as to protect our infrastructure from degradation from too many concurrent user requests.
Security Logging and Troubleshooting
We store your IP address and reverse DNS record, browser user-agent, session cookie, HTTP referer, API key, and user ID, as well as request details like the pages you visit, automatically while you use our services. This is necessary for security purposes, including detecting infiltration attempts and abuse, and for identifying problems with the operation of our services.
User Registration
We use the account data you provide during user registration to create your Pulsedive account. You provide explicit consent for this purpose when you register with Pulsedive.
Customer Support and Communication
We may use your technical and account data to resolve customer support requests that you submit, to reply to your feedback and other requests, or to otherwise communicate important account updates with you.
Purchases
We use the financial data you provide during the purchase process to execute a financial transaction for granting you the necessary access to use our services. Data processing for this purpose is necessary for compliance with certain legal obligations, and to fulfill an agreement with you.
User Submissions
If you choose to submit content to Pulsedive, we will use that data to improve our data set. This data will be made available through our free and premium services. Read our
Terms of Service for more information. You provide explicit consent for this purpose when you register with Pulsedive.
Pro Integrations
We use third-party API keys that you provide for the
Pulsedive Pro integrations functionality in order to fetch data from these third-party services on your behalf. This functionality is completely optional. Data processing for this purpose is necessary to fulfill an agreement with you.
Contributor Requests
If you submit a request to be a Pulsedive Contributor, we will ask for information such as your email address, your US state or country of residence, the company you work for, your job title, and your responsibilities so we can verify your identity and experience in handling threat intelligence data. For elevated access to modify Pulsedive data, Contributors must have accountability for making changes. This process is completely optional, and you are able to submit content to Pulsedive without being a Contributor. Data processing for this purpose is necessary for security purposes, to fulfill an agreement with you, and for legitimate interests.
Marketing
With your explicit written consent, we may use your name, job title, or company information to promote our services.
How do we store your data?
This section covers how we store data that we process ourselves. Data may be stored via other means once it is shared with third parties; data sharing is covered in the next section.
Country
Pulsedive is a US-based company. Our main storage locations are located in the United States of America.
Database
Web logs, API logs, account data, submission data, and Pro integrations data are all stored in our database.
Backups
We periodically perform backups of our database and storage volumes where the database resides.
Infrastructure
Our infrastructure resides with our hosting provider,
DigitalOcean.
How do we share your data?
This section summarizes what we share or reserve the right to share with other parties.
Plausible
Plausible's Privacy Policy: plausible.io/privacy
We use Plausible to help us understand how our users interact with and discover our services. This in part guides our decision-making and helps us identify issues.
We share your IP address with Plausible, which is then anonymized before it is stored. Once the IP address is anonymized, it is no longer considered personal information as it can not be used to identify you.
If you are a registered user, we may share your user ID with Plausible to better understand how you use our services. The user ID is a pseudonymized identifier generated by Pulsedive. Only Pulsedive admins are able to tie a user ID back to a user account.
Google Workspace
Google's Privacy Policy: policies.google.com/privacy
We use Google Workspace and Google Drive internally to keep track of customers, sales cycles, user requests, legal documents, and more. This is done both for compliance purposes and to enable us to run our business efficiently.
If you create a Pulsedive account, purchase a Pulsedive service, or provide your contact information to us, your information may be stored in internal documents that are uploaded to Google Drive, modified with Google Docs or Google Sheets, or otherwise shared with Google via similar means.
Monday
Monday's Privacy Policy: monday.com/privacy
We use Monday internally as a project management tool, and to keep track of customers, sales cycles, user requests, and more. This helps us to run our business efficiently. If you create a Pulsedive account, purchase a Pulsedive service, or provide your contact information to us, your information may be stored in Monday items or internal documents that are uploaded to Monday.
SendGrid
Twilio's Privacy Policy: twilio.com/privacy
We use SendGrid to send automated emails, including registration emails, password recovery emails, and more. In order for us to send automated emails using SendGrid, your email address must be shared with them.
Stripe
Stripe's Privacy Policy: stripe.com/privacy
We use Stripe as our payment processor. If you purchase a Pulsedive premium service, your financial information will be shared and stored with Stripe.
Quickbooks Online (QBO)
Intuit's Privacy Policy: intuit.com/privacy
We use Quickbooks Online internally to track our finances. If you've purchased a Pulsedive service, your contact information and company may be stored in Quickbooks Online.
Typeform
Typeform's Privacy Policy: admin.typeform.com/to/dwk6gt/
We use Typeform to collect information for Contributor requests. If you've applied to become a Pulsedive Contributor, your responses to our questionnaire is saved in Typeform. Responses are periodically deleted from Typeform about every 3 months.
Pro Integrations
If you are a
Pulsedive Pro user, you have the ability to use our native Pro integrations with third-party services after you provide your third-party API key to Pulsedive. For us to deliver this functionality, we must share your third-party API key with the respective third-parties, which are listed below.
VirusTotal
Privacy Policy: support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy
Shodan
Privacy Policy: account.shodan.io/privacy
AbuseIPDB
Privacy Policy: abuseipdb.com/legal
External Links
Our services may contain links to third-party websites or resources. They may also contain comments and/or posts with non-anchored linked URLs. These links are not bound by this Privacy Policy and may be subject to different terms. We are not responsible for information collected upon visiting these links.
Public Information
Some information you provide may be publicly displayed on our services. Such publicly displayed information is limited to your username and job title if provided, and any content you submit or upload to our services. We reserve the right to share such public information with any party.
You can remove or change your job title from your account settings at any time to remove it from or change it in our services.
Laws and Legal Requirements
Notwithstanding anything to the contrary in this Privacy Policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our or our users’ rights or property. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
Merger or Acquisition
In the event that Pulsedive is involved in a merger, acquisition, exclusive licensing transaction, or asset sale, we may disclose or transfer any information collected, including your personal information, to our prospective counterparty.
How do we protect your data?
This section covers some of the security controls and practices that we have in place in order to protect your data. This is not an exhaustive list.
"Need-To-Know"
We avoid collecting information we don't need or use. Information on data processing is outlined in the sections above.
Encrypted Communications
Our services will always operate over HTTPS to protect communications to and from Pulsedive. You can read more on HTTPS
here.
Password Storage
Your password is obfuscated securely using the bcrypt password hashing algorithm and a randomly generated salt. You can read more on password hashing and bcrypt
here.
Input Sanitation
We implement best practices to sanitize all unsafe inputs across our technology stack to prevent successful attacks such as cross-site scripting attacks and JavaScript injection.
Prepared Statements
All of our database statements are executed as prepared statements to prevent successful attacks such as SQL injection.
How do we use cookies?
A cookie is a small data file that is transferred to your device when you visit a website. You can read more on browser cookies
here. This section describes how we use cookies.
Although most web browsers automatically accept cookies, some browsers’ settings can be modified to decline cookies or alert you when a website is attempting to place a cookie on your computer or mobile device. Blocking or disabling cookies will prevent Pulsedive from logging you in and maintaining your session. Many of our services will not function properly without this functionality.
Login Session
We use cookies to retain a unique session identifier that allows us to keep your login session open. This is required to access some features of our services.
Fraud Detection
Stripe, our payment processor, uses cookies for fraud detection. You can learn more about the cookies that Stripe stores on your device in their
Privacy Center.
User Analytics
We use your browsing activity on our services to understand how our users engage with Pulsedive. This guides our decision-making for new features and UX enhancements, and helps us identify potential issues with our services.
We use
Plausible to measure, correlate, and analyze service activity. We send details like your IP address and browser user-agent to understand demographic data like general geographic location (city, country) and how users are accessing our services. Your IP address is anonymized after it is sent to Plausible, but before it is stored. Once the IP is anonymized, it cannot be used to identify you and is thus no longer considered personal information.
We use the existing browser session cookie to tie together events from the same user session, so no cookies from Plausible are stored on your device.
After you create an account with Pulsedive, we may send your user ID to Plausible to understand how individuals are using our services. When you register with Pulsedive, you provide explicit consent to process your data and use cookies for this purpose.
Your rights, and how to exercise them
Every user is entitled to certain data protection rights, which are listed below along with an explanation of how to reasonably exercise them.
Accessing Your Data
You can access your account information, financial information (under certain conditions), submission data, web logs, and API logs via your
Account page.
Updating Your Data
You can update your account information and financial information (under certain conditions), including your email address, billing email address, credit card information, job title, organization name, and password via the
Account page.
You may request that your username be changed by
contacting us. We may deny this request for security, compliance, or auditing purposes.
If you've purchased a Pulsedive service through a separate agreement, reseller, or any means other than our Purchase page, you can update your billing and financial information by
contacting us.
Deleting Your Data
Some of your information can be modified and removed via the
Account page, including your job title and company.
You can delete your account, and all associated data that is not kept for compliance purposes, security purposes, record-keeping, request tracking, and other legitimate and reasonable purposes, via the
Account page.
Withdrawing Consent for Data Processing
You can withdraw consent for data processing, under certain conditions, by deleting your Pulsedive account and cancelling all purchased Pulsedive services.
Government Information Requests
Pulsedive may disclose your information to a legal authority if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our or our users’ rights or property. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
Unless Pulsedive is prohibited from doing so or there is an indication of illegal conduct or risk of harm, Pulsedive will make reasonable efforts to notify you of the request before disclosing your information so that you may seek legal remedies.
Information requests from legal authorities should be directed to support@pulsedive.com and must include the following information:
- Requesting party
- Reason for request and relevant criminal matter
- Customer or user name, email, username, and/or IP address
- Type of data requested
Policy Updates
This Privacy Policy may be updated at any time, with or without notice. Any updates will be reflected here. Only the most current version of this Privacy Policy will govern our data processing and sharing activities. By continuing to use our services, you agree to be bound by the latest revision of this Privacy Policy.
We may attempt to communicate updates to the Privacy Policy via our services in compliance with international data protection and processing regulations.