Privacy & Data
What we collect, what we don't, and how your data is handled.
What We Collect
When someone visits a site with the Pulse Tower embed script, we collect:
| Data | Example |
|---|---|
| Page path | /blog/hello-world |
| Referrer | google.com |
| Device type | mobile, desktop, or tablet |
| Browser | chrome, safari, etc. |
| Screen width bucket | sm, md, lg, etc. |
| Country | US, GB (inferred from timezone, not IP) |
That's it. All data is aggregate and anonymous.
What We Don't Collect
- ✗No cookies. We never set cookies of any kind.
- ✗No IP addresses. IPs are never stored, hashed, or logged.
- ✗No fingerprinting. We don't use canvas, WebGL, or any fingerprinting technique.
- ✗No personal data. We can't identify individual visitors. There are no user IDs, session IDs, or tracking pixels.
- ✗No cross-site tracking. Each site is isolated. We never correlate visitors across different sites.
Opting Out of Tracking
Site visitors or team members can stop tracking in their browser by opening the console and running: localStorage.pulse_ignore = "true". This disables all pageview and event tracking in that browser.
Do I Need a Cookie Banner?
No. Pulse Tower does not use cookies or collect personal data, so no consent banner is required under GDPR, CCPA, or PECR. You can add Pulse Tower to your site without updating your privacy policy (though mentioning it is always a good practice).
Integration Data
When you connect Stripe or GitHub:
- API keys and OAuth tokens are encrypted with AES-256-GCM before storage
- Keys never appear in client-side code, URLs, or logs
- Revenue and activity data is fetched on-demand and displayed only to workspace members
- You can revoke access at any time by deleting the key in Stripe or revoking the OAuth app in GitHub