Privacy Policy

1. Overview

At Pulse For Good, privacy is fundamental to our mission of enabling safe feedback collection for vulnerable populations. This Privacy Policy explains how we collect, use, protect, and handle information in connection with our services.

This policy applies to:

• Our feedback collection platform and kiosks
• Our website (pulseforgood.com) and online services
• Our application dashboard
• Communications with our team
• Any other services we provide

2. Information We Collect

2.1 Customer Information

For organizations using our services, we may collect:

• Contact information (name, email, phone)
• Organization details (name, address, type)
• Account and billing information
• Technical information for system setup and support

2.2 Website Visitor Information

When you visit our website, we automatically collect certain information through cookies and similar technologies, including:

• Pages visited, navigation paths, and time spent on pages
• Browser type, version, and device information
• Operating system and screen resolution
• IP address (used for approximate geographic location at the country/region level)
• Referral source (how you arrived at our site)
• Interactions with forms, buttons, and other page elements

This data is collected through the third-party services described in Section 3 and Section 4 below.

2.3 Form Submissions

When you submit a form on our website (such as a demo request, contact form, or assessment), we collect the information you provide, which may include:

• Name and email address
• Phone number
• Organization name, type, and size
• Role and areas of interest
• Any additional information you choose to provide

Form submissions are processed through Netlify (our hosting provider) and HubSpot (our CRM platform).

2.4 What We Don't Collect

We explicitly do NOT collect:

• Personal identifiers from feedback respondents
• Detailed location tracking (GPS or precise coordinates)
• Unnecessary personal information
• Data that could re-identify anonymous feedback providers

3. Cookies and Tracking Technologies

3.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They help websites function properly, remember your preferences, and understand how visitors interact with the site. We also use similar technologies such as pixels, local storage, and scripts.

3.2 Types of Cookies We Use

Essential Cookies

Required for basic website functionality. These cannot be disabled.

• Session management and security
• Form submission processing
• Load balancing and site performance

Analytics Cookies

Help us understand how visitors interact with our website so we can improve the experience.

• Google Analytics — Tracks page views, session duration, bounce rates, and user flow through the site. Uses cookies such as _ga, _ga_*, and _gid. Data is aggregated and does not personally identify you.

Marketing and Functional Cookies

Used for customer relationship management, live chat, and advertising measurement.

• HubSpot — Tracks visitor interactions for marketing analytics and enables live chat functionality. Uses cookies such as __hssc, __hssrc, __hstc, hubspotutk, and messagesUtk.
• LinkedIn Insight Tag — Measures the effectiveness of our LinkedIn advertising campaigns and provides anonymized demographic insights about site visitors. Uses the li_sugr, bcookie, and lidc cookies, as well as a tracking pixel.

3.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View and delete existing cookies
• Block all or certain types of cookies
• Set preferences for specific websites

Please note that blocking certain cookies may affect website functionality. You can also opt out of specific services:

• Google Analytics: Install the Google Analytics Opt-Out Browser Add-on
• LinkedIn: Adjust your settings at LinkedIn Ad Preferences
• HubSpot: You may opt out of HubSpot tracking by disabling cookies in your browser

4. Third-Party Services

We use the following third-party services to operate our website and application. Each service has its own privacy policy governing how it handles data.

4.1 Google Analytics (Website)

We use Google Analytics 4 to understand website traffic and usage patterns. Google Analytics collects data about your visit including pages viewed, time on site, and general location. This data is used in aggregate to improve our website.

• Data collected: Page views, session data, device info, approximate location
• Purpose: Website performance analysis and improvement
• Privacy policy: Google Privacy Policy

4.2 HubSpot (Website and CRM)

We use HubSpot for customer relationship management, marketing analytics, form processing, and live chat support. HubSpot tracks website visitor activity to help us understand engagement and provide better customer service.

• Data collected: Page views, form submissions, chat conversations, email interactions
• Purpose: CRM, marketing analytics, customer support, form processing
• Privacy policy: HubSpot Privacy Policy

4.3 LinkedIn Insight Tag (Website)

We use the LinkedIn Insight Tag to measure the effectiveness of our LinkedIn advertising campaigns and gain anonymized demographic insights about our website visitors.

• Data collected: Page URL, referrer URL, device and browser info, IP address (for geographic targeting), LinkedIn member demographics (aggregated)
• Purpose: Advertising measurement and audience insights
• Privacy policy: LinkedIn Privacy Policy

4.4 FullStory (Application)

We use FullStory within our application dashboard to understand how users interact with the platform. FullStory records user sessions to help us identify usability issues and improve the product experience. FullStory is not used on our public-facing website.

• Data collected: Clicks, scrolls, page navigation, form interactions within the application
• Purpose: Product analytics, usability improvement, bug identification
• Privacy policy: FullStory Privacy Policy

4.5 VideoAsk (Website)

We use VideoAsk to provide interactive video-based communication on our website.

• Data collected: Video responses (if provided), interaction data
• Purpose: Interactive visitor engagement
• Privacy policy: VideoAsk Privacy Policy

4.6 Netlify (Website Hosting)

Our website is hosted on Netlify, which processes form submissions and serves website content.

• Data collected: Form submission data, server access logs
• Purpose: Website hosting and form processing
• Privacy policy: Netlify Privacy Policy

5. Anonymous Feedback Data

5.1 Technical Safeguards

We implement multiple layers of anonymity protection:

• No collection of names, contact information, or other direct identifiers
• IP address masking and session isolation
• Temporal data randomization to prevent timing-based identification
• Aggregated reporting that prevents individual response identification

5.2 Feedback Content

Anonymous feedback responses may include:

• Survey responses and ratings
• Written comments and suggestions
• Service experience descriptions
• General demographic categories (when voluntarily provided)

5.3 Metadata Protection

Even technical metadata is protected:

• Timestamps are aggregated into broader time ranges
• Location data is limited to facility-level (not specific kiosks)
• Session data is immediately purged after submission

6. How We Use Information

6.1 Customer Information Use

We use customer information to:

• Provide and improve our services
• Communicate about your account and our services
• Provide technical support
• Process billing and payments
• Comply with legal obligations

6.2 Website Analytics Use

We use website analytics data to:

• Understand how visitors find and use our website
• Improve website content, navigation, and performance
• Measure the effectiveness of marketing campaigns
• Identify and fix technical issues

6.3 Anonymous Feedback Use

Anonymous feedback is used to:

• Generate insights and reports for customer organizations
• Improve service quality for vulnerable populations
• Identify systemic issues and trends (in aggregate only)
• Support research and improvement initiatives (de-identified)

6.4 Service Improvement

Aggregated, non-identifiable data helps us:

• Improve our platform and user experience
• Develop new features and capabilities
• Enhance security and privacy protections
• Support industry best practices development

7. Data Sharing and Disclosure

7.1 Customer Organizations

Anonymous feedback data is shared with customer organizations in aggregated reports that:

• Cannot identify individual respondents
• Include appropriate statistical protections
• Maintain minimum threshold requirements for reporting
• Follow trauma-informed presentation practices

7.2 Service Providers

We share data with the third-party service providers listed in Section 4. These providers:

• Help us operate and improve our services
• Are bound by their own privacy policies and data processing agreements
• Process data only for the purposes described in this policy

7.3 Legal Requirements

We may disclose information when required by law, but will:

• Notify affected parties when legally permissible
• Limit disclosure to legally required information only
• Challenge overly broad requests when appropriate
• Protect anonymous feedback data to the fullest extent possible

7.4 No Sale of Personal Data

We do not sell, rent, or trade personal information or anonymous feedback data to any third party for their own marketing or commercial purposes.

8. Data Security

8.1 Technical Security

We implement industry-leading security measures:

• End-to-end encryption for all data transmission
• Encrypted storage with advanced key management
• Regular security audits and penetration testing
• Multi-factor authentication for all accounts
• Regular security training for all staff

8.2 Access Controls

Data access is strictly controlled:

• Role-based access with minimum necessary permissions
• Comprehensive audit logging of all data access
• Regular access reviews and updates
• Immediate revocation of access when no longer needed

8.3 Incident Response

In the event of a security incident, we will:

• Immediately contain and investigate the incident
• Notify affected parties within 72 hours when required
• Cooperate with relevant authorities
• Implement additional safeguards to prevent recurrence

9. Regulatory Compliance

9.1 Healthcare Privacy (HIPAA)

Pulse For Good is HIPAA compliant. Our system is designed to minimize Protected Health Information (PHI) exposure by default — anonymous feedback collection means PHI is not captured in the normal course of operation.

• We enter into Business Associate Agreements (BAA) when applicable
• Our architecture minimizes PHI exposure by collecting feedback anonymously without personal identifiers
• Anonymous feedback cannot be linked to patient records
• End-to-end encryption and access controls protect all data in transit and at rest
• Compliance documentation and security questionnaire responses available upon request

9.2 International Privacy Laws (GDPR)

For international data processing:

• We process data only for legitimate business purposes
• Obtain appropriate consent when required
• Respect data subject rights including access and deletion
• Maintain appropriate cross-border transfer protections

9.3 State and Local Regulations

We stay current with evolving privacy regulations:

• California Consumer Privacy Act (CCPA) compliance
• State healthcare privacy requirements
• Local government privacy standards
• Industry-specific regulatory requirements

10. Data Retention

10.1 Customer Data

Customer account and organizational data is retained:

• For the duration of the business relationship
• Plus additional periods required by law or contract
• With secure deletion upon contract termination (where permitted)

10.2 Website Analytics Data

Website analytics data is retained according to each service provider's default retention periods:

• Google Analytics data is retained for 14 months
• HubSpot contact and activity data is retained for the duration of our subscription
• LinkedIn Insight data is retained for up to 180 days by LinkedIn

10.3 Anonymous Feedback Data

Anonymous feedback is retained to:

• Enable longitudinal analysis and trend identification
• Support ongoing service improvement for vulnerable populations
• Meet customer organization reporting and compliance needs
• Contribute to research on trauma-informed care practices

10.4 Deletion Procedures

When data is deleted:

• We use secure deletion methods that prevent recovery
• All copies including backups are removed
• Deletion is verified through our audit systems
• Certificate of deletion provided when requested

11. Your Rights

11.1 Customer Organization Rights

As a customer organization, you have the right to:

• Access your account and organizational data
• Request correction of inaccurate information
• Request deletion of your data (subject to legal requirements)
• Receive a copy of your data
• Restrict certain processing activities

11.2 Website Visitor Rights

As a website visitor, you have the right to:

• Opt out of analytics tracking (see Section 3.3 for instructions)
• Disable cookies through your browser settings
• Request information about data we hold about you
• Request deletion of any personal data collected through forms

11.3 Feedback Respondent Protection

For anonymous feedback providers:

• No personal data is collected that could identify them
• Feedback cannot be traced back to individuals
• They may request general information about our practices
• They can report concerns about our privacy practices

11.4 Exercising Your Rights

To exercise privacy rights:

• Contact us using the information below
• Provide verification of your identity and authority
• Specify the exact nature of your request
• Allow reasonable time for us to respond (typically 30 days)

12. Updates and Changes

12.1 Policy Updates

This privacy policy may be updated to:

• Reflect changes in our services or practices
• Address new privacy regulations
• Improve clarity and transparency
• Respond to feedback from users and stakeholders

12.2 Notification Process

When we update this policy:

• We will post the updated version on our website
• Material changes will be communicated directly to customers
• The effective date will be clearly indicated
• Previous versions will be archived for reference