Privacy Policy

1.Who We Are

Pulsar is an AI-powered e-commerce analytics platform operated by GetJuicy Ltd (“we”, “us”, “our”). Our registered address is in England and Wales. We are the data controller for personal data collected through pulsardash.com and our associated services.

For data protection queries, contact us at: luke@getjuicy.co.uk

2.What Data We Collect

2.1 Account Data

When you register for Pulsar we collect:

• Your name and email address
• Business name and website URL
• Billing information (processed securely via Stripe — we do not store card details)
• Login credentials (passwords are hashed and never stored in plain text)

2.2 Integration Data

When you connect third-party platforms to Pulsar, we access data from those platforms on your behalf. This includes:

For detailed information about how we handle data received from Google APIs, including our compliance with Google's Limited Use requirements, see Section 6 below.

2.3 First-Party Attribution Pixel Data

If you install the Pulsar attribution pixel on your Shopify store, we collect:

• Anonymous visitor identifiers (stored in first-party browser localStorage — no third-party cookies)
• UTM parameters, Google click IDs (gclid), and Meta click IDs (fbclid) from ad traffic
• Page views, add-to-cart events, and purchase events on your storefront
• Referrer URLs and landing page URLs
• Approximate IP address (used for fraud detection only, not stored permanently)
• Browser user agent strings

2.4 Usage Data

We collect information about how you use Pulsar, including:

• Pages visited within the dashboard
• Features used and report types generated
• Session duration and login frequency
• Error logs and performance data

2.5 Communication Data

If you contact us by email or through any support channel, we retain those communications to provide support and improve our service.

3.How We Use Your Data

We use your data for the following purposes:

• To provide, operate, and maintain the Pulsar platform
• To process your subscription and manage billing via Stripe
• To connect and sync your third-party integrations
• To generate AI-powered insights and analytics reports using Claude AI (Anthropic)
• To send transactional emails including account confirmations, billing receipts, and security alerts
• To send product updates and feature announcements (you may unsubscribe at any time)
• To improve and develop new features based on aggregated, anonymised usage patterns
• To detect, investigate, and prevent fraudulent or unauthorised activity
• To comply with our legal obligations

3.1 AI Processing

Pulsar uses Claude AI, developed by Anthropic, to generate insights from your connected data. Data submitted to our AI layer is processed in accordance with Anthropic's data processing terms. We do not use your business data to train Anthropic's models. Insights generated are specific to your account and not shared with other users.

4.Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data on the following legal bases:

5.Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following categories of trusted third parties, each bound by appropriate data processing agreements:

5.1 Infrastructure and Hosting

• Vercel — hosting and edge functions (pulsardash.com)
• Neon — PostgreSQL database hosting
• Tinybird — high-volume analytics event processing (pixel data)

5.2 Payment Processing

Stripe — all payment processing. Pulsar never stores card details. Stripe's Privacy Policy applies to payment data.

5.3 AI Processing

Anthropic — Claude AI is used to generate insights from your aggregated platform data.

5.4 Third-Party Integrations

When you connect platforms such as Shopify, Google, Meta, Bing, or Klaviyo, you are subject to those platforms' own privacy policies in addition to this one. Pulsar acts as a data processor on your behalf when accessing these integrations.

5.5 Legal Requirements

We may disclose your data if required by law, court order, or to protect the rights and safety of Pulsar, our users, or the public.

6.Google API Services User Data

This section specifically addresses Google API Services User Data Policy requirements. It describes in precise detail how Pulsar accesses, uses, stores, shares, and deletes Google user data obtained via OAuth 2.0.

6.1 Google User Data Accessed by Pulsar

Pulsar accesses Google user data exclusively through OAuth 2.0 with the user's explicit consent. The user must actively connect their Google account through Pulsar's integration settings. We request only the minimum scopes necessary to provide the analytics service.

Google Analytics 4 (GA4)

Scope: https://www.googleapis.com/auth/analytics.readonly

• Sessions: total sessions, session source/medium, session duration
• Users: new users, returning users, user acquisition source
• Traffic sources: organic search, paid search, direct, referral, social channel breakdown
• Conversions: conversion events, conversion rates by channel
• Pages: landing pages, page views, bounce rate
• E-commerce: transactions, revenue, average order value (where GA4 e-commerce is configured)

Google Ads

Scope: https://www.googleapis.com/auth/adwords

• Campaign performance: impressions, clicks, cost, conversions per campaign
• Ad spend: total spend by campaign, ad group, and keyword
• ROAS: return on ad spend calculated from cost and conversion value data
• CPA: cost per acquisition per campaign
• Keywords: keyword-level performance data including quality scores
• Account structure: campaign names, ad group names, ad types

Google Search Console

Scope: https://www.googleapis.com/auth/webmasters.readonly

• Search queries: keywords driving impressions and clicks to the merchant's store
• Impressions: total search impressions per keyword and page
• Clicks: click-through counts per keyword and page
• CTR: click-through rate per keyword
• Average position: average ranking position per keyword in Google Search
• URL performance: per-page breakdown of search performance metrics

6.2 How Pulsar Uses Google User Data

Google user data is used exclusively for the following purposes within the Pulsar platform:

Dashboard Reporting

GA4, Google Ads, and Search Console data is displayed within the authenticated user's private Pulsar dashboard. This provides the merchant with a unified view of their traffic, ad performance, and organic search visibility alongside their Shopify revenue data. Each user sees only their own connected data.

AI-Powered Insights

Aggregated Google data is passed to Claude AI (Anthropic) to generate specific, actionable insights for the authenticated user. For example: identifying underperforming ad campaigns, flagging keyword ranking drops, or highlighting mismatches between ad spend and revenue. Data submitted to the AI layer is processed solely to generate insights for that specific user's account — it is not used to train AI models, benchmark against other users, or generate any output outside the user's own dashboard.

North Star Goal Tracking

Google Ads spend and GA4 conversion data is used to track progress against revenue and acquisition goals set by the user within Pulsar's goal-tracking feature.

Revenue Attribution

Google Ads click data (including gclid parameters) is used in conjunction with Pulsar's first-party attribution pixel and Shopify order data to calculate true ROAS — reconciling what Google Ads reports with actual orders completed in Shopify.

SEO Dashboard

Search Console data is displayed in Pulsar's SEO module to show keyword rankings, impression trends, and click-through rate performance over time.

6.3 How Google User Data Is Shared

Pulsar does not sell Google user data. Google user data is not shared with any third party for advertising, marketing, or commercial purposes. Limited sharing occurs only with the following trusted infrastructure providers, each bound by data processing agreements, and only to the extent necessary to provide the Pulsar service:

Infrastructure Providers

• Neon (PostgreSQL hosting) — processed Google data metrics are stored in the user's Pulsar account database. Neon is SOC 2 Type II certified and data is encrypted at rest.
• DigitalOcean — the Pulsar application server (Next.js) runs on a DigitalOcean Droplet. Google API responses are processed in memory and never written to DigitalOcean's storage directly.

AI Processing

Anthropic (Claude AI) — aggregated, non-personally-identifiable performance metrics derived from Google data (e.g. total ad spend, campaign names, keyword rankings) are submitted to Anthropic's API to generate insights. Raw Google OAuth tokens or user identity data are never transmitted to Anthropic. Anthropic processes this data subject to their data processing terms and does not use it to train models.

No Other Sharing

Google user data is not shared with:

• Any advertising networks or data brokers
• Other Pulsar customers or users
• Analytics or tracking platforms (e.g. we do not pass Google data to Segment, Mixpanel, or similar)
• Any party not listed above

Legal Disclosure

In the event we are required by law, court order, or regulatory authority to disclose Google user data, we will notify the affected user as promptly as permitted by law before doing so.

6.4 Data Storage and Security Practices

What Is Stored

Pulsar stores the following Google-derived data in the user's account database (Neon PostgreSQL):

What Is NOT Stored

• Google account passwords or recovery credentials
• Individual Google user identities or personal profile information
• Raw API response payloads beyond what is needed for dashboard metrics
• Google user data in any unencrypted form

Security Measures

• Encryption in transit: all data between Pulsar and Google APIs is transmitted over TLS 1.2+. All data between end users and pulsardash.com is transmitted over HTTPS with SSL termination at Nginx.
• Encryption at rest: all data stored in Neon PostgreSQL is encrypted at rest using AES-256.
• OAuth token security: Google OAuth refresh tokens are stored encrypted in the database. Access tokens are short-lived and never persisted to logs or application output.
• Minimum scope principle: Pulsar requests only read-only scopes and only the specific scopes required for each Google service. We do not request broader permissions than necessary.
• Access controls: production database access is restricted to the application server only. No third-party personnel have access to Google user data stored in Pulsar's database.
• Background sync isolation: daily data syncs run in an isolated background worker process and are not accessible via public API endpoints.
• No client-side exposure: Google OAuth tokens are never exposed to the browser or included in client-side JavaScript bundles.

6.5 Data Retention and User Deletion Rights

Retention Periods

• Google Ads metrics: retained while the subscription is active plus 90 days after cancellation
• GA4 metrics: retained while the subscription is active plus 90 days after cancellation
• Search Console metrics: retained while the subscription is active plus 90 days after cancellation
• Google OAuth tokens: deleted immediately when the user disconnects the Google integration or cancels their account — whichever is sooner
• Aggregated historical data: anonymised, aggregated trend data (e.g. total monthly revenue) may be retained beyond 90 days solely to maintain chart continuity for the user during their active subscription

How to Disconnect Google Integration

Users can disconnect their Google integrations at any time from within the Pulsar dashboard:

• Navigate to Settings → Integrations
• Select the Google integration (GA4, Google Ads, or Search Console) you wish to disconnect
• Click ‘Disconnect’ — this immediately revokes Pulsar’s OAuth token and stops all data syncing
• Stored metrics derived from that integration will be deleted within 30 days

You can also revoke Pulsar's access directly through your Google Account at myaccount.google.com/permissions . Revoking access there will prevent Pulsar from syncing new data. To ensure stored data is also deleted, please also disconnect the integration within Pulsar's settings or contact us directly.

Account Deletion

To request full deletion of your Pulsar account and all associated Google-derived data:

• Email luke@getjuicy.co.uk with the subject line ‘Account Deletion Request’
• Include the email address associated with your Pulsar account
• We will confirm deletion within 5 business days
• All Google-derived data, OAuth tokens, and account data will be permanently deleted within 30 days of the request

Data Export Before Deletion

Upon request, we will provide a CSV export of your stored Google-derived metrics before deletion. Submit export requests to luke@getjuicy.co.uk. Exports will be provided within 14 days.

6.6 Limited Use Compliance Statement

Pulsar's use of data obtained via Google APIs complies with the Google API Services User Data Policy , including the Limited Use requirements:

• Google user data is used only to provide or improve the Pulsar analytics service to the user
• Google user data is not transferred to third parties except as necessary to provide the service, with user consent, or as required by law
• Google user data is not used for serving advertisements
• Google user data is not used to allow humans to read the user's private data unless the user has explicitly consented, it is necessary for security purposes, or required by law
• Pulsar does not use Google user data to build or augment user profiles for any purpose unrelated to the Pulsar analytics service

7.Data Retention

• Account data is retained for the duration of your subscription plus 90 days after cancellation, after which it is permanently deleted
• Attribution pixel event data is retained for 24 months by default — you may request earlier deletion
• Billing records are retained for 7 years as required by UK financial regulations
• Aggregated, anonymised analytics data may be retained indefinitely as it cannot identify individuals

8.Your Rights Under UK GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, contact us at luke@getjuicy.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk .

9.Cookies

Pulsar uses the following cookies:

• Authentication cookies — essential for keeping you logged in to your dashboard
• Session cookies — temporary cookies that expire when you close your browser
• Preference cookies — remembering your dashboard settings and preferences

We do not use third-party advertising or tracking cookies on pulsardash.com. The Pulsar attribution pixel installed on merchant storefronts uses first-party localStorage only, not cookies.

10.Data Security

We implement industry-standard security measures including:

• All data encrypted in transit via TLS 1.2+
• Database encryption at rest via Neon's built-in encryption
• OAuth 2.0 for all third-party integrations — we never store your integration passwords
• OAuth credentials for Google integrations encrypted at rest using AES-256-GCM with unique initialisation vectors
• Passwords hashed using bcrypt with appropriate cost factors
• Regular security reviews and dependency updates
• Access to production data restricted to authorised personnel only

Despite these measures, no internet transmission is 100% secure. If you believe your account has been compromised, contact us immediately at luke@getjuicy.co.uk.

11.International Data Transfers

Pulsar is operated from the United Kingdom. Some of our third-party providers (including Vercel, Neon, Anthropic, and Stripe) may process data in the United States or other countries. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions where applicable.

12.Children's Privacy

Pulsar is a business analytics platform intended for use by adults operating commercial entities. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately.

13.Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by displaying a notice within the Pulsar dashboard. The updated policy will show a revised effective date at the top of this document. Continued use of Pulsar after notification constitutes acceptance of the updated policy.

14.Contact Us