Your privacy is our foundation
SecurePulse ("we", "us", or "our") operates the SecurePulse website security scanning platform. This Privacy Policy describes how we collect, use, protect, and share information about you when you use our services.
We built SecurePulse with a security-first mindset — that same philosophy extends to how we handle your personal data. We collect only what we need, protect it with the same rigor we apply to website security, and never sell it to third parties.
The short version: We collect your email to create your account, your website URL to run scans, and basic usage data to improve our service. We don't sell your data. Ever.
Information we collect
We collect information you provide directly to us and information generated as you use our services.
Account Data
Name, email address, password hash, and billing information when you register or subscribe.
Scan Targets
Website URLs you submit for scanning and the resulting security reports generated.
Usage Data
Log files, IP addresses, browser type, pages visited, and feature interactions.
Payment Data
Billing details processed securely via Stripe. We never store raw card numbers.
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.
How your data is used
We use the information we collect for the following purposes:
- Service delivery — Running security scans, generating reports, and delivering alerts about vulnerabilities found on your websites.
- Communications — Sending scan results, security alerts, product updates, and account notifications. You can opt out of marketing emails at any time.
- Improvement — Analyzing usage patterns to improve our scanning accuracy, interface, and feature set.
- Security & compliance — Detecting fraud, abuse, and unauthorized access; complying with legal obligations.
- Support — Responding to your questions, troubleshooting issues, and providing technical assistance.
Who we share data with
We do not sell, trade, or rent your personal information. We may share data only in these limited circumstances:
Service Providers — Trusted third-party vendors who help us operate (hosting, payments via Stripe, email via Postmark, analytics via Plausible). All providers are contractually bound to protect your data.
Legal Requirements — If required by law, court order, or government regulation, we may disclose information. We will notify you unless prohibited by law.
Business Transfers — In the event of a merger or acquisition, user data may be transferred. You will be notified in advance with the option to delete your account.
We never share scan results or vulnerability reports from your websites with any third party. Your security data is yours alone.
Cookies & tracking
We use a minimal set of cookies strictly necessary for our service to function. We do not use third-party advertising or tracking cookies.
Essential cookies — Session authentication, CSRF protection tokens, and user preferences. These cannot be disabled without breaking the service.
Analytics — We use Plausible Analytics, a privacy-first tool that collects no personal data and uses no cookies. Aggregate traffic patterns only.
You can configure your browser to block or delete cookies at any time. This may affect certain features of the platform.
How we protect your data
We apply industry-leading security measures to protect your information — because a security company that doesn't secure its own data isn't worth trusting.
Encryption
All data in transit uses TLS 1.3. Data at rest is encrypted with AES-256.
Infrastructure
Hosted on SOC 2 Type II certified infrastructure with regular penetration testing.
Access Control
Role-based access, MFA required for all staff, and full audit logging.
Compliance
GDPR compliant, ISO 27001 certified, and independently audited annually.
Despite our measures, no system is 100% secure. If you discover a security issue, please disclose it responsibly at security@securepulse.io.
Your rights over your data
Under GDPR, CCPA, and applicable privacy laws, you have the following rights. We honor them without requiring legal justification.
- Access — Request a copy of all personal data we hold about you.
- Rectification — Correct inaccurate or incomplete data in your account at any time.
- Erasure — Request deletion of your account and all associated data ("right to be forgotten").
- Restriction — Ask us to pause processing your data while a dispute is resolved.
- Portability — Receive your data in a machine-readable format (JSON or CSV).
- Objection — Object to processing based on legitimate interests or direct marketing.
To exercise any of these rights, contact us at privacy@securepulse.io. We respond within 30 days.
How long we keep data
We retain personal data only as long as necessary for the purpose it was collected or as required by law.
Active accounts — Data retained for the duration of your account. Scan reports are kept for 12 months on free plans and 36 months on paid plans.
Deleted accounts — Account data is permanently deleted within 30 days of account closure. Anonymized aggregate data may be retained for statistical purposes.
Legal holds — Certain records may be retained longer if required by law (e.g., billing records for 7 years per tax regulations).
Children's privacy
SecurePulse is a professional security tool not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.
If you believe a child under 16 has provided us with personal data, please contact us immediately at privacy@securepulse.io and we will delete the information promptly.
Get in touch
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, our Data Protection team is here to help.
Data Protection Officer
SecurePulse Ltd · privacy@securepulse.io
Response time: within 2 business days
You also have the right to lodge a complaint with your local data protection authority. In the EU, find your authority at edpb.europa.eu.