Privacy Policy

Last updated: April 8, 2026

1. Introduction

Pulsyr ("we," "us," or "our") operates the work dashboard application available at pulsyr.in. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. Pulsyr offers two plans: Hosted (we manage the database) and Own DB (you bring your own Supabase project). In both cases, your operational data is isolated and protected.

2. Data We Collect

2.1 Purchase Information

When you purchase a Pulsyr license, we collect:

  • Your name, email address, company name, and team size
  • Razorpay order ID and payment ID (not card/UPI details — those stay with Razorpay)

This information is used to create your license, send credentials via email, and manage your subscription. Purchase records are logged in Google Sheets for order management.

2.2 Supabase Credentials (Own DB Plan)

If you use the Own DB plan, you submit your Supabase project credentials (Project URL, anon key, service role key, and database password). These are stored in our master database and used to:

  • Provision your database schema (create tables, policies, indexes)
  • Connect your dashboard to your database

The service role key is stored in an HTTP-only cookie on your browser for authenticated API calls. We do not use these credentials to access, read, or extract your operational data.

2.3 Hosted Plan Data

If you use the Hosted plan, we manage the database on your behalf. Your operational data (tasks, messages, finances, etc.) is stored in a shared Supabase project with team-level isolation. Each team's data is separated using team IDs and row-level security policies. We have administrative access to this database for maintenance purposes but do not access your data unless required for support.

2.4 API Keys and Integrations

We store the following optional credentials that you provide:

  • Groq API key — stored in your profile for AI features. You can remove it anytime from Settings.
  • Google Drive OAuth tokens — stored in browser cookies for file storage. Revoke access from your Google account settings.
  • Slack OAuth tokens — stored in browser cookies for notifications. Disconnect anytime from Settings.

2.5 Meeting Room Guests

When external guests join a Meeting Room, we collect their name and email address for OTP verification. OTP codes are hashed before storage. Guest session tokens are stored in HTTP-only cookies (30-day expiry). Chat messages between hosts and guests are stored in the database.

2.6 Your Operational Data

All data you create through the dashboard — tasks, financial records, calendar events, timesheet entries, goals, notes, chat messages (DMs, channels, groups), leave requests, meeting room conversations, and files — is stored in your database (your own Supabase project for Own DB, or our managed database for Hosted). The Pulsyr frontend communicates directly with the database from the browser.

3. How Data Is Stored

Pulsyr offers two storage models:

Own DB Plan

  • Your operational data lives in your own Supabase project that you create and control.
  • We store your Supabase credentials (URL, keys, database password) in our master database to provision and connect your dashboard.
  • The dashboard connects directly from your browser to your database — our servers are not involved in day-to-day data access.
  • You have full, direct access to your database through Supabase's own dashboard at all times.

Hosted Plan

  • Your data is stored in a Supabase project managed by us.
  • Each team's data is isolated using team IDs and row-level security. No team can see another team's data.
  • We have administrative access to the database for maintenance and support.
  • You can export your data as CSV at any time.

Both Plans

  • Row-level security (RLS) policies ensure each user can only access their own data.
  • Admins can manage users, approve leaves, and view team timesheets, but cannot access personal finance, notes, or private messages.
  • All database connections use SSL/TLS encryption.
  • Passwords are hashed — we never store or see plain-text passwords.

4. Payment Data

Payments are processed securely by Razorpay, a PCI-DSS compliant payment gateway. We do not collect, store, or have access to your credit card number, debit card number, UPI PIN, net banking credentials, or any other payment instrument details. Razorpay handles all payment processing, and we only receive confirmation of successful payment along with a transaction identifier. For Razorpay's privacy practices, please refer to Razorpay's Privacy Policy.

5. Cookies and Local Storage

Pulsyr uses browser localStorage and cookies:

localStorage (your device only)

  • License key and company info — to connect to your database.
  • Theme, accent color, sidebar preferences — to persist visual settings.
  • Groq API key — cached locally for AI features.
  • Slack notification preferences — which categories to notify.
  • Demo mode flag — if using the demo version.

HTTP-only Cookies

  • pulsyr_srk — Supabase service role key for authenticated API calls (30-day expiry, strict same-site).
  • Google Drive tokens — OAuth access/refresh tokens for file storage.
  • Slack tokens — OAuth tokens for notifications.
  • Meeting room session tokens — guest authentication for meeting rooms (30-day expiry).

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. Supabase sets its own cookies for authentication as part of its standard client library.

6. Third-Party Services

Pulsyr integrates with the following third-party services. Each integration is optional and initiated by you:

Supabase

Provides your isolated PostgreSQL database and user authentication. Your data is stored in Supabase's infrastructure according to their security and privacy policies. You maintain full ownership and control of your Supabase project.

Razorpay

Handles payment processing for license purchases. Razorpay collects and processes payment information according to their own privacy policy and PCI-DSS requirements.

Resend

We use Resend to send transactional emails (e.g., license key delivery, setup instructions) from noreply@pulsyr.in. We share your email address with Resend solely for the purpose of delivering these communications.

Google Drive

If you enable the Google Drive integration, files you upload through the dashboard are stored in your own Google Drive account. Pulsyr does not store copies of these files. Access is governed by your Google account permissions.

Slack

If you enable the Slack integration, Pulsyr sends notifications about tasks, goals, finance, and other activity to your configured Slack workspace. Only notification content is sent — your underlying data remains in your database.

Google Sheets

We use Google Sheets internally to log purchase transactions for our own record-keeping. This includes your name, email, company name, team size, and license details. This data is not shared publicly.

Groq

Powers the AI Tools feature (summaries, email drafts, action parsing). When you use AI features, your prompt and relevant work context are sent to Groq's API for processing. You can use our shared key (20 requests/day) or provide your own free Groq API key for unlimited usage. Your API key is stored in your profile in the database.

7. Data Ownership

You own all data created through Pulsyr. We do not claim any ownership or intellectual property rights over your data.

  • Own DB plan: Your data lives in your Supabase project. You have full direct access via Supabase dashboard, SQL editor, and API. Export via CSV or direct database queries anytime.
  • Hosted plan: Your data is in our managed database but is still yours. Export via CSV from every tab. If you cancel, contact us to receive a full data export.
  • Your data is stored in standard PostgreSQL format and is fully portable.

8. Data Deletion and Cancellation

You have full control over data deletion:

  • Own DB: Delete records from the dashboard, use "Reset All Data" (admin only), or manage directly via Supabase. If you cancel, your database remains untouched.
  • Hosted: Admin can clear data from the dashboard. If you cancel, contact us for a data export or deletion.
  • Admins can clear individual user data or delete users entirely from Manage Users.
  • Meeting room data can be deleted by the host by removing the room.
  • To request deletion of your purchase information (name, email, company) from our records, contact us at pulsyr.in/#contact. We process requests within 30 days.

We store Supabase credentials (URLs, keys, database passwords) for Own DB customers in our master database. These are deleted when you delete your license. If you want immediate credential removal, contact us.

9. Data Security

We take reasonable measures to protect the information we handle:

  • All connections use SSL/TLS encryption (HTTPS).
  • User passwords are hashed by Supabase — we never see or store plain-text passwords.
  • Service role keys are stored in HTTP-only, same-site cookies — not accessible to client-side JavaScript.
  • Meeting room OTP codes are SHA-256 hashed before storage.
  • Row-level security (RLS) policies enforce data isolation at the database level.
  • API routes validate authentication before any destructive operation.
  • External URLs (Supabase credentials) are validated to only accept legitimate Supabase domains.

However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Pulsyr is a business productivity tool intended for use by professionals and organizations. We do not knowingly collect personal information from children under the age of 18. If you believe a child has provided us with personal information, please contact us and we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please reach out using our contact form at pulsyr.in/#contact.