Privacy Policy

Last updated: May 2026

    Your privacy matters to us. Pulse collects only what is necessary to provide the service and never sells your data to third parties. This policy explains every category of information we collect — including the ticket, payment, and bank-account data we handle when you organise paid events or buy tickets.
  

1. Information We Collect

Account data. When you create an account, we collect:

Name, username, and email address
Date of birth (to verify you are 18 or older)
Gender and location (to personalise your experience)
Profile photo (optional)
Content you post, messages you send, and groups you join

Event & ticketing data. When you buy a ticket or organise a paid event, we additionally collect:

Buyers — the events you've RSVP'd to or bought tickets for, the QR token and check-in status of each ticket, your refund-request history, and any messages exchanged with the organiser.
Organisers — your bank name, bank account number, and account-holder name (collected only when you add them via the Payout card or Settings). These details are used solely to send payouts. We snapshot them onto each payout request at submit time, so the bank info attached to in-flight requests is fixed even if you later edit your settings.
Sponsor credits — Organisers may attach an optional "Sponsored by" line to an event. This is free text the Organiser enters and is shown publicly on the event detail screen and on the public landing page at heypulse.io/events/{id}.
Public RSVP posts — If you opt in to "Share my RSVPs" in Settings → Privacy, registering for a free event or buying a ticket creates a public "I'm going" post on your followers feed showing the event title, banner, and date.

Payment data. Card details are entered directly into Paystack's hosted checkout and are never stored on Pulse servers. We record the Paystack reference, the amount, the currency, the timestamp, and (for refunds) the refund reference — enough to reconcile the transaction but not enough to charge your card.

Technical data. We automatically collect device type, operating system, IP address, app version, and app usage patterns to improve performance and security.

2. How We Use Your Information

To create and manage your account
To provide the community feed, groups, messaging, dating, events, and ticketing features
To send you transactional emails — verification, password reset, ticket confirmations (with the QR-code PDF attached), event reminders 24-48 hours before each event you hold a ticket for, refund updates, payout updates, and new-device login alerts
To process payouts to your bank account when you organise a paid event
To detect and prevent fraud, abuse, chargebacks, and safety violations
To improve and develop the Pulse platform

3. Sharing Your Information

We do not sell your personal data. We share data only with:

Paystack — to process ticket payments and refunds. Paystack receives the ticket amount, currency, and a metadata blob (event_id, user_id, tier_id, quantity) on each transaction. For refunds we share the original payment reference. Card details flow through Paystack directly and never touch Pulse.
Service providers — Cloudinary (image storage), Railway (cloud hosting), Resend (email delivery, including ticket PDFs), Expo (push notifications), Google Maps / OpenStreetMap (event location autocomplete). These providers are contractually bound to protect your data.
Other users — Your public profile, posts, and group activity are visible to other Pulse users. Direct messages are private between participants. Events you organise are visible according to their visibility setting (private = members only; city/public = anyone in the city or globally).
Buyers and Organisers — Your name as it appears on your Pulse profile is shown to the Organiser on their buyer list and to door staff during check-in. The Organiser sees the count of refund requests, the time of each check-in, and any reason text you provide when requesting a refund.
Pulse staff (payouts) — Our payouts team (currently a single internal address, payouts@heypulse.io) receives an email containing the requested amount, the organiser's username and email, and the bank-account snapshot whenever a payout is requested. This is necessary to process the bank transfer.
Law enforcement — Only when required by law or to protect the safety of our users.

4. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal information is anonymised within 30 days, with the following exceptions:

Transaction records — Ticket purchases, refunds, and payout records are retained for 7 years for accounting, tax, and chargeback-defence purposes. The records are anonymised against your profile but retain the underlying financial data.
Bank-account snapshots on completed payouts are retained for the same 7-year window.
Encrypted legal archive — Core account info (email hash, username, deletion date) is retained for 7 years in case of law-enforcement requests.

5. Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data (for bank details, edit them anytime from Settings)
Request deletion of your account and data
Object to or restrict certain processing
Data portability — request a copy of your tickets and payout history in machine-readable form

To exercise these rights, contact us at privacy@heypulse.io.

6. Children's Privacy

Pulse is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has registered, we will immediately delete their account.

7. Cookies and Tracking

The Pulse mobile app does not use cookies. The public landing pages (heypulse.io, /events/{id}, /scan) use functional cookies only — for example to remember a staging-vs-production preference. We use anonymous analytics to understand how users interact with the app and the landing pages. No personally identifiable information is used for advertising purposes.

8. Security

We use industry-standard measures including encrypted data transmission (HTTPS/TLS), hashed passwords, access controls, and audit logs to protect your information. Bank-account details are stored encrypted at rest in our Postgres database (Railway). Ticket QR tokens are unique 10-character codes and are validated server-side at each scan. We log every check-in, refund, and payout for audit purposes. No system is completely secure, and we cannot guarantee absolute security.

9. Third-Party Links

Pulse may contain links to third-party websites or services (event venues, sponsor mentions, social profiles). We are not responsible for the privacy practices of those third parties.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. Continued use of Pulse after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: privacy@heypulse.io
Payout / bank-details queries: payouts@heypulse.io
Website: heypulse.io