Privacy policy
Last updated: May 15, 2026
This Privacy Policy explains how PulsarAI, Inc. ("PulsarAI", "we", "us", "our") collects, uses, discloses, and protects personal data when you visit pulsarai.ai (the "Site"), use the PulsarAI software-as-a-service platform (the "Service"), or otherwise interact with us.
By using the Site or the Service, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use the Site or the Service.
1. Summary
In short: we collect the data we need to run the Site and provide the Service, we don't sell personal data, and we don't use personal data for advertising. Customers who connect their Snowflake account to the Service remain the data controller for the data in their Snowflake account; PulsarAI processes that data only on the customer's instructions.
2. Information we collect
2.1 Information you provide
We collect information you submit directly:
- Account and identity — your name, work email, company, job title, and authentication identity (Firebase Authentication user ID) when you sign up, request a demo, or sign in.
- Communications — any message you send us via forms, email, or other channels, including support tickets.
- Billing — billing contact, tax information, and payment details (processed by our payment processor; we do not store full payment card numbers).
- Operator data — for personnel granted access to the operator dashboard, we store your UID in an allowlist along with audit-trail metadata about administrative actions you take.
2.2 Information collected automatically
When you interact with the Site or the Service, we automatically collect:
- Usage data — pages or screens you view, links you click, features you use, and referring URLs.
- Device and connection data — IP address, browser type and version, operating system, device identifiers, and approximate location derived from IP address.
- Log data — server logs of requests (timestamp, status code, endpoint) for security, debugging, and abuse prevention.
We use Plausible Analytics for site analytics. Plausible is privacy-friendly: it does not use cookies, does not track users across sites, and does not collect any data that can be used to identify an individual.
2.3 Information processed on customer instructions
When customers connect their Snowflake account to the Service, we process operational metadata from that account — query fingerprints, warehouse utilization, role grants, user identifiers, query history metadata — for the purposes the customer has configured. We do not access customer query results or table contents unless a customer-configured workflow explicitly produces them as output.
PulsarAI acts as a processor (under GDPR) or service provider (under CCPA) with respect to this data. The customer is the controller / business and is responsible for the lawfulness of the data they connect.
3. How we use information
We use personal data to:
- Provide, operate, maintain, and improve the Site and the Service
- Authenticate users and protect against unauthorized access
- Respond to demo requests, support inquiries, and other communications
- Send service-related notices (security alerts, billing notices, product updates relating to features you use)
- Detect, investigate, and prevent fraud, abuse, or violations of our terms
- Generate aggregate, de-identified analytics about how the Site and the Service are used
- Comply with legal obligations, enforce our agreements, and protect our rights and the rights of others
We will not use personal data for purposes that are materially different from those described above without first providing notice and, where required, obtaining consent.
4. How we share information
We do not sell personal data. We share personal data in the limited circumstances described below.
4.1 Service providers ("sub-processors")
We engage trusted third-party providers to help us operate the Service. These providers process personal data on our behalf, under contractual confidentiality and security obligations:
| Provider | Purpose |
|---|---|
| Google Cloud Platform / Firebase | Hosting, authentication, database, functions |
| Plausible Analytics | Privacy-friendly site analytics |
| Email delivery provider | Transactional and marketing email |
| Customer support tooling | Ticket management and inbox |
| Payment processor | Subscription billing |
A current list of sub-processors is available on request. Enterprise customers may sign a Data Processing Addendum (DPA) that includes additional contractual protections.
4.2 Legal and safety
We may disclose personal data if required to do so by law or in the good-faith belief that disclosure is necessary to:
- Comply with a legal obligation, subpoena, or court order
- Protect and defend the rights or property of PulsarAI
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of users of the Service or the public
We will challenge overbroad requests where appropriate and notify affected customers unless prohibited by law.
4.3 Business transfers
If PulsarAI is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected customers via email or a prominent notice on the Site before the transfer takes effect.
4.4 With your consent
We may share personal data with your consent or at your direction.
5. Data retention
We retain personal data only as long as needed for the purposes described in this Policy, or as required by law.
| Category | Retention |
|---|---|
| Demo-request submissions | 24 months from submission |
| Server access logs | 90 days |
| Customer account data | For the duration of the subscription |
| Customer Snowflake metadata | Per the customer's contract; deleted within 30 days of termination |
| Billing records | 7 years, per tax and accounting obligations |
| Marketing-list email addresses | Until you unsubscribe |
When we no longer have a business reason to retain personal data, we will delete or anonymize it, except where retention is required to comply with legal obligations, resolve disputes, or enforce our agreements.
6. Your rights and choices
Depending on where you live, you may have the rights described in this section. To exercise any right, email privacy@pulsarai.ai. We will respond within the timeframes required by applicable law (generally 30 days, with one possible extension).
6.1 General rights
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate or incomplete data.
- Deletion — ask us to delete your personal data (subject to legal retention obligations).
- Portability — receive your data in a structured, commonly used, machine-readable format.
- Objection — object to certain types of processing (such as direct marketing).
- Withdraw consent — where processing is based on your consent, you may withdraw it at any time.
We may need to verify your identity before fulfilling certain requests.
6.2 EEA, UK, and Switzerland
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or its UK / Swiss equivalents apply.
The data controller is PulsarAI, Inc. We process personal data on the following legal bases:
- Contractual necessity — to provide the Service you requested
- Legitimate interests — security, abuse prevention, product improvement, and customer communications, where those interests are not overridden by your fundamental rights
- Legal obligation — to comply with applicable law
- Consent — where required, such as for certain marketing communications
You have the right to lodge a complaint with your local supervisory authority.
6.3 California (CCPA / CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the CPRA:
- The right to know what personal information we collect, use, disclose, and (where applicable) sell or share
- The right to delete personal information we have collected
- The right to correct inaccurate personal information
- The right to opt out of the "sale" or "sharing" of personal information
- The right to limit the use and disclosure of sensitive personal information
- The right not to be discriminated against for exercising these rights
We do not "sell" or "share" personal information as those terms are defined under the CCPA. We do not knowingly collect "sensitive personal information" beyond what is needed to authenticate users and operate the Service.
6.4 Other US states
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others as those laws come into effect) have rights similar to those described above. Submit requests via the same channels.
7. International transfers
PulsarAI is based in the United States and processes personal data primarily in the United States. If you access the Service from outside the United States, your personal data will be transferred to, processed in, and stored in the United States or other countries where our service providers operate.
For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or, where applicable, the EU–US Data Privacy Framework. A copy of the relevant safeguards is available on request.
8. Security
We take security seriously. Our measures include:
- Encryption of data in transit (TLS) and at rest (AES-256 or equivalent)
- Role-based access controls and least-privilege principles
- Regular security reviews, dependency patching, and penetration testing
- Audit logging of administrative actions
- Incident-response procedures and breach-notification protocols
- SOC 2 Type II audit in progress
No security program is perfect. If you believe you have discovered a vulnerability, please report it responsibly to security@pulsarai.ai.
9. Cookies and tracking
The Site uses a small number of strictly necessary cookies for authentication and session state. We do not use cookies for advertising or cross-site tracking. We do not use third-party analytics providers that set cookies on your device.
You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent you from signing in to the operator dashboard.
We do not respond to Do Not Track ("DNT") signals at this time, because there is no industry-standard interpretation of them. We treat all users consistently with the practices described in this Policy regardless of DNT setting.
10. Children
The Site and the Service are not directed to children under 16, and we do not knowingly collect personal data from children under 16. If we learn that we have collected such data, we will delete it. If you believe a child has provided personal data to us, contact us at privacy@pulsarai.ai.
11. Third-party links
The Site may contain links to third-party websites. We are not responsible for the privacy practices of those websites, and this Policy does not apply to them. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to this policy
We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Site and updating the "Last updated" date above. For material changes that affect customers, we will additionally notify designated account contacts by email.
Your continued use of the Site or the Service after the effective date of an updated Policy constitutes your acceptance of the changes.
13. Contact
For questions, requests, or complaints about this Policy or our privacy practices:
- Email: privacy@pulsarai.ai
- Security disclosures: security@pulsarai.ai
- Mail: PulsarAI, Inc. · Mailing address
If you are located in the EEA or UK, you may also contact our data-protection representative at the same email address.
This Policy is reviewed periodically and updated as our practices or applicable law evolve. For the most current version, refer to this page.