Privacy Policy

Last Updated: October 17, 2025

Pulse Security AI Incorporated (“Pulse Security AI”, “we”, “us”, “our”) respects your right to privacy, and we are dedicated to securing and protecting any information we have about you. This Privacy Policy describes the ways we collect, use, and share information that relates to an identifiable individual (“Personal Data”) and also how you can exercise your rights under applicable privacy and data protection laws.

If you have any questions or concerns about our use of your Personal Data, or if you wish to exercise any of your privacy rights including the right to object (where applicable), then please contact us using the contact details under ‘How to Contact usʼ at section 12 below.

Pulse Security AI provides cybersecurity solutions, including an AI platform available as a software-as-a-service (“SaaS”) offering that augments security operations and automates threat detection and response for businesses. Pulse Security AI is headquartered in the United States.

For jurisdiction-specific provisions of this Privacy Policy see the ‘Jurisdiction-Specific Provisionsʼ at section 8 below.

We recommend that you read this Privacy Policy in full to ensure you are completely informed about Pulse Security AIʼs collection and use of your Personal Data.

1. Applicability of This Privacy Policy

This Privacy Policy describes how Pulse Security AI processes Personal Data collected from you or about you through our website at pulsesecurity.ai (our “Website”), the services we provide through our platform and applications (“Services”), and other interactions you have with Pulse Security AI.

Pulse Security AIʼs Services are offered to businesses, companies, and/or other entities for professional use (our “Customers”). We enter into customer agreements (for example, our platform agreement, pilot agreement, evaluation agreement, terms of service, data processing agreement, etc.) with our Customers. These agreements govern the delivery and use of the Services (the “Customer Agreement”). This Privacy Policy does not apply to any input or output generated on our online platform, or security data uploaded to our platform. We process this data on behalf of Customers and we call it (“Customer Data” and “Content”). Pulse Security AIʼs use of Customer Data and Content received through the Services is governed by the relevant Customer Agreement. Pulse Security AI processes Customer Data and Content received through the Services as a Data Processor so any queries related to this data should be directed to our Customers who are the Data Controllers.

This Privacy Policy governs where Pulse Security AI is the data controller responsible for the processing of the Personal Data.

2. Personal Data We Collect and Process

In the course of doing business, providing our Services, and through our website, we collect and receive Personal Data in different ways and from different sources. This Personal Data includes:

Information that you provide directly

We collect Personal Data directly from you when you create an account with us, otherwise use the Services, or interact with us via some other means. The Personal Data we collect includes:

a) Account Information: When you or your employer creates an account with us, we collect certain information associated with your account, including your name, email address, and information about your profession and professional experience, language preferences, account credentials, payment information, and transaction history (collectively, “Account Information”).

b) Communication Information: If you communicate with us, (for example when you contact us about our Services, when you complete a survey, when you interact with our website and help center, or when you request support) we collect your name, email address, information about your profession, customer survey responses, the way you interact with our communication and Services, and the contents of any messages you send (collectively “Communication Information”).

c) Social Media Information: We have pages on social media sites like X, YouTube, and LinkedIn. When you interact with our social media pages, we collect Personal Data that you choose to provide to us, such as your contact details and the contents of your messages or posts. In addition, third parties may provide us with aggregate information and analytics about our social media activity (collectively, “Social Media Information”).

Information that we collect automatically

We collect your personal data indirectly, including through automated means from your computer or device. This information includes:

a) Log Data: Information that your browser or device automatically sends when you use our Services or access our website. Log data includes your Internet Protocol Address (“IP Address”), browser information, the date and time of your request, and how you otherwise use certain features or interact with us (collectively “Log Data”).

b) Service usage data: When you interact with the Services, metadata is generated that provides additional context about your use of the Services. This includes your email address, data about how often you visit the website, how you interact with the Services, the amount of time spent engaging with the Services, the volume of queries you submit, the type of queries you submit, and the features interacted with (collectively “Usage Data”).

c) Cookies and Similar Technologies: We use cookies, scripts, or similar technologies (collectively “Cookies and Similar Technologies”) to manage the Services and to collect information about you and your use of the Services. A cookie is a small string of information that websites you visit transfer to your computer for identification purposes. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, understand your preferences, improve your website experience, and analyze the use of our Services to make them safer and more useful to you. For more details about how we use these Cookies and Similar Technologies, your opt-out controls, and other options please visit our Cookie Policy available at Cookie Policy.

d) Device Information: We also collect certain device- and connection-specific information when you install, access, or use our Services. This includes information such as the name of the device, operating system, device identifiers, and browser you are using (collectively “Device Information”). The specific Device Information collected will depend on the type of device you use and its settings.

Information we collect from third parties

We also receive certain information about you from our trusted partners, such as:

a) security partners to protect against fraud, abuse, and other security threats;

b) marketing vendors who provide us with information about potential customers of our services;

c) advertising vendors; and

d) event organizers (for example, trade shows, professional events, conferences, and seminars we attend) who may provide us with information about event attendees.

((a), (b), (c), and (d) collectively “Information Collected From Third Parties”).

Information that is publicly available

We collect publicly available information about customers and prospects to help offer and provide our Services.

We use publicly available information (for example, threat intelligence feeds, vulnerability databases, security advisories, etc.) to develop, train, and improve our AI platform (“Publicly Available Information”).

For more information on the sources of information used to train, maintain, and develop our AI platform and the steps we take to minimize the privacy impact on individuals, please contact us at privacy@pulsesecurity.ai.

3. How We Use Personal Data

We may use Personal Data covered by this Privacy Policy for the following purposes:

  • to provide and maintain our Services;

  • to develop, improve, and update our Services and new functionality;

  • to carry out and conduct research;

  • to personalize your use of our Services, applications, or platforms;

  • to provide customer support and resolve bugs, issues, or customer queries;

  • to communicate with you, including to send you information or marketing about our services and events;

  • to assess your eligibility for, and offer you or promote our services. Where allowed by law (including, where required, with your opt-in consent), we use and share your Personal Data with others so that we may market our services to you, including through interest-based advertising;

  • to prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services; and

  • to comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party.

  • We may aggregate or de-identify Personal Data so that You can no longer be identified and use the aggregated or de-identified data for the following purposes:

  • to investigate and study the effectiveness of our services;

  • to update and improve our services;

  • to conduct research; and

  • to share or publish aggregated information about usage of our services, for example on our blog or on social media (e.g. LinkedIn).

Please note that we do not attempt to reidentify this information unless required by law.

Details of the purposes for which we process Personal Data as a controller, and the legal bases we rely on for such processing in the European Economic Area and the United Kingdom, are set out in the ‘Jurisdiction-Specific Provisionʼ under the legal basis table.

4. Who We Share Your Personal Data With

We share your personal data with the following categories of recipients:

Our Affiliates: We will share Personal Data that we collect, such as Account Information, with any corporate affiliates. The information shared may be used for the purposes described in this Privacy Policy and generally to operate our business, including, processing for fraud prevention, payment processing, customer support, business development, user account administration, and IT, technical, and engineering support.

Trusted Partners and Service Providers: We may engage third-party companies or individuals as service providers to help us operate and support our business. These third parties may support Pulse Security AI in respect of a variety of business purposes including website and data hosting, research, auditing, marketing, customer support, and data processing. These third parties have limited access to your information, may use your information only to perform agreed tasks, and are prohibited from disclosing or using your information for other purposes. The types of third-party service providers that we work with include:

a) Linked Third-Party Websites or Plug-Ins: When you use third-party applications, such as security information and event management (SIEM) systems, and choose to connect your Pulse Security AI account with such external third-party applications. If you choose to connect your account to a third-party application, the providers of those services or products may receive information about you that Pulse Security AI, you, or others share with them. Please be aware that when you use third-party sites or services, their own terms and privacy policies will govern your use of those sites or services.

b) Vendors and Service Providers: To assist us with our business operations and to perform certain services and functions including providers of hosting services, email providers, sales support, customer support, authentication providers, financial services providers, communication providers, content delivery services, data warehouse services, and other information technology services providers.

c) Business Reorganization: In some cases, we may choose to reorganize our business (such as via a sale, merger, liquidation, receivership, or transfer of all or substantially all of
Pulse Security AIʼs assets). Your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction. If Pulse Security AI intends to transfer information about you, we will notify you.

d) Professional Advisors, Industry Partners, Authorities, Regulators, and other Entities: We may share your Personal Data with our advisors, accountants, consultants, regulators and tax authorities, law enforcement, government agencies, civil litigants, and other entities as reasonably necessary to:

  • comply with applicable law or regulations, court orders, subpoenas, legal process, or government requests;
  • detect, investigate, prevent, or address actual or suspected fraud, violations of Pulse Security AIʼs Terms, and other illegal activity or security and technical issues; or
  • protect the rights, property, and safety of our Customers, Pulse Security AI, or others, including to prevent harm or loss.

5. How We Keep Your Personal Data Secure

The security of your information is important to us. We implement technical and organizational measures designed to protect your Personal Data, including encryption, access controls, and regular security assessments.

6. International Data Transfers

In some cases, we may transfer your Personal Data to countries other than the country in which the Personal Data originates. These countries may have data protection laws that are different from the laws of your country.

When you access our website, or use our Services, your Personal Data may be transferred to our servers located in the US, or to other countries outside of the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”). This may be a direct provision of your Personal Data to us, or a transfer that we or a third party makes. Where Personal Data described in the ‘Personal Data We Collect and Processʼ section is transferred outside of the EEA, Switzerland, or the UK, we ensure it benefits from an adequate level of data protection by relying on:

Adequacy Decisions:

These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) where they recognize that a country outside of the EEA offers an adequate level of data protection. We transfer your Personal Data as described in ‘Personal Data We Collect and Processʼ to the United States under the Data Privacy Framework and other countries with adequacy decisions.

Standard Contractual Clauses:

For jurisdictions that are not deemed adequate, we rely on other lawful transfer mechanisms (‘appropriate safeguardsʼ) like the Standard Contractual Clauses as issued on 4 June 2021, under Article 46(2) GDPR, Article 46(2) of the UK equivalent GDPR, and the revised Federal Act on Data Protection for the transfer of personal data originating in Switzerland. We ensure the above-mentioned mechanisms are in place with our group companies and third-party service providers. For more information on the legal mechanisms, we rely on in respect of either data-sharing arrangement please reach out to us by email at privacy@pulsesecurityai.com.

Derogation or Exceptions:

In limited circumstances, we may rely on an exception, or ‘derogationʼ (under Article 49 GDPR), to transfer your Personal Data to such country despite the absence of an ‘adequacy decisionʼ or ‘appropriate safeguardsʼ – e.g., reliance on your explicit consent to that transfer or because it is necessary for the establishment, exercise, or defense of legal claims (including regulatory, administrative, or any out-of-court procedure, and seeking advice).

Data Privacy Framework:

We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Pulse Security AI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regards to the processing of personal data received from the European Union (“EU”) and UK in reliance on the EU-U.S. DPF and the UK Extension. We have similarly certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss U.S. DPF Principles”) with regards to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the UK Extension, or the Swiss-U.S. DPF Principles, the principles shall govern. To learn more about the EU – U.S. DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Commitment to Cooperate. In compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF, Pulse Security AI commits to cooperating and complying respectively with the advice of the panel established by the EU data protection authorities (“DPAs”) and the UK Information Commissionerʼs Office (“ICO”) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF.

Federal Trade Commission. The Federal Trade Commission has jurisdiction over Pulse Security AIʼs compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF.

Right to Arbitrate. You may, under certain conditions, invoke binding arbitration for complaints regarding Data Privacy Framework compliance. More details can be found here.

Accountability for Onward Transfers. We take responsibility for the processing of personal information we receive and subsequently transfer to a third party. In the case of an onward transfer, Pulse Security AI remains liable if such a third-party processes personal information in a way that is inconsistent with the Data Privacy Framework Principles, unless we can demonstrate that we were not responsible for the event that gave rise to the damage.
If you want to contact us with any inquiries or complaints regarding our reliance on the DPFs, you can email us at privacy@pulsesecurity.ai.

7. Data Retention

We retain the Personal Data we collect from you for as long as necessary for the purposes described in this Privacy Policy. If you have a Customer Agreement with us, we will delete your data in accordance with your Customer Agreement.

How long we retain Personal Data will depend on a number of factors including:

  • the terms of your Customer Agreement;

  • compliance with our (and to demonstrate compliance with) legal obligations, to resolve disputes, and to enforce our agreements; or

  • in relation to Account Information, for our tax, accounting, and audit requirements.

When we have no ongoing legitimate business need or legal reason to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

8. Jurisdiction-Specific Provisions

EEA, UK, and Switzerland

We rely on several legal bases in accordance with applicable data protection laws, such as the General Data Protection Regulation (“GDPR”) or United Kingdom Data Protection Regulation (“UK GDPR”) to process Personal Data for the purposes set out in this Privacy Policy. These legal bases are as follows:

a) Contractual Necessity - where we must process your personal data to fulfill a contract to which you are a party (for example, to provide you with our services).

b) Legal obligation – where we must process and retain your Personal Data in order to comply with legal and/or regulatory obligations

c) Legitimate interests – we can process your Personal Data where we have a legitimate interest in doing so (provided that our interests are not overridden by your data protection interests).

d) Consent – where we have obtained your consent to process your personal data for a specific purpose. You have the right to withdraw your consent at any time.

Processing ActivityLegal Basis
Providing and maintaining our ServicesContractual Necessity, Legitimate Interests
Developing, improving, and updating our ServicesLegitimate Interests
Carrying out and conducting researchLegitimate Interests
Personalizing your use of our ServicesLegitimate Interests
Providing customer support and resolving issuesContractual Necessity, Legitimate Interests
Communicating with you, including sending marketingLegitimate Interests, Consent (where required)
Assessing eligibility for and promoting our servicesLegitimate Interests, Consent (where required)
Preventing fraud, criminal activity, and misuse of ServicesLegitimate Interests, Legal Obligation
Complying with legal obligations and protecting rightsLegal Obligation, Legitimate Interests
International Data TransfersAdequacy Decisions, Standard Contractual Clauses, Derogation or Exceptions, Data Privacy Framework (where applicable and certified), and subject to you being able to exercise your data protection rights as outlined at section 10 below or by contacting us at privacy@pulsesecurityai.com for more information.

9. Minors’ Data

Our Services are not intended for children under the age of 16. We do not knowingly collect or solicit personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will take steps to delete the information as soon as possible.

10. Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have certain rights regarding your Personal Data, including the right to:

  • Access your Personal Data
  • Rectify inaccurate or incomplete Personal Data
  • Erase your Personal Data
  • Restrict the processing of your Personal Data
  • Data Portability
  • Object to the processing of your Personal Data
  • Withdraw your consent (where processing is based on consent)
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at privacy@pulsesecurity.ai. We will respond to your request in accordance with applicable data protection laws.

11. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will post any changes to this Privacy Policy on our Website and update the “Effective Date” at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically. If we make material changes, we will provide you with additional notice, such as by email or through a prominent notice on our Website.

12. How to Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Pulse Security AI Incorporated

Email: privacy@pulsesecurity.ai

Address: 1450 Arbor Avenue, Los Altos, CA 94024 United States