Legal
Privacy Policy
Last updated: July 10, 2026
1. Overview
This Privacy Policy explains how PerformaAI ("we", "us") collects, uses, and shares information when you use PulseAI (the "Service"). We designed PulseAI for workplace performance reviews, so we treat employee and review data with care.
2. Information we collect
We may collect:
- Account information — name, email, password (hashed), and authentication details (including Google OAuth if you choose it)
- Organization data — company name, industry, size, country, timezone, review cadence, and related settings
- Employee and review data — profiles, reporting relationships, review cycle participation, self-reviews, manager remarks, and HR verification status
- Usage and technical data — IP address, browser type, device information, and logs needed to operate and secure the Service
3. How we use information
We use information to:
- Provide, maintain, and improve the Service
- Authenticate users and manage sessions
- Enable organization admins to run review workflows
- Send transactional emails related to your account or reviews
- Detect, prevent, and respond to security or abuse issues
- Comply with legal obligations
We do not sell personal information.
4. How we share information
We may share information with:
- People in your organization — according to roles and permissions configured in the Service (for example, managers seeing direct reports' reviews)
- Service providers — hosting, email, and infrastructure vendors who process data on our behalf under contractual obligations
- Legal and safety — when required by law or to protect rights, safety, and security
5. Cookies and session storage
We use cookies and similar technologies for authentication and session management (including an httpOnly refresh cookie and a lightweight session indicator). We may also store an access token in browser storage so you stay signed in across pages. These are necessary for the Service to function.
6. Data retention
We retain Customer Data for as long as your organization maintains an account, or as needed to provide the Service. Organization admins may request deletion of workspace data. We may retain limited records as required for security, dispute resolution, or legal compliance.
7. Security
We use industry-standard measures such as encrypted transport (HTTPS), hashed passwords, and role-based access controls. No method of transmission or storage is 100% secure; we continuously work to protect your data.
8. Your choices and rights
Depending on your location, you may have rights to access, correct, export, or delete personal information. Employees should typically contact their organization's admin first, since the organization controls Customer Data in the workspace. You can also contact us at performaai01@gmail.com.
9. Children
The Service is intended for workplace use by adults. We do not knowingly collect personal information from children under 16.
10. International transfers
If you access the Service from outside the country where our infrastructure is hosted, your information may be processed in other jurisdictions. We take steps appropriate to the nature of the data and applicable law.
11. Changes
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Continued use of the Service after changes means you acknowledge the updated policy.
12. Contact
Privacy questions: performaai01@gmail.com.