← Back to Home

Privacy Policy

Last updated: February 15, 2026 · Version 2.0

1. Introduction

Pulse ("we," "our," or "us") is a fitness and wellness application developed and operated by Teja Chinthala. This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of your personal information when you access or use the Pulse mobile application and any related services (collectively, the "Service").

We are committed to protecting your privacy, particularly because the Service processes health and fitness data classified as sensitive personal data under the European Union General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), and other applicable data protection legislation.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with these practices, please do not use the Service.

2. Data Controller

The data controller responsible for the processing of your personal data is:

Teja Chinthala
Pulse App
Email: support@gopulse.health

For any data protection inquiries, including requests to exercise your rights under GDPR or CCPA/CPRA, please contact us using the information above.

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: name, email address, date of birth, gender identity
  • Profile Data: display name, username, avatar photograph, biographical text
  • Body Metrics: height, weight, body measurements, body composition data
  • Fitness Goals: target weight, workout preferences, activity level, training experience
  • Nutrition Data: meals logged, portion sizes, caloric intake, macronutrient breakdown (protein, carbohydrates, fat), micronutrient data
  • Workout Data: exercises performed, sets, repetitions, weights lifted, duration, rest intervals, rate of perceived exertion
  • Social Content: posts, comments, direct messages, photographs, and other content you choose to share
  • Progress Media: photographs uploaded for body composition and transformation tracking

3.2 Information Collected Automatically

  • Device Information: device model, operating system version, unique device identifiers (for push notification delivery only)
  • Motion Sensor Data: step count data obtained from device motion sensors (with your permission)
  • Usage Analytics: anonymized and aggregated feature interaction data, session duration, and navigation patterns (only if you opt in)
  • Crash Reports: application crash logs and performance diagnostics for stability improvements

3.3 Information from Third-Party Services

  • Apple HealthKit: steps, active energy burned, workouts, heart rate, weight, sleep analysis, and other health metrics — accessed only with your explicit permission and subject to Apple's HealthKit guidelines (see Section 12)
  • Open Food Facts API: nutritional information for food items you search — queries are not linked to your identity
  • Google Gemini AI: processes fitness context you provide during AI coaching sessions to generate personalized recommendations (see Section 6)

4. How We Use Your Information

We process your personal data for the following specific purposes:

  • Service Delivery: provide core functionality including workout tracking, nutrition logging, progress monitoring, and goal setting
  • Personalization: generate AI-powered workout plans, coaching guidance, and nutritional recommendations tailored to your profile and goals
  • Calculations: compute calorie estimates, macronutrient targets, training volume, body composition trends, and other fitness metrics
  • Social Features: enable community features including social feed, challenges and competitions, direct messaging, and group interactions
  • Health Integration: synchronize data bidirectionally with Apple Health (only with your explicit, revocable permission)
  • Communications: send workout reminders, progress summaries, and challenge notifications based on your notification preferences
  • Service Improvement: analyze anonymized, aggregated usage patterns to improve app performance, fix defects, and develop new features (only if you opt in to analytics)
  • Security: detect and prevent fraudulent activity, abuse, and unauthorized access to protect you and other users

5. Legal Basis for Processing (GDPR)

We rely on the following legal bases under GDPR for processing your personal data:

  • Explicit Consent (Article 6(1)(a) and Article 9(2)(a)): for processing health and fitness data (special category data), AI-powered recommendations, and promotional communications. You provide this consent during onboarding and may withdraw it at any time through Settings without affecting the lawfulness of processing performed prior to withdrawal.
  • Performance of a Contract (Article 6(1)(b)): for providing the core Service features you registered to use, including account management, workout tracking, nutrition logging, and progress monitoring.
  • Legitimate Interests (Article 6(1)(f)): for application security, fraud prevention, defect resolution, and service reliability improvements.
  • Legal Obligation (Article 6(1)(c)): for responding to lawful requests from judicial or regulatory authorities and complying with applicable legislation.

6. AI Data Processing Transparency

Pulse integrates Google Gemini AI (provided by Google LLC) to deliver personalized workout plans, real-time coaching guidance, and nutritional insights. When you use AI-powered features, the following categories of data may be transmitted to Google's servers for processing:

  • Fitness Profile: age, gender, height, weight, fitness level, stated goals, and training preferences
  • Training History: recent exercise data, performance trends, personal records, and progression patterns
  • Nutrition Context: daily caloric and macronutrient summaries relevant to coaching recommendations
  • Session Content: conversation history and queries during live AI coaching sessions

This data is transmitted via encrypted HTTPS connections, processed in real-time to generate responses, and is not retained by Google LLC after the session concludes, in accordance with Google's API Data Processing Terms.

You may revoke consent for AI data processing at any time in Settings → Privacy & Consent → AI-Powered Recommendations.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to any third party. We do not use your health or fitness data for advertising, marketing targeting, or data brokerage purposes. We share data only in the following limited, necessary circumstances:

  • Supabase Inc. (Database Infrastructure): securely stores your account and application data with encryption at rest (AES-256), encryption in transit (TLS 1.2+), and row-level security policies
  • Google LLC (AI Processing): processes fitness context for personalized recommendations — data is not retained post-session
  • Open Food Facts (Nutrition Database): receives anonymized food search queries that cannot be linked to your identity
  • Apple Inc. (HealthKit Integration): receives workout entries and weight data you explicitly choose to synchronize
  • Other Users: profile information, posts, and social content you choose to share publicly
  • Legal Authorities: we may disclose personal data if required by applicable law or valid court order

8. Data Retention

  • Active Account: your data is retained for the duration your account remains active
  • Account Deletion: all personal data is permanently removed within 30 calendar days. Encrypted backups are purged within 90 days.
  • Anonymized Data: aggregated, de-identified usage statistics may be retained indefinitely for Service improvement
  • Legal Retention: certain data may be retained if required by law or pending legal proceedings

9. Your Rights

Under GDPR, CCPA/CPRA, and other applicable legislation, you have the following rights:

  • Right to Access (GDPR Art. 15 / CCPA §1798.100): request a copy of all personal data we hold about you
  • Right to Rectification (GDPR Art. 16): correct inaccurate or incomplete personal data
  • Right to Erasure (GDPR Art. 17 / CCPA §1798.105): delete your account and all associated data
  • Right to Data Portability (GDPR Art. 20): export your data in JSON format via Settings
  • Right to Restrict Processing (GDPR Art. 18): request limitation of processing in certain circumstances
  • Right to Object (GDPR Art. 21): object to processing based on legitimate interests
  • Right to Withdraw Consent (GDPR Art. 7(3)): withdraw consent at any time through Settings
  • Right to Non-Discrimination (CCPA §1798.125): we will not discriminate against you for exercising your rights

To exercise any of these rights, use the in-app Settings or contact us at support@gopulse.health. We will respond within 30 calendar days.

10. Data Security

  • Encryption in Transit: all data uses TLS 1.2+/HTTPS
  • Encryption at Rest: AES-256 encryption
  • Access Control: Supabase Row-Level Security (RLS) policies
  • Authentication: secure, short-lived token-based authentication with automatic refresh
  • HealthKit Security: health data processed on-device using Apple's privacy frameworks
  • Password Security: passwords hashed using bcrypt, never stored in plaintext

In the event of a data breach, we will notify you and relevant authorities within 72 hours.

11. International Data Transfers

Your data may be processed in the United States through our infrastructure providers. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) ensuring GDPR-level protection.

12. Apple HealthKit Compliance

In compliance with Apple's App Store Review Guidelines (Section 5.1.3):

  • HealthKit data is used exclusively for health and fitness functionality
  • We do not use HealthKit data for advertising or marketing
  • We do not sell HealthKit data to any third party
  • HealthKit data is not stored in iCloud by the Service
  • HealthKit data is processed primarily on-device
  • You may revoke HealthKit access at any time through iOS Settings

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights including the Right to Know, Right to Delete, Right to Correct, and Right to Opt-Out of Sale/Sharing. Pulse does not sell personal information and does not share it for cross-context behavioral advertising.

To exercise your California privacy rights, contact us at support@gopulse.health.

14. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete that data immediately. Contact us at support@gopulse.health if you believe a child has provided us with personal data.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated through in-app notifications. For changes to health data processing, we will request renewed consent before applying changes.

16. Contact Us

Email: support@gopulse.health
Subject: Privacy Inquiry — [Your Request]
Response Time: within 5 business days

If you are in the EEA and believe your rights have been violated, you may lodge a complaint with your local Data Protection Authority.