Privacy Policy

Effective date: 26 June 2026

1. Who We Are

PulseMorph AI is operated by Nyxtopia OÜ, registry code 17126290, registered in Estonia. We are the data controller for personal data processed through our platform. Contact: privacy@pulsemorph.io.

2. Data We Collect

  • Account data: Name, email address, password hash, subscription plan, credit balance.
  • Usage data: Operations performed, credits consumed, API calls, delivery logs (timestamps, channel, status).
  • Integration data: Telegram chat ID (if connected), webhook endpoint URLs (no personal content stored from third-party systems).
  • Technical data: IP address, browser/device type, session data for security and fraud prevention.
  • Payment data: Billing is processed by Stripe. We store only Stripe customer ID and subscription metadata. We do not store full card details.

3. How We Use Your Data

  • To provide and operate the PulseMorph service.
  • To process payments and manage subscriptions.
  • To deliver signals via Telegram, webhook, or BotBridge.
  • To detect abuse, fraud, and security threats.
  • To send transactional emails (account, billing, usage alerts).
  • To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for advertising profiling.

4. Legal Basis (GDPR)

For users in the EEA/UK, processing is based on:

  • Contract performance — to provide the service you subscribed to.
  • Legitimate interests — security, fraud prevention, service improvement.
  • Legal obligation — tax records, compliance.
  • Consent — where explicitly given (e.g. marketing emails).

5. Data Retention

Account data is retained for the duration of your subscription plus 30 days after account deletion, unless a longer period is required by law. Usage/credit ledger records are retained for 3 years for financial compliance. Delivery logs are retained for 90 days.

6. Third-Party Processors

  • Stripe — payment processing (US/EU)
  • Telegram — signal delivery (when connected)
  • AI providers — Ollama (self-hosted) or cloud AI API (when configured)
  • Cloud hosting — VPS/Docker-based infrastructure in the EU

7. Your Rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and data.
  • Restrict or object to certain processing.
  • Data portability.
  • Lodge a complaint with the Estonian Data Protection Inspectorate (AKI).

To exercise your rights, email privacy@pulsemorph.io.

8. Cookies

We use session cookies for authentication and preference storage. No cross-site tracking or advertising cookies are used.

9. Changes

We will notify you of material changes via email or in-app notice. The current version is always available at pulsemorph.io/privacy.

10. Contact

Data controller: Nyxtopia OÜ, Veskiposti tn 2-1002, Kesklinna linnaosa, 10138 Tallinn, Harju maakond, Estonia. Email: privacy@pulsemorph.io.