Privacy Policy

Last updated: June 3, 2026

Quick Summary

  • We collect only what we need (email, consultation data)
  • You can export or delete your data anytime
  • We never sell your personal data
  • AI consultations are anonymized for training
  • We comply with GDPR, CCPA, and global privacy laws

1. Information We Collect

PulseWell ("we," "our," or "us") collects the following types of information to provide and improve our TCM wellness services:

1.1 Account Information

  • Email addressfor account creation and service communications
  • Consultation historyyour symptom descriptions and AI responses

1.2 Wellness Information

  • Symptom descriptionsthe health concerns you share during consultation
  • Uploaded imagestongue photos or health documents you upload for analysis
  • Body type assessmentsTCM constitution analyses generated by our AI

1.3 Technical Data

  • Browser type, device information, and usage patterns
  • IP address and approximate location (country level only)
  • Cookie preferences and consent records

2. How We Use Your Data

  • To provide personalized TCM wellness consultations
  • To generate body type cards and wellness reports
  • To improve our AI models (anonymized and aggregated only)
  • To send service-related communications (with your consent)
  • To comply with legal obligations

We DO NOT: sell your personal data to third parties, use your data for automated decision-making with legal effects, or share identifiable health data with advertisers.

3. Data Storage & Security

Your data is stored on Supabase servers with encryption at rest and in transit. We implement Row Level Security (RLS) to ensure data isolation between users. All API communications use HTTPS/TLS.

We retain your data for as long as your account is active. You may request deletion at any time (see Section 5).

4. Third-Party Services

We use the following third-party services:

  • Anthropic (Claude API) — AI model provider for wellness consultations.
  • Supabase — Database and file storage.
  • Vercel — Application hosting.

5. Your Data Rights

To exercise any of these rights, contact us at privacy@pulsewell.com. We will respond within 30 days as required by GDPR.

Access
Request a copy of all data we hold about you
Portability
Download your data in machine-readable JSON format
Deletion
Request complete deletion of your account and all data
Restriction
Opt out of data processing for AI training purposes

6. Children's Privacy

PulseWell is not intended for users under 16 years of age.

7. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place.

8. Cookie Policy

We use essential cookies for session management and security.

9. California Privacy Rights (CCPA)

California residents have rights to know, delete, and opt-out of data sale.

10. Data Breach Notification

We will notify affected users within 72 hours of discovering a data breach.

11. Contact Us

  • Email: privacy@pulsewell.com
  • Response time: Within 30 days (GDPR), 45 days (CCPA)

12. Changes to This Policy

We will notify you of material changes via email and website notice.