DPA / GDPR

This page explains how personal data is handled across PulseRank’s ecosystem and includes a Support Data Processing Addendum (“Support DPA”) for situations where PulseRank processes customer-provided diagnostics to deliver support.

This page is intended for transparency and procurement/compliance review. It complements (and does not replace) our Privacy Policy and Terms of Service.

1. Component boundaries (what this page covers)

PulseRank operates three distinct components. Your data protection analysis should treat them separately:

The Plugin (Self-hosted Analytics)

The PulseRank WordPress plugin installed on your WordPress site (the “Plugin”).

Marketing Site

Websites at pulserank.ai and its marketing/documentation subdomains (the “Marketing Site”).

Billing, Subscriptions, Customer Portal (Freemius)

Checkout, payments, taxes, invoices, subscription management, refunds, and the customer portal provided through Freemius (the “Freemius Billing Environment”).

2. Roles summary (controller vs processor)

2.1 Marketing Site

PulseRank role: Controller for personal data processed via the Marketing Site.

2.2 Freemius Billing Environment

Freemius role: Freemius processes billing and subscription data to operate checkout, payments, tax handling, invoicing, portal access, and refunds.

PulseRank role: PulseRank processes limited customer/account data and entitlement metadata necessary to provide Services (e.g., plan level, license status, support eligibility).

Practical note: Freemius may act as a merchant of record or as a billing platform/payment processor depending on configuration and checkout flow. In all cases, billing and subscription operations occur primarily within the Freemius Billing Environment under Freemius’s documentation.

2.3 The Plugin (standard operation)

Customer role: Controller for visitor analytics data collected and stored on the customer’s WordPress site.

PulseRank role (standard operation): Not a processor for that self-hosted analytics dataset, because PulseRank does not receive or access it in standard operation.

2.4 When PulseRank becomes a processor

PulseRank acts as a processor only in a narrow scenario: when a customer submits diagnostic/support materials that contain personal data (e.g., logs, exports, screenshots) and asks PulseRank to process them to troubleshoot or provide technical support. This scenario is governed by the Support DPA in Section 6.

3) Marketing Site (pulserank.ai) — PulseRank as Controller

3.1 What we collect

Depending on how you use the Marketing Site, we may collect:

• Technical and usage data: IP address, device/browser characteristics, user-agent, approximate location (derived), timestamps, referrer URLs, pages viewed, and performance/error logs.
• Inquiry and communications data: name, email, company, and any information you submit through forms or email.
• Cookie/identifier data: where used, first-party cookies and similar technologies to operate the site, remember preferences, and measure marketing effectiveness.

3.2 Why we collect it

We process Marketing Site data to:

• operate, secure, and maintain the Marketing Site (fraud prevention, abuse detection, service reliability);
• respond to inquiries, provide information, and communicate with you;
• analyze site performance and improve content;
• conduct marketing activities where permitted (e.g., newsletter signup, demo requests).

3.3 Third-party services on the Marketing Site

We may use vendors (e.g., hosting, CDN, email service providers) to operate the Marketing Site. Vendor details, cookie categories, and opt-outs should be described in our Privacy Policy and Cookie Notice (where applicable).

3.4 Retention

We retain Marketing Site data only as long as reasonably necessary for the purposes described above, unless a longer retention period is required by law or needed to establish, exercise, or defend legal claims.

3.5 Your rights

Where applicable law provides it (e.g., GDPR/UK GDPR), you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. Requests can be submitted to [email protected]

4) Freemius Billing Environment — Billing and Subscription Data

4.1 What Freemius typically processes

When you purchase a subscription or manage billing, Freemius may process:

• customer identity and account data (e.g., name/email, account identifiers);
• billing address and tax/VAT information (where applicable);
• transaction and subscription data (purchases, renewals, invoices, refunds, chargebacks);
• payment method processing data (handled through payment processors; PulseRank does not receive full card details).

4.2 What PulseRank typically receives from Freemius

To provision the service and manage entitlements, PulseRank typically receives limited information such as:

• subscription plan and status (active/inactive, renewal dates);
• entitlement information (license status, activation limits, product tier);
• purchase metadata necessary for support and accounting (order references, refund status).

4.3 Purpose of PulseRank processing (billing-related)

PulseRank uses the Freemius-provided metadata to:

• provision and manage paid entitlements (Pro features, updates, support eligibility);
• prevent fraud/abuse (e.g., license misuse);
• provide customer support and account assistance;
• maintain business records (tax/accounting obligations where applicable).

4.4 Privacy documentation

Billing/subscription processing is primarily governed by Freemius’s documentation and our Privacy Policy. This page is not intended to restate Freemius’s privacy terms.

5) The Plugin (Self-hosted Analytics)

5.1 Standard operation: customer-controlled, local storage

In standard operation, the Plugin stores analytics data in the customer’s WordPress database. PulseRank does not access or receive this analytics dataset unless the customer chooses to share it for support (see Section 6).

Customer responsibility: You control and are responsible for analytics data processed on your WordPress site, including required privacy notices, consent mechanisms (where applicable), retention settings, and security of your hosting/database.

5.2 Optional licensing/entitlement checks

If you use paid features, the Plugin may perform limited license/entitlement checks (e.g., verifying license validity). These checks are designed to use minimal data and do not involve transfer of your full analytics dataset.

6) Support Data Processing Addendum (Support DPA)

This Support DPA applies only when you provide PulseRank with diagnostic materials that include personal data and request support services that require processing that data.

6.1 Parties and scope

• Customer (you) is the controller of Customer Support Data.
• PulseRank is the processor of Customer Support Data solely to provide support and troubleshoot issues, as instructed by you.

This Support DPA does not apply to:

• Marketing Site data (Section 3);
• Freemius billing/subscription processing (Section 4);
• self-hosted analytics data stored on your WordPress site in standard operation (Section 5).

6.2 Definitions

• Customer Support Data: any data you provide to PulseRank for support, including logs, exports, screenshots, configuration details, staging access details, and related communications that may contain personal data.
• Support Services: technical support, troubleshooting, diagnostic review, and related assistance.

6.3 Processing details (Article 28(3) GDPR)

Subject matter: processing Customer Support Data to deliver Support Services.
Duration: for the time needed to provide Support Services and for a limited period thereafter to document resolution, comply with legal obligations, and defend legal claims (see Section 6.10).
Nature and purpose: receiving, storing, reviewing, and responding to Customer Support Data to troubleshoot, resolve issues, and maintain security.
Categories of data subjects: customer administrators/users; and any individuals whose data appears in diagnostics (e.g., visitors/end users).
Types of personal data: may include IP addresses (including hashed identifiers), URLs, user-agent strings, timestamps, identifiers appearing in logs, and any personal data you include in diagnostics.

6.4 Processor obligations

6.4.1 Instructions

PulseRank will process Customer Support Data only on your documented instructions, including those set out in this Support DPA, unless required by law.

6.4.2 Confidentiality

PulseRank ensures that personnel authorized to process Customer Support Data are bound by confidentiality obligations.

6.4.3 Security measures

PulseRank implements appropriate technical and organizational measures to protect Customer Support Data, which may include:

• encryption in transit (TLS);
• access controls and least-privilege permissions;
• authentication controls for support tooling;
• logging and monitoring for security events;
• reasonable safeguards for storage and backups used for support operations.

Customer responsibility: security of your WordPress site, hosting environment, and self-hosted analytics database remains your responsibility.

6.4.4 Data minimization guidance (customer commitment)

You agree to use reasonable efforts to avoid submitting unnecessary personal data in diagnostics and, where feasible, to redact or minimize personal data before sharing.

6.4.5 Subprocessors (support only)

PulseRank may use subprocessors to process Customer Support Data solely to operate Support Services (e.g., email/helpdesk, secure file storage).

• You grant PulseRank general authorization to use subprocessors listed on our Subprocessors List: [Insert URL].
• PulseRank will impose data protection obligations on subprocessors at least equivalent to those in this Support DPA and maintain written agreements with them.

Changes: PulseRank will update the Subprocessors List for material changes and may provide additional notice where reasonable. You may object on reasonable data-protection grounds. If an objection cannot be resolved, you may terminate the affected Support Services.

6.4.6 International transfers

If Customer Support Data is processed outside the EEA/UK, PulseRank will use an appropriate transfer mechanism under applicable law (for example, standard contractual clauses where relevant).

6.4.7 Assistance with data subject requests

Taking into account the nature of processing, PulseRank will provide reasonable assistance to help you respond to data subject requests relating to Customer Support Data, to the extent feasible and proportionate.

6.4.8 Assistance with security and DPIAs

PulseRank will provide reasonable assistance with obligations relating to security and breach assessment to the extent applicable to Customer Support Data and the information available to PulseRank.

6.4.9 Breach notification

PulseRank will notify you without undue delay after becoming aware of a personal data breach affecting Customer Support Data and will provide available information reasonably necessary for you to meet applicable breach notification obligations.

6.4.10 Deletion or return

Upon your written request, PulseRank will delete or return Customer Support Data after the support matter is resolved, to the extent feasible, unless retention is required by law or necessary to establish, exercise, or defend legal claims.

6.4.11 Audit and compliance information

Upon reasonable written request (no more than once per 12-month period), PulseRank will provide information reasonably necessary to demonstrate compliance with this Support DPA (e.g., a security overview, subprocessor list, and relevant policy excerpts). Any audit approach will be subject to reasonable confidentiality and security constraints and may be satisfied remotely.

6.5 Precedence

If there is a conflict between this Support DPA and the Terms of Service regarding Customer Support Data processing, this Support DPA governs for that processing.

8) Requests and contact

Legal/Company: Finix Digital SRL, Ilfov County, Romania, Reg No. 50030946

Support requests: [email protected]i