Privacy Policy

Introduction

Pulser ("we", "us", or "our") operates the pulser.fit website and the Pulser.Gym, Pulser.One, and Pulser.Coach applications (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Services.

We are built in the European Union and treat the General Data Protection Regulation (GDPR) as our baseline standard for data protection, regardless of where you access our Services from. We are also designed to be compliant with the European Health Data Space (EHDS) regulation as it comes into effect.

What Data We Collect

Account information. When you create a Pulser account, we collect your name, email address, and password. If you register through a gym, we may also receive your membership identifier from that facility. Coaches and gym operators provide additional business details such as facility name, address, and billing contact information.

Movement and biomechanical data. Pulser.One uses your phone's camera to analyse your movement during exercises. This analysis is performed entirely on your device using our proprietary movement engine. The raw video never leaves your phone and is not stored after the session ends. Only the resulting biomechanical metrics (such as joint angles, range of motion, rep counts, and form scores) are synced to your account if you choose to save your workout.

Body scan data. If you use the body scan feature in Pulser.One, the scan is processed on your device. The resulting measurements and progress data are stored in your account to track changes over time. The images used to generate the scan are not uploaded or retained.

Health data from wearables. With your explicit consent, Pulser.One can integrate with Apple Health, Garmin, Whoop, Oura, and Fitbit to import health metrics such as heart rate, heart rate variability (HRV), sleep quality, recovery scores, and activity data. You control which integrations are active and can disconnect them at any time.

Gym usage data. When you check in at a gym, use equipment, or book classes through Pulser, we record that activity to power features like attendance tracking, equipment availability, and personalised workout suggestions.

Payment information. If you subscribe to a paid plan, your payment is processed by a third-party payment processor. We store a record of your subscription status and billing history but do not store full credit card numbers or bank account details on our servers.

How We Process Data: On-Device vs. Cloud

Privacy by design is a core principle of the Pulser architecture. Our movement engine and body scan technology run locally on your phone. Video frames are processed in real time and discarded immediately. No video footage is ever transmitted to our servers, stored in the cloud, or accessible to Pulser staff.

The derived metrics from your workouts (such as movement quality scores, rep counts, and body measurements) are synced to the Pulser cloud so that you can access your history across devices and so that your AI coach can provide personalised recommendations. All cloud-stored data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Legal Basis for Processing

Under the GDPR, we process your personal data on the following legal bases:

Contract performance. We process account data, gym usage data, and subscription data because it is necessary to provide the Services you have signed up for. Without this processing, we cannot deliver your account, track your membership, or manage your subscription.

Consent. We process health data from wearables and body scan data only with your explicit, informed consent. You can withdraw consent at any time through your account settings, and we will stop processing the relevant data going forward. Movement analysis is processed on-device and only synced to the cloud with your consent.

Legitimate interest. We may process certain data (such as aggregated, anonymised usage analytics) to improve our Services, detect fraud, and ensure platform security. We conduct balancing tests to ensure our legitimate interests do not override your fundamental rights and freedoms.

EHDS Readiness and Health Data Portability

Pulser is designed to be compatible with the European Health Data Space (EHDS) framework. As the EHDS regulation is implemented, we will support the required data formats and interoperability standards to ensure that your health and fitness data can be ported to other EHDS-compliant services at your request.

You already have the right to export your data in a structured, commonly used, machine-readable format under GDPR Article 20. We are building our data architecture to go beyond this baseline and meet the more specific health data portability requirements that the EHDS will introduce.

Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

With your gym. If you are a member of a gym that uses Pulser.Gym, we share your membership status, attendance records, and basic profile information with that facility so they can manage your membership. Your detailed workout data, body scan results, and wearable health data are not shared with the gym unless you explicitly choose to share them.

With your coach. If you work with a coach through Pulser.Coach, you can choose to share specific workout data, movement analysis results, or health metrics with that coach. You control exactly what is shared and can revoke access at any time.

Anonymised insights. We may generate anonymised, aggregated insights from usage data (for example, popular workout times or average equipment utilisation) and share these with gym operators to help them improve their facilities. This data cannot be used to identify any individual. We only do this with your explicit opt-in consent.

Service providers. We use third-party providers for payment processing, cloud hosting, and analytics. These providers process data on our behalf under strict data processing agreements that comply with GDPR requirements.

Cookies

We use a minimal set of cookies on pulser.fit. Essential cookies are used to maintain your session and remember your preferences. We use a single analytics cookie to understand how visitors use our website so that we can improve it. We do not use advertising cookies or tracking pixels. You can manage your cookie preferences through your browser settings at any time.

Your Rights

Under the GDPR, you have the following rights regarding your personal data. You can exercise any of these rights by contacting us at go@pulser.fit or through your account settings.

Right of access. You can request a copy of all personal data we hold about you. We will provide this in a structured, commonly used format within 30 days.

Right to rectification. If any of your data is inaccurate or incomplete, you can ask us to correct it. Most information can be updated directly in your account settings.

Right to erasure. You can request that we delete your personal data. We will comply unless we are legally required to retain certain records (for example, billing records for tax purposes).

Right to data portability. You can request your data in a machine-readable format so that you can transfer it to another service.

Right to object. You can object to processing based on legitimate interest. You can also withdraw consent for any consent-based processing at any time without affecting the lawfulness of processing carried out before withdrawal.

Data Retention

We retain your personal data for as long as your account is active and for a reasonable period afterward to fulfil our legal obligations, resolve disputes, and enforce our agreements. Specifically: account data is retained for the duration of your account and deleted within 90 days of account closure; workout and movement data is retained for as long as your account is active; billing records are retained for the period required by applicable tax law (typically 7 years); and anonymised, aggregated data may be retained indefinitely as it cannot be linked back to you.

When data is deleted, it is removed from our active systems and purged from backups within 30 days.

Children's Privacy

Pulser Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly. If you believe we may have collected data from a child under 16, please contact us at go@pulser.fit.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or through a prominent notice in the Services before the changes take effect. Your continued use of the Services after the effective date of a revised policy constitutes your acceptance of the changes.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to file a complaint, please contact us at go@pulser.fit. You also have the right to lodge a complaint with a supervisory authority in your EU member state of residence.