Pulsed
Back to home

Privacy Policy

Last updated: April 9, 2026

1. Who we are

Pulsed ("we", "us", "our") is a paid media analytics platform operated by Zayari Developments. Pulsed helps advertising professionals monitor and optimize their Google Ads and Meta Ads campaigns through AI-powered insights.

If you have questions about this policy, contact us at privacy@pulsed.ai.

2. What data we collect

Account information

When you create a Pulsed account we collect:

  • Name and email address
  • Hashed password (we never store plaintext passwords)
  • Account role and preferences

Advertising platform data

When you connect a Google Ads or Meta Ads account, we access the following data through official APIs with your explicit consent:

  • Campaign, ad group, and ad performance metrics (spend, impressions, clicks, conversions, ROAS, CPA)
  • Campaign structure and settings (names, budgets, statuses, targeting)
  • Creative details (headlines, descriptions, ad strength scores)
  • Search term reports and keyword quality data (Google Ads)
  • Audience targeting and overlap data (Meta Ads)
  • Device and hour-of-day performance breakdowns

We do not access personally identifiable information about the people who see or click your ads. We only access aggregated advertising performance data.

OAuth tokens

When you authorize Pulsed via Google or Meta OAuth, we receive and store encrypted access and refresh tokens. These tokens allow us to fetch your advertising data on your behalf. Tokens are encrypted at rest using AES-256-GCM encryption and are never exposed to other users.

Usage data

We collect basic analytics about how you use the platform (pages visited, features used) to improve the product. We do not use third-party tracking scripts.

3. How we use your data

We use the data we collect to:

  • Display your advertising performance in the Pulsed dashboard
  • Generate AI-powered insights, issue detection, and optimization recommendations
  • Send you notifications about critical performance changes (if enabled)
  • Calculate health scores and trend analysis
  • Improve the accuracy of our detection and analysis engines
  • Provide customer support and respond to your inquiries

We do not sell, rent, or share your advertising data with third parties for their own marketing or advertising purposes.

4. Google API Services — Limited Use Disclosure

Pulsed's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to the data necessary to provide the Pulsed service (the adwords scope for Google Ads read access)
  • We do not use Google user data for serving advertisements
  • We do not transfer Google user data to third parties unless necessary to provide the service, required by law, or with your explicit consent
  • No human reads your Google Ads data except to provide support directly requested by you
  • We only retain your Google Ads data for as long as needed to provide the service (rolling 30-day window for metrics)

5. Data security

We take the security of your data seriously and implement the following measures:

  • Token encryption at rest — OAuth tokens are encrypted using AES-256-GCM with unique IVs per encryption operation
  • PKCE — Our OAuth flows use Proof Key for Code Exchange (S256 method) to prevent authorization code interception
  • CSRF protection — Cryptographically random state tokens with server-side validation and 15-minute expiry
  • Transport encryption — All data in transit is encrypted via HTTPS/TLS
  • Password hashing — Passwords are hashed with bcrypt before storage
  • Token revocation — When you disconnect an account, we revoke the OAuth token at the provider level
  • Minimal data retention — We store a rolling 30-day window of performance metrics

6. Data sharing

We may share your data in the following limited situations:

  • AI processing — Aggregated and anonymized advertising metrics are sent to our AI provider (OpenAI) to generate insights. No personally identifiable information or raw tokens are shared.
  • Infrastructure providers — Our hosting and database providers (Vercel, Neon) process data as part of providing their services, subject to their own privacy policies and data processing agreements.
  • Legal requirements — We may disclose data if required by law, regulation, or legal process.

7. Your rights

You have the right to:

  • Disconnect accounts — Remove any connected advertising account at any time. This revokes our access and deletes associated data.
  • Delete your account — Request complete deletion of your Pulsed account and all associated data.
  • Export your data — Request a copy of the data we hold about you.
  • Revoke access— Revoke Pulsed's access to your Google or Meta account at any time through the respective platform's settings (Google, Meta).

To exercise any of these rights, contact us at privacy@pulsed.ai.

8. Cookies

Pulsed uses only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

9. Data retention

  • Metrics — Rolling 30-day window, older data is automatically deleted during sync
  • Insights — Kept for the duration of your account
  • OAuth tokens — Stored as long as the connection is active; deleted and revoked upon disconnection
  • Account data — Retained until you delete your account

10. Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through the Pulsed dashboard. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, contact us at:

Zayari Developments
Email: privacy@pulsed.ai