Privacy-first by design
We built PulseLog with privacy as a core principle. Learn how we protect your data and respect employee rights.
Last updated: January 15, 2025 • Effective: January 15, 2025
Our Privacy Principles
These principles guide every decision we make about data collection and processing
Clear communication about what data we collect, how we use it, and who has access.
Employees can pause tracking, access their data, and control privacy settings.
We collect only the data necessary for productivity insights and business purposes.
Enterprise-grade security with encryption, access controls, and regular audits.
Activity Data
- • Application names and usage duration
- • Website URLs and time spent (domain-level only by default)
- • Keystroke and mouse activity levels (not content)
- • Window titles (automatically obfuscated for sensitive applications)
- • File names and paths (configurable, can be disabled)
System Information
- • Operating system and version
- • Hardware specifications (CPU, RAM, disk space)
- • Network connectivity status
- • PulseLog agent version and configuration
Account Information
- • Name and email address
- • Organization and role information
- • User preferences and privacy settings
- • Authentication and session data
Pause & Resume Tracking
Employees can pause PulseLog tracking at any time using:
- • System tray icon (Windows/Linux)
- • Menu bar icon (macOS)
- • Keyboard shortcut (configurable)
- • Web dashboard controls
Data Access Rights
- • View all personal activity data collected
- • Export personal data in standard formats
- • Request data correction or deletion
- • Access audit logs of data access
Privacy Settings
- • Configure content obfuscation levels
- • Set application-specific privacy rules
- • Control data sharing with managers
- • Manage consent preferences
Encryption
- • TLS 1.3 encryption for all data in transit
- • AES-256 encryption for data at rest
- • End-to-end encryption for sensitive communications
- • Regular key rotation and management
Access Controls
- • Role-based access control (RBAC)
- • Multi-factor authentication required
- • Regular access reviews and audits
- • Principle of least privilege enforcement
Infrastructure Security
- • SOC2 Type II certified infrastructure
- • Regular penetration testing
- • 24/7 security monitoring
- • Incident response procedures
Default Retention Periods
- • Activity data: 12 months (configurable by organization)
- • Aggregated reports: 24 months
- • Account information: Duration of employment + 30 days
- • Audit logs: 7 years (compliance requirement)
Automated Deletion
Data is automatically deleted according to retention policies:
- • Daily cleanup of expired activity data
- • Monthly purge of deleted user accounts
- • Quarterly review of retention policies
Manual Deletion Requests
- • Employee-initiated deletion (immediate)
- • Organization-requested deletion (within 30 days)
- • Legal or compliance-required deletion (within 72 hours)
GDPR Compliance (EU)
- • Lawful basis: Legitimate interest (Article 6(1)(f))
- • Data subject rights fully supported
- • Privacy by design and by default
- • Data Protection Impact Assessments conducted
CCPA Compliance (California)
- • Consumer rights to know, delete, and opt-out
- • No sale of personal information
- • Transparent privacy practices
- • Non-discrimination for privacy choices
Additional Standards
- • SOC2 Type II certification
- • ISO 27001 implementation (in progress)
- • NIST Cybersecurity Framework alignment
- • Industry-specific compliance as required
Privacy Officer
Email: privacy@pulselog.com
Response time: Within 72 hours
Data Subject Requests
For data access, correction, or deletion requests:
Email: data-requests@pulselog.com
Response time: Within 30 days
Security Incidents
Report security concerns immediately:
Email: security@pulselog.com
Phone: +1 (555) SECURITY (24/7)