Privacy Policy

How Pulsewise Pty Ltd collects, uses, and protects information about you and your business. Written for compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

1. Who we are

Pulsewise Pty Ltd (ABN pending) operates the Pulsewise service — a SaaS tool that monitors the customer-acquisition channels of medical clinics (phone numbers, contact forms, Google Business Profile, online reviews, SSL certificates, listings consistency, and similar). We're based in Victoria, Australia.

This Privacy Policy applies to anyone interacting with the Pulsewise service, including:

• Reseller MSPs (the businesses who pay us for monitoring on behalf of their clinic customers)
• Practice managers and clinic staff who sign into the white-labelled clinic portal
• Members of the public who use the free audit form at /
• Prospective resellers who join the wholesale waitlist at /partners

2. What we collect

The categories of personal information we collect, and why:

Account information

• Your name, email address, and (optionally) phone number — to identify you as the human behind your account and contact you about the service.
• Your role within an MSP or clinic — to scope what you can see and do.
• Sign-in metadata: timestamps, IP addresses, and browser user-agents associated with your sessions — to keep your account secure.

Business information (about the businesses you monitor)

• Business name, website URL, primary email, primary phone number, fax number, contact-form URL, and Google Business Profile listing.
• Findings from monitoring checks — what we detected, when, and the public-facing data we observed (page contents, SSL details, DNS records, search-result rankings, public Google reviews).
• For wholesale partners: business name, contact name, email, phone, state, customer count, and any free-text comments submitted via the waitlist form.

Usage information

• Server logs (request URLs, response codes, timestamps) — to debug, run our service, and detect abuse.

We do not intentionally collect:

• Government identifiers (Medicare, AHPRA registration numbers, driver's licence)
• Payment card details (these go directly to our payment processor — see "Disclosure" below)
• Patient health information (see "Health information")
• Biometric data

3. How we use it

We use the information we collect to:

• Operate the monitoring service — run scans, persist findings, surface alerts
• Communicate with you — sign-in links, monthly check-in emails, service notifications
• Bill resellers for their seat usage
• Improve the service — analyse aggregate usage to decide what to build next
• Comply with our legal obligations under Australian law

We do not use the information we collect for:

• Selling, renting, or trading your personal information to third parties for their own marketing
• Targeted advertising
• Profiling that produces legal effects about you

4. Who we share it with

We share personal information only with parties who help us deliver the service:

• Resellers (MSPs) — the MSP who manages your clinic sees the monitoring data about that clinic. They never see data about other MSPs' clinics.
• Infrastructure providers — our database and authentication run on Supabase (likely Sydney region). Our email is sent through Resend. Our payment processing is via Stripe. We use Twilio for telephony-based checks. Each provider has its own privacy policy and a contractual obligation to handle data only as we direct.
• External public data sources — to run monitoring checks we query the Google Search API, the Google Places API, the Have I Been Pwned API, and other public services. We send the business URL or domain; we do not send personal information about you.
• Legal disclosure — if required by Australian law (subpoena, court order, regulator request).

We will never disclose your personal information to a third party for that party's own marketing without your explicit consent.

5. Where it's stored and for how long

Personal information is stored on infrastructure operated by our service providers within Australia where available (Supabase Sydney region; Resend's Australia/Europe routing). Some service providers may process data outside Australia — see each provider's documentation for current residency details.

Retention periods:

• Account data — kept for the duration of your account, plus 12 months after closure for billing reconciliation, then deleted.
• Scan findings — kept for the duration of the clinic's active subscription, plus 12 months for historical comparison, then deleted.
• Server logs — kept for 90 days.
• Free audit submissions — kept indefinitely as lead records unless you ask us to delete them.

You can ask us to delete your data sooner — see "Your rights".

6. Health information

We monitor the technical infrastructure clinics use to receive patients (phone numbers, forms, listings). We do not intentionally collect, process, or store information about individual patients.

If you discover that health information has been submitted to Pulsewise (for example, as a free-text comment on a finding, or accidentally in a free audit), please contact us at contact@pulsewise.com.au and we'll redact and delete it.

State-level health-records legislation (such as the Health Records Act 2001 (Vic) and the Health Records and Information Privacy Act 2002 (NSW)) may apply to clinics using Pulsewise; clinics remain responsible for their own compliance.

7. Cookies and sessions

We use cookies for one purpose: keeping you signed in. The cookie is HttpOnly (not readable by JavaScript), SameSite=Lax, and Secure in production. It contains a signed session reference, not personal information.

We do not use third-party tracking cookies or advertising cookies.

You can disable cookies in your browser, but the service requires them to keep you signed in.

8. Your rights

Under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to correct information you believe is inaccurate.
• Deletion — ask us to delete your information, subject to our legal obligations to retain it (e.g. tax records).
• Portability — request a machine-readable export of your data.
• Withdraw consent — opt out of marketing communications at any time (unsubscribe links are in every email; or email us).

To exercise any of these rights, email contact@pulsewise.com.au. We respond within 30 days.

9. Complaints

If you believe we've mishandled your personal information, please tell us first at contact@pulsewise.com.au so we can try to fix it. We'll respond within 30 days.

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we'll notify active account holders by email at least 14 days before the change takes effect.

The "Last revised" date at the top of this page reflects the most recent update.

11. Contact

Privacy questions, access requests, complaints:

Pulsewise Pty Ltd
Email: contact@pulsewise.com.au
Postal: ABN pending · Victoria, Australia