Privacy Policy

Pulsily ("we," "us," "our") is a software-as-a-service platform that helps church staff teams care for their volunteers and members. This Privacy Policy describes how we collect, use, share, and protect personal information when you use the Pulsily web application, mobile application, and any related services (collectively, the "Service").

Our role. For data your church uploads about its members and volunteers, your church is the “controller” (it decides what data to collect and why) and Pulsily is the “processor” (we handle it on the church’s behalf). For data we collect directly from you as a website visitor (analytics, IP address), Pulsily is the controller. This distinction matters under GDPR, CCPA, and similar laws.

If you have questions about this policy, write us via our contact form.

From church administrators

• Name and email address — used to send a 6-digit login code. Pulsily uses passwordless authentication; we do not store passwords.
• Church name, slug, time zone, and other organizational metadata you provide.
• Billing information processed by Stripe. Stripe handles card details directly; we never see or store full card numbers or CVV codes (we may store the last four digits of the card and the renewal date for display).

About the people you care for

• Roster data you import or sync — names, email addresses, phone numbers, ministry team membership, and similar contact details.
• Responses to check-in questions you send, including free-text answers that may contain sensitive personal information (e.g., prayer requests, mental-health concerns, family situations).
• Notes and touch logs entered by your staff.

Automatically

• IP address, browser type, and basic device information for security purposes.
• Usage events (which pages you visit, which actions you take) for product improvement. Pulsily uses Plausible Analytics, which is cookieless and does not track users across sites.
• Session tokens stored in your browser’s localStorage (not cookies). The only first-party cookie we set is a short-lived nonce during the Planning Center OAuth flow, deleted after the OAuth callback completes.

• To provide and improve the Service.
• To send transactional email — login codes, check-in invitations, digests.
• To detect and prevent abuse, fraud, and security incidents.
• To comply with legal obligations.

We do not sell your data. We do not share personal information with third parties for their own marketing.

We rely on a small number of vendors to operate the Service:

• Amazon Web Services — hosting, managed Postgres database, S3 file storage, and (when configured) SES email delivery.
• An SMTP provider (e.g., SendGrid, Postmark, or Mailgun) — when configured as an alternative or fallback to SES for outbound email.
• Stripe — subscription billing, payment processing, and the self-serve billing portal.
• Planning Center — only if your church chooses to connect it, and only for the roster data you authorize.
• Plausible Analytics — privacy-friendly, cookieless analytics on the marketing site only. No personal data is shared; Plausible does not track users across sites.
• Sentry (when enabled) — application error tracking. Sentry receives error stack traces and request metadata; we configure it to avoid capturing personal data in error payloads.
• Google Workspace — for our own administrative mailboxes (e.g., support@pulsily.com). Inbound mail you send us lands here.

Each vendor is contractually bound to handle data on our behalf and not for their own purposes. We do not sell personal information to anyone.

We may disclose information when required by law (court order, subpoena, lawful government request) or to protect the rights, property, or safety of Pulsily, our users, or the public.

Pulsily stores data on managed infrastructure in the United States. We make daily backups and enable point-in-time recovery. We do not transfer data internationally except as needed to deliver email or load static assets.

We retain your church’s data for as long as your account is active. If you cancel, we soft-delete your data and hold it for 30 days in case you reactivate, then purge it. Backups are retained for an additional 30 days. You can request earlier deletion by writing to our contact form.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccuracies.
• Delete your information.
• Object to or restrict processing.
• Export your data in a portable format.
• Opt out of the sale or sharing of personal information (we do neither).
• Withdraw consent for any processing based on consent.

To exercise these rights, write us via our contact form. We’ll verify your identity before responding (typically by confirming you control the email address attached to the relevant account).

If you’re a person whose data is held by a church on Pulsily (not the administrator) — please first contact your church. They are the controller of that data under most privacy laws, and we will route your request to them or honor a verified request directly when the church has authorized us to do so.

California residents — under the CCPA/CPRA you have the rights listed above. Pulsily does not sell or share personal information for cross-context behavioral advertising, and has not in the prior 12 months. The categories of sensitive personal information we may process on your church’s behalf include religious or philosophical beliefs (implied by roster membership in a church), the contents of communications you send through the Service (such as check-in answers), and health information that an individual may voluntarily share in those communications (such as a prayer request describing an illness). We process this information solely to provide the Service to your church, and we do not use it for any purpose that would trigger the right to limit its use under CPRA §1798.121. Under California Civil Code §1798.83 (“Shine the Light”), California residents may request information about our disclosure of personal information to third parties for those parties’ direct marketing purposes — we do not make such disclosures, so there is nothing to report.

EU / UK residents — under GDPR and UK GDPR, our legal basis for processing is the contract between us and your church (for roster data), our legitimate interest in operating the Service (for analytics and security), and your consent (where required by law). You have the right to lodge a complaint with your local supervisory authority. A standalone Data Processing Addendum (DPA) is available on request via our contact form.

Do Not Track. Most major browsers send a Do Not Track signal. Because Pulsily uses cookieless analytics and does not track users across sites, our behavior does not change based on a DNT signal — we treat all visitors the same way.

Pulsily is intended for use by adults on behalf of churches. We do not knowingly collect information from children under 13. If a church chooses to enroll people under 13, the church is responsible for obtaining appropriate consent.

We protect data in transit with TLS 1.2 or higher, and at rest with AES-256 encryption using AWS-managed keys. Access to production systems is limited to authorized personnel and audited. Session tokens are short-lived JWTs scoped to a single church; every state-changing request is authorized server-side before reading or writing.

We’re a small team and we don’t pretend otherwise. We do not currently hold SOC 2, HIPAA, or ISO 27001 certifications — see our Security page for a candid account of what we do and don’t have.

If we discover a breach of personal information that materially affects you or your church, we will notify affected administrators by email within 72 hours of confirming the breach. The notice will tell you what happened, what data was involved, what we’ve done, and what you need to do.

We’ll update this page when our practices change and update the “Last updated” date at the top. If the change is material — i.e., it expands the categories of data we collect, the purposes we use it for, or the third parties we share it with — we will notify administrators by email before it takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

Email our contact form with any privacy question, request, or concern. A real person will write back.