Privacy Policy

Updated 26.03.25

Welcome to PulseGuard AI. These Terms of Service (“Terms”) govern your use of our website, products, and services. By accessing or using our services, you agree to comply with these Terms. If you do not agree, please do not use our website.

Privacy Policy

PulseGuard AI, Inc.
Effective: September 7, 2025

1) Who we are

PulseGuard AI builds software for ED and urgent care teams: PulseTrack and ChartShield. Company HQ operations are in Virginia.

2) Scope

This policy covers:

Marketing properties: pulseguardai.com and related pages (we are the controller).
Product environments: customer-connected apps and sandboxes (we are a processor and Business Associate under a BAA).

3) What we collect

A. Marketing site

Contact info you submit (name, email, company, message).
Basic visit analytics (pages viewed, country, referrer). We use Simple Analytics which is cookie-less and does not build profiles.
Emails you send us and meeting details you share.

B. Product (customer environments)

Read-only clinical data required to run the service (e.g., radiology reports, lab results, encounters, messages metadata) as directed by the customer under a BAA.
App telemetry and audit logs (user, role, timestamp, action).
No PHI in development or demos. Separate sandbox.

4) How we use data

Provide, secure, and improve our services.
Respond to inquiries and support.
Configure and monitor pilot KPIs.
Comply with legal and security obligations.

We do not sell personal information and we do not use PHI for advertising or model training.

5) Legal bases (GDPR, if applicable)

Consent, contract performance, legitimate interests (security, support), or legal obligation.

6) Sharing and subprocessors

We share data only to operate the service or when required by law.

Hosting/infra: Microsoft Azure (US regions).
Health data exchange: Redox (US).
Website/landing pages: Webflow (hosting), Cloud assets via their CDN.
Analytics: Simple Analytics (EU, privacy-first, no cookies).
Email/communications: Zoho Mail.
Security and logging: standard cloud logging within Azure.

We sign DPAs/BAAs as required. Current list may be updated; material changes will be posted here.

7) Retention

Marketing inquiries: typically 24 months.
Product data: per customer agreement/BAA or applicable law.
Audit logs: per site policy and contract.

8) Security

HIPAA program with BAAs for pilots, RBAC and MFA, encryption in transit and at rest, audit logs, separate non-PHI dev/sandbox, SOC 2 path.

9) Your rights

Depending on your location, you may request access, correction, deletion, or a copy of your data, and opt out of marketing.

Virginia (VCDPA) / California (CPRA): access, delete, correct, and opt out of sale/share (we do not sell/share).
EEA/UK: access, rectify, erase, restrict, portability, object.
To exercise rights: email privacy@pulseguardai.com.

10) Cookies and tracking

The marketing site uses Simple Analytics without cookies. We honor browser “Do Not Track” where feasible. No ad trackers.

11) Children

Our services are for professional use, not for children under 16.

12) International transfers

When data moves across borders, we use appropriate safeguards (e.g., SCCs) with our subprocessors.

13) HIPAA and BAAs

When connected to a covered entity, PulseGuard AI acts as a Business Associate and processes PHI only as instructed by the customer under a BAA. For demos, we use de-identified or synthetic data.

14) Changes to this policy

We may update this policy. The “Effective” date will change and significant updates will be communicated on this page.

15) Contact

PulseGuard AI, Inc.
security@pulseguardai.com
PulseGuard AI, Inc. 609 E Main St Suite CC PMB 2002 Purcellville, VA 20132 United States

‍