Pulsely is self-hosted: visitor data the plugin collects stays on your server, never on ours. We only collect the minimum needed to run our website, validate your licence, and bill you.
1. Who is responsible for your data
"Pulsely" is the operator of pulsely.me.uk and the publisher of the Pulsely WordPress plugin. We are the data controller for personal data we collect from visitors to our website and from customers who subscribe.
For payment data, our merchant of record Paddle.com is the data controller. Their privacy notice is at paddle.com/legal/privacy.
Contact for privacy questions: hello@pulsely.me.uk.
2. What we collect, where, and why
Pulsely processes personal data in three different contexts. Each is described below.
2.1 When you visit pulsely.me.uk
| What | Why | How long |
|---|---|---|
| IP address (in server logs) | Spam/abuse protection on the marketing site | 30 days |
| Browser user-agent | Diagnostic logs | 30 days |
| Referrer header (truncated to origin) | To know which sites link to us | 30 days |
We do not set cookies on the marketing site. We do not run Google Analytics or any third-party tracking on this website.
We do load Google Fonts (Fraunces, Inter Tight, JetBrains Mono) from fonts.gstatic.com for typography. Google may receive your IP address as part of this. If this is a concern we can self-host the fonts — let us know.
2.2 When you subscribe through Paddle
Paddle is the seller and processes the payment. They collect billing-name, email, billing-address, and payment-card details directly. We never see your card information.
Paddle shares with us:
- Your name and email (for licence delivery and support)
- Country and approximate region (for tax purposes)
- Subscription status, plan, and renewal dates
- Order ID (for support reference)
We use this only to deliver your licence key, manage your subscription, and respond to support requests.
2.3 When you use the Pulsely plugin on your WordPress site
This is the most important section. Two things happen — they are very different.
2.3a Your visitor data: stays on your server
Pulsely's main job is to track your visitors and store the events in wp_pulsely_events on your own WordPress database. We never receive, see, or store this data. There is no "phone home" of visitor data.
2.3b Licence-server check-ins: minimal data, sent to us
To validate that your licence key is paid and active, the plugin contacts our licence server at license.pulsely.me.uk on activation, on a daily heartbeat, and when re-validating after suspicious activity. The check-in includes:
- Your licence key
- The domain the plugin is running on
- The plugin version
- A timestamp
- The IP address of the WordPress server (incidental, captured by our server logs)
We use this only to validate your licence, prevent licence-sharing across domains, and respond to support tickets. It is not combined with any other data and not shared with third parties.
Licence-server logs are kept for 90 days for audit and abuse-investigation purposes, then deleted.
3. Cookies
The marketing site at pulsely.me.uk sets no cookies.
The Paddle checkout (when you subscribe) sets cookies necessary for the payment session. Those are governed by Paddle's privacy notice.
The Pulsely plugin running on your WordPress site sets a single cookie (pulsely_consent) to remember whether your visitors have accepted or declined visitor tracking. That cookie lives on your domain, not ours.
4. Where data is processed
Our website and licence server are hosted in the United Kingdom (Hostinger). Paddle processes payments globally and may transfer data outside the UK/EU under appropriate safeguards (Standard Contractual Clauses, etc.). See Paddle's privacy notice for details.
5. Your rights
Depending on where you live (UK, EU, California, Canada, etc.), you may have rights to:
- Access the personal data we hold about you
- Correct it if it's wrong
- Delete it ("right to be forgotten")
- Object to processing
- Receive a portable copy
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with your local data-protection authority (e.g. ICO in the UK, your provincial commissioner in Canada)
To exercise any of these rights, email hello@pulsely.me.uk. We'll respond within 30 days.
6. Security
We use HTTPS everywhere. Licence-server admin access is restricted by HTTP Basic Auth and CSRF tokens. Webhook payloads from Paddle are verified using a signing secret. Database queries use prepared statements.
That said: no system is bulletproof. If we ever discover a breach affecting personal data, we will notify affected users and (where required) the relevant data-protection authority within 72 hours.
7. Children
Pulsely is a B2B product for website operators and is not directed at children under 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with data, please contact us and we will delete it.
8. Changes to this policy
We may update this policy. Material changes will be announced by email to your billing address and posted here with a new "last updated" date.
9. Contact
Privacy questions, requests to access/delete data, or concerns: hello@pulsely.me.uk.