● PULSEBAR · PRIVACY

Privacy Policy

Last updated: May 18, 2026

What we collect

When you sign up, we collect your name and email address from Google or GitHub OAuth. We use this to identify you and let you sign back in.

When you connect a data source (GitHub, Stripe, Beehiiv), we store an OAuth access token from that platform. We use this token only to read your stats (stars, MRR, subscribers, etc.) — never to write or modify anything in your account.

We do not collect passwords, credit card information (handled by Lemon Squeezy), or any data not related to displaying your banner.

How we use your data

We use your data to:

  • Show you the PulseBar dashboard
  • Render your banner with your latest stats
  • Process payments (via Lemon Squeezy)
  • Send service emails (login confirmations, billing receipts)

We do not sell your data. We do not share it with third parties for marketing or any other purpose.

Third-party services we use

  • Supabase (database and authentication)
  • Vercel (hosting)
  • Lemon Squeezy (payment processing — they handle all billing data)
  • PostHog (product analytics, anonymized)
  • Resend (transactional email)
  • GitHub, Stripe, Beehiiv (only for users who connect these)

Each of these services has their own privacy policies. We only share the minimum data needed for them to function.

Your rights

You can:

  • Export your data (email us at hello@pulsebar.io)
  • Delete your account (Settings → Delete account)
  • Disconnect any integration at any time
  • Update your email by signing in with a different provider

Account deletion is permanent and removes all your data within 30 days.

Data retention

We keep your data while your account is active. If you delete your account, we remove your data within 30 days. Some data may be retained for legal compliance (tax records via Lemon Squeezy).

Cookies

We use cookies to keep you signed in and to remember your preferences. We use PostHog for product analytics, which uses cookies to track anonymized usage patterns. We do not use advertising cookies.

Security

Your data is encrypted in transit (HTTPS) and at rest (Supabase encrypts the database). OAuth tokens are stored securely and only accessible by our server. We never expose tokens to the browser.

Children

PulseBar is not for children under 13. We do not knowingly collect data from anyone under 13.

Changes to this policy

We may update this policy from time to time. If we make significant changes, we'll notify you by email. The "last updated" date at the top of this page will always reflect the latest version.

Contact

Questions about your privacy? Email hello@pulsebar.io.