What we do with your data.

Pulse is a digital health companion. You give us health signals (a selfie reading, a voice journal, an ambient air-quality context). We give you back a structured record you control. The record is cryptographically signed at the moment of capture so a clinician you choose to share it with can verify it has not been altered. We do not sell health data. We do not share it with advertisers. We do not train models on your identifiable readings.

Pulse is operated by Aqta Technologies Limited, a company registered in Dublin, Ireland. For data-protection purposes we are the controller of the personal data you provide when using Pulse. You can reach our team at hello@aqta.ai.

We collect only what we need to run the service:

• Account information: email, display name, preferred language. From sign-in via Firebase Auth or Google.
• Health readings (special category): selfie video frames processed locally on your device for rPPG, the extracted heart-rate estimate, voice-journal transcript and structured symptom data, ambient air-quality context from your approximate location.
• Family timeline links: the family-member entries you create and any health records you attach.
• Device and diagnostic: device type, OS, app version, crash logs. We do not link these to your readings for analysis.

We do not collect: continuous location, contacts, photos other than those you submit, third-party social profile data, browsing history outside the Pulse app, or advertising identifiers.

Under Article 9 of the EU GDPR, your health data is special category data and requires explicit consent before processing. When you first record a reading we ask you to opt in to processing health data for the specific purpose of generating a Pulse Record. You can withdraw consent at any time from the Settings screen, which deletes all stored health data within 30 days.

• On your device: the selfie video is processed locally; raw video frames never leave your phone. Only the extracted heart-rate estimate is transmitted.
• On Google Cloud (EU region): we store your account, family timeline, and signed Pulse Records in Firestore (europe-west1). Voice journal audio is processed by Vertex AI Gemini Live within the same EU region.
• Signing: each Pulse Record is signed with an Ed25519 keypair held in Google Secret Manager. The signature travels with the record so any clinician can verify it.
• No model training on your data: we do not use your identifiable readings to train AI models. Aggregated, anonymised statistics may be used to improve the service.

We do not sell or share your health data with advertisers or third parties for marketing. We do share data only with the following processors, under data-processing agreements:

• Google Cloud (Vertex AI, Firestore, Cloud Run, Secret Manager) for hosting and AI inference
• Firebase Authentication for sign-in
• Stripe or Revolut for payment processing (only billing data, never health data)
• Anyone you explicitly choose to share a Pulse Record with via a share link or QR code

Pulse data is stored in EU regions by default (europe-west1). When users in the Thai pilot opt in, data is stored in asia-southeast1. Cross-region transfers happen only when you explicitly share a Pulse Record with a recipient in another region.

• Account information: while your account is active, plus 90 days after deletion to handle disputes.
• Health readings: until you delete them or close your account; deleted within 30 days of either.
• Anonymised aggregate statistics: indefinitely, with no link back to you.
• Payment records: 7 years, as required by Irish tax law.

Under GDPR you have the right to:

• Access your data and receive a copy in a portable format (FHIR R4 export available)
• Correct inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Withdraw consent at any time
• Lodge a complaint with the Irish Data Protection Commission (dataprotection.ie)

To exercise any of these, email hello@aqta.ai. We respond within 30 days.

Pulse is not designed for use by children under 16 without parental supervision. If you are a parent or guardian managing a Pulse profile for a child, you accept these terms on the child's behalf and are responsible for the data you record.

If we change how we handle data we will update this page and, for material changes, notify you in the app at least 30 days before the change takes effect.