Last updated: May 2026

Privacy Policy

1. Who we are

Competitive Pulse (“we”, “us”, “our”) is an AI-powered competitive intelligence service. Our service is available at competitivepulse.app.

We are the data controller for personal data processed through our service. Contact: privacy@competitivepulse.app

2. Data we collect

Account data

Name, email address, and hashed password (bcrypt, 12 rounds). We never store your password in plaintext.

Product context

Your product description, target audience, and differentiator — which you provide during onboarding. This is used exclusively to personalise your briefings.

Competitor data

URLs of competitor websites you choose to track. These are publicly accessible URLs.

Usage data

Briefing feedback scores (thumbs up/down), timezone, and email preferences.

Payment data

Payment is handled entirely by Stripe. We store only a Stripe customer ID and subscription status — never card numbers or payment details.

Audit logs

Security-relevant actions (logins, account changes, deletions) are logged with IP address, user agent, and timestamp. Retained for 90 days.

3. How we use your data

To deliver personalised competitive intelligence briefings to your inbox
To authenticate you and maintain your account
To process your subscription via Stripe
To improve briefing quality based on feedback scores
To detect and prevent abuse, fraud, and security incidents
If you opt in: to send product updates and tips

We do not sell your data. We do not use it for advertising. We do not share it with third parties except as described in section 4.

4. Sub-processors

Service	Purpose	Location
Neon (PostgreSQL)	Database — account + briefing storage	Cloud (encrypted at rest)
Vercel	Hosting + CDN + serverless functions	Global edge network
Anthropic	AI briefing generation (no PII sent)	US (SCCs in place)
Stripe	Payment processing	US (SCCs in place)
Resend	Transactional email delivery	US (SCCs in place)

SCCs = Standard Contractual Clauses — a legal mechanism for international data transfers recognised by multiple regulatory frameworks including GDPR.

5. No PII sent to AI

When we generate your briefing, we send competitor website URLs and publicly available information to Anthropic’s Claude API. We never send your name, email, or any other personal information to Claude. Your product context (product description, audience, differentiator) is sent as anonymous context — it contains no personal identifiers.

6. Your rights (GDPR)

AccessDownload all data we hold about you — Settings → Export data

RectificationUpdate your name, timezone, and preferences in Settings

ErasureDelete your account (Settings → Delete account) — cascade deletion within 24 hours

PortabilityYour data export is in machine-readable JSON format

ObjectionOpt out of marketing emails at any time — unsubscribe link in every email

Withdraw consentCancel your subscription and delete your account at any time, no questions asked

To exercise any right not available in-app, email privacy@competitivepulse.app. We respond within 30 days.

7. Cookies

We use one essential cookie: a session cookie for authentication (HttpOnly, Secure, SameSite=Lax). We do not use tracking cookies or advertising cookies. We do not use Google Analytics or Facebook Pixel.

If we add analytics in future, we will use privacy-first tools (e.g. Plausible Analytics — GDPR-compliant, no cookies, no personal data).

8. Data retention

Account data: retained while your account is active
Briefings: 12 months
Audit logs: 90 days
Cancelled accounts: hard deleted 30 days after cancellation
Stripe data: governed by Stripe’s retention policy

9. Security

All data is encrypted at rest (AES-256, Neon default) and in transit (TLS 1.3). Passwords are hashed with bcrypt (12 rounds). We enforce HTTPS, HSTS, and security headers on all pages. We conduct regular security reviews.

10. Changes to this policy

We will notify you by email at least 14 days before any material change to this policy. Minor clarifications may be made without notice.