ProfitPulse← Back to Home

Privacy Policy

Last updated: May 2026

At ProfitPulse, we take your privacy seriously. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have. ProfitPulse is operated by Fusion 4 Business ("Company," "we," "us," or "our"), a company registered in Bermuda.

By using ProfitPulse at myprofitpulse.app, you agree to the practices described in this policy. If you don't agree, please don't use the Service.

We've written this in plain English. Jurisdiction-specific rights (EU, UK, California, Bermuda, other US states) appear in sections 11 through 14.

1. What Data We Collect

We collect the following types of information:

Account Information

  • Your name and email address
  • Business name and industry
  • Password (stored securely using one-way hashing—we can never see it)

Financial Data

  • Revenue, expenses, profit, and cash flow figures
  • Assets, liabilities, and accounts receivable
  • Any other financial data you upload via spreadsheets or import from QuickBooks

This data is provided voluntarily by you and is used solely to power your dashboard, health score, AI insights, and scenario analysis. We classify financial account information as "sensitive personal information" under applicable privacy laws and handle it accordingly (see § 12 for California-specific rights).

Payment Information

When you subscribe, your payment card details are collected and processed directly by Authorize.net, our PCI DSS Level 1-compliant payment processor. Your card data never touches our servers. We only receive a transaction confirmation and a token for recurring billing.

QuickBooks Integration (Optional)

If you connect QuickBooks Online, we receive financial data (transactions, balances, P&L figures) from your QuickBooks account via Intuit's authorized OAuth flow. This data is treated identically to data you upload manually and is never shared with Intuit beyond what's required to maintain the connection.

Usage Data

  • Pages visited and features used within ProfitPulse
  • Browser type, device type, and operating system
  • IP address and approximate location (country level)
  • Session timestamps

2. How We Use Your Data

We use your data for the following purposes:

  • Providing the Service. Generating your financial health score, dashboard insights, scenario analysis, and AI-powered recommendations.
  • Account Management. Authenticating your identity, managing your subscription, and processing payments.
  • Communications. Sending transactional emails (password resets, billing confirmations, security notices) and, if you opt in, weekly financial summary emails and product updates.
  • Improving the Service. Understanding how ProfitPulse is used so we can fix bugs, improve features, and build a better product. Aggregate analytics only — never your specific financial figures.
  • Security. Detecting and preventing fraud, abuse, unauthorized access, and other security threats.
  • Legal compliance. Complying with applicable laws, regulations, court orders, and lawful requests from regulators.

3. AI Processing and Automated Decision-Making

ProfitPulse uses artificial intelligence (AI) to extract financial data from your uploaded spreadsheets and to generate insights, health scores, and scenario projections.

How the AI works (at a high level). When you upload data or open your dashboard, your numbers are sent to language-model APIs (currently OpenAI and Anthropic, accessed through the InsForge AI Gateway). The models generate a written summary, a numerical health score, and recommendations based on the inputs you provided.

Important things to know about our AI processing:

  • AI processes your data solely to provide results to you. Output is not shared with or visible to other users.
  • Your financial data is not used to train or improve AI models. It is processed on-demand under zero-data-retention agreements with our AI providers and is not retained by the AI system beyond what's needed to generate your immediate results.
  • AI-generated insights are analytical tools, not financial advice. AI can produce inaccurate or incomplete results. Always verify before acting and consult a qualified professional for significant financial decisions.
  • The health score is informational, not consequential. We never use it to deny you service, deny credit, or make legal/significant decisions about you. You retain full control over what you do with the insights we surface.
  • If you're an EU/UK resident and would like a human review of any automated output, see § 11.

4. Third-Party Services (Sub-Processors)

We work with a small number of trusted third-party providers to deliver the Service. Each provider processes data only as needed to provide its specific service and is bound by data-protection terms.

Authorize.net

Payment processing. PCI DSS Level 1 compliant. Handles all credit-card transactions securely. We never store your card details.

InsForge

Backend-as-a-Service. Provides our database, authentication, and AI gateway infrastructure. Your data is stored encrypted in InsForge's managed environment.

OpenAI & Anthropic (via InsForge AI Gateway)

AI language model providers. Used to generate insights, summaries, and scenario analysis from your data. Operate under zero-data-retention agreements — your data is not used to train models and is not retained beyond the request.

Intuit / QuickBooks (optional)

Used only if you choose to connect your QuickBooks Online account. We receive read access to your accounting data via Intuit's OAuth API. You can disconnect at any time from Settings.

Resend

Email delivery service. Used to send transactional emails (account verification, password resets, billing notifications) and optional weekly summary emails.

Vercel

Application hosting and content delivery. Handles incoming web traffic and serves the application securely over HTTPS.

We do not sell or rent your personal information to any third party.

5. Data Security and Breach Notification

We take reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest for stored data
  • Secure password hashing (your password is never stored in plain text)
  • PCI DSS-compliant payment processing via Authorize.net
  • Regular security reviews of our infrastructure
  • Role-based access controls for our team

No system is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you and the relevant regulators within the timeframes required by law:

  • EU/UK users: within 72 hours of awareness (GDPR Article 33)
  • Bermuda residents: without undue delay, consistent with PIPA
  • California residents: as required by California breach notification law

6. Data Retention

We retain your data as follows:

  • Active accounts: Your data is retained for as long as your account is active and your subscription is current.
  • After cancellation: If you cancel your subscription, your data is retained for 30 days in case you decide to resubscribe. After 30 days, financial data is deleted from our active systems.
  • Account deletion: When you delete your account from Settings, we delete your personal information and financial data within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.
  • Billing records: Transaction records may be retained for up to 7 years as required by applicable financial regulations.
  • Backups: Encrypted backups may persist for up to 90 days beyond active-system deletion before being overwritten in normal backup rotation.

7. Your Rights

Regardless of where you live, you have the following rights regarding your data:

  • Access. You can view all your personal and financial data within ProfitPulse at any time through your dashboard and Settings page.
  • Correction. You can update your account information and re-upload corrected financial data at any time.
  • Deletion. You can delete your account from the Settings page. This initiates removal of your data as described in the Data Retention section.
  • Export. You can request a copy of your data by contacting us at hello@myprofitpulse.app. We'll provide your data in a portable format (CSV or JSON) within 30 days.
  • Opt Out of Emails. You can unsubscribe from weekly summary and product-update emails at any time from Settings. Transactional emails (billing, security) will continue as long as your account is active.

Region-specific rights below (EU/UK, California, other US states, Bermuda) extend these baseline rights.

8. Cookies

We use minimal cookies—only what's necessary to keep the Service working:

  • Session cookies: Used to keep you logged in during your browser session.
  • Authentication tokens: Stored securely to maintain your logged-in state across visits.

We do not use third-party advertising cookies, social-media cookies, or cross-site tracking. We do not participate in ad networks. Because we use only strictly necessary cookies, a cookie consent banner is not required under the EU ePrivacy Directive.

9. Children's Privacy

ProfitPulse is a business tool designed for adults. The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If we learn that we've collected data from someone under 18, we will delete that information promptly. ProfitPulse is not directed to children under 13, and we comply with COPPA by not knowingly collecting from anyone under that age.

10. International Data Transfers

Fusion 4 Business is based in Bermuda. Our service providers process data in other jurisdictions, including the United States and the European Union. By using ProfitPulse, you consent to your data being transferred to and processed in these locations.

For EU and UK users: Bermuda has been recognized by the European Commission as providing an adequate level of data protection (since 2008), so transfers from the EU to Bermuda do not require additional safeguards. The UK has confirmed equivalent adequacy.

Where data is transferred to providers outside Bermuda (e.g., US-based sub-processors), we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms as appropriate.

11. For Users in the EU, UK, and EEA (GDPR / UK GDPR)

If you're located in the European Union, European Economic Area, or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR:

  • Legal Basis. We process your data based on:
    • Performance of contract — providing the Service you signed up for (covers account, financial-data processing, billing).
    • Consent — for optional weekly summary emails and product updates (you can withdraw at any time in Settings).
    • Legitimate interests — for fraud prevention, security monitoring, and product improvement using aggregate analytics.
    • Legal obligation — for retention of billing records and response to lawful regulatory requests.
  • Right to Object to Automated Decision-Making (Article 22). ProfitPulse uses AI to generate a financial health score and recommendations. While we have designed these to be informational and non-binding (we never use them to deny service or take adverse action), you have the right to request human review of any automated output by contacting us. We will arrange a human review within 30 days.
  • Right to Restrict Processing. You can request that we limit how we use your data.
  • Right to Data Portability. You can request a machine-readable copy of your data (CSV/JSON).
  • Right to Object. You can object to data processing based on our legitimate interests.
  • Right to Withdraw Consent. Where processing is based on consent (e.g., marketing emails), you can withdraw at any time without affecting prior lawful processing.
  • Right to Lodge a Complaint. You can file a complaint with your local data protection authority. In the UK, that's the Information Commissioner's Office (ICO).

To exercise any of these rights, contact us at hello@myprofitpulse.app. We'll respond within 30 days (extendable to 90 days for complex requests, with notice).

12. For California Residents (CCPA / CPRA)

If you're a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you specific rights. The regulations effective January 1, 2026 expand these.

Sensitive Personal Information

We collect financial account information, which qualifies as "Sensitive Personal Information" (SPI) under the CPRA. We use SPI only for the purpose of providing the Service you signed up for (powering your dashboard, scoring, scenarios, and AI insights). We do not use SPI for inferences about your character, behavior, preferences, or for advertising. Because we limit SPI use to providing the requested service, we are not required to display a "Limit the Use of My Sensitive Personal Information" link — but the right itself is yours and you can exercise it by contacting us.

Your California Privacy Rights

  • Right to Know. You can request details about what personal information we've collected, used, disclosed, sold, or shared in the prior 12 months.
  • Right to Delete. You can request deletion of your personal information (available via Settings or by contacting us).
  • Right to Correct. You can request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing. We do not sell your personal information and we do not share it for cross-context behavioral advertising. There is nothing to opt out of, but if our practices ever change we'll provide the required mechanism.
  • Right to Limit SPI Use. See above.
  • Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise these rights, contact hello@myprofitpulse.app. We verify identity using the email address on your account before fulfilling requests involving sensitive data.

13. Other US State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Texas (TDPSA) have similar rights to those described in § 12 — including access, correction, deletion, portability, and opt-out of certain processing. To exercise these rights, contact us at the email above. We comply with applicable state-law response timelines (typically 45 days, extendable to 90 with notice).

We do not engage in "targeted advertising," "sale," or "profiling for legal/significant decisions" as defined under these laws.

14. For Bermuda Residents (PIPA)

The Bermuda Personal Information Protection Act 2016 (PIPA) came into full force on January 1, 2025. As a Bermuda-based controller, we comply with PIPA for all individuals whose personal information we process. PIPA gives you the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Request that processing be restricted in certain circumstances
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Bermuda Office of the Privacy Commissioner

Privacy Commissioner contact: privacy.bm. You can also reach us at hello@myprofitpulse.app.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we'll notify you by email and through the Service at least 14 days before the changes take effect.

The "Last updated" date at the top of this page indicates when this policy was last revised. We encourage you to review it periodically.

16. Contact Us

If you have questions about this Privacy Policy or how we handle your data, reach out to us:

Fusion 4 Business

Bermuda

Email: hello@myprofitpulse.app

For data-related requests (access, deletion, export, correction), please include "Data Request" in your email subject line so we can prioritize your inquiry. We respond within the timeframes required by your applicable jurisdiction (typically 30 days under GDPR/PIPA, 45 days under CCPA).