Privacy Policy

Last updated: March 4, 2026

1. Introduction

PulseCard ("we", "us", "our") provides agent performance scorecard software that integrates with Zendesk. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

Account Information

When you sign up, we collect your email address and create an account via our authentication provider (Supabase Auth).

Zendesk Data

When you connect your Zendesk account via OAuth, we access the following read-only data:

• Agent profiles (name, email, role, avatar)
• Ticket metadata (counts, timestamps, resolution times — no ticket content or customer PII)
• Satisfaction ratings (CSAT scores)
• SLA compliance data

We do not read ticket bodies, customer names, customer emails, or any end-user personal data from Zendesk.

Organization Data

You provide your organization name and configure scorecard templates, metrics, and team structure within PulseCard.

3. How We Use Your Information

• To generate agent performance scorecards and insights
• To sync metrics from your Zendesk account on a schedule you control
• To send scorecard email reports (if you enable this feature)
• To provide customer support

4. Data Storage and Security

• All data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) policies ensuring tenant isolation
• Zendesk OAuth tokens are encrypted at rest using AES-256-GCM
• All connections use HTTPS/TLS encryption in transit
• We use security headers (CSP, HSTS, X-Frame-Options) to protect against common web attacks
• API endpoints require authentication and validate all inputs

5. Data Sharing

We do not sell, rent, or share your data with third parties. Your data is only accessible to members of your organization within PulseCard. We use the following service providers to operate:

• Supabase — database and authentication
• Vercel — application hosting
• Resend — email delivery (if scorecard emails are enabled)

6. Data Retention

We retain your data for as long as your account is active. You can request deletion of all your organization's data at any time (see Section 8).

7. Zendesk Marketplace Compliance

PulseCard complies with Zendesk's Marketplace Developer Agreement. We only request the minimum OAuth scopes needed (read, tickets:read, users:read) and never write to or modify your Zendesk data.

8. Your Rights (GDPR)

You have the right to:

• Access — Export all data we store about your organization
• Delete — Permanently delete all your organization's data
• Portability — Receive your data in a machine-readable JSON format
• Disconnect — Revoke Zendesk access at any time from Settings

To exercise these rights, use the data export and deletion features in your PulseCard settings, or contact us at the email below.

9. Cookies

We use only essential cookies for authentication session management. We do not use tracking cookies, analytics cookies, or advertising cookies.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice.

11. Contact

For privacy-related questions, contact us at: arpitsrao@outlook.com