1. Who We Are
PulseMed (“we”, “us”, “our”) runs the e-learning site at pulsemed.io.
Data Controller: PulseMed (business name).
Contact: privacy@pulsemed.io
2. What Data We Collect
Account: name, email.
Learning: courses enrolled, quiz attempts/scores, certificates, comments.
Payments: payment status/amount, Stripe transaction IDs, last 4 digits + card brand (we never see full card numbers).
Support: messages you send us (email/forms).
3. How We Use Your Data
Your data is used to: create/manage accounts, enrol you, deliver courses/quizzes, process payments, support you.
Improve & protect: diagnostics, security/fraud prevention, service analytics with minimal privacy impact.
Legal obligations: tax/audit and compliance.
Consent: non-essential cookies; optional marketing (if offered).
4. Payments
We use Stripe to process card, Apple Pay and Google Pay. Stripe acts as our processor. We receive confirmations (e.g., paid/failed) and limited card metadata (last 4 digits/brand). We do not store full card details.
5. Cookies & Tracking
Essential cookies: keep you logged in and run the site (WordPress/LearnPress).
Functional/performance: remember preferences; measure service health.
Payment cookies: set by Stripe to enable secure checkout/wallet buttons.
Analytics (if enabled): privacy-respecting settings where possible.
Non-essential cookies run only with your consent. Manage via your browser and (if shown) our cookie banner.
6. Sharing & Processors (We do not sell your data)
We do not sell or rent your personal data.
We share data only with providers needed to run PulseMed, under contracts that protect your data and limit use to our instructions
Hosting/DNS: our hosting provider NameCheap (stores site + database + email securely).
Payments: Stripe (payment processing).
Email/comms: NameCheap provide us with email services
7. International Transfers
Some providers may process data outside the UK/EEA (e.g., US). We use approved safeguards such as the UK Addendum to SCCs, EU SCCs, and where applicable the UK-US Data Bridge.
8. Retention
Account & course history: while your account is active. If you delete your account, we anonymise learning records where possible.
Orders/payments: typically 6 years (tax law).
Support tickets: up to 24 months after closure.
Logs/security: typically 12 months.
We may keep data longer if required by law or to resolve disputes.
9. Your Rights (UK GDPR)
You can request: access, correction, deletion, restriction, portability, and to object to certain processing. You can withdraw consent (e.g., marketing/cookies) at any time.
10. Security
We use HTTPS, access controls, least-privilege accounts, updates, and monitoring. No method is 100% secure, but we review and improve controls regularly.
11. Children
PulseMed is aimed at higher-education learners. If you believe a child’s data is held inappropriately, contact us and we’ll act promptly.
12. Changes to This Policy
We may update this policy and will change the “last updated” date. If changes are significant, we’ll notify you on the site or by email.
Last updated: 11 August 2025
Contact: privacy@pulsemed.io