Loading
Effective date · 2 June 2026
This page summarises the rights you can exercise over the personal data PulseSignal holds about you, and how to exercise them. It applies whether you are a PulseSignal user (you have an account) or a third party whose data appears in our system because we mirrored a public source (for example, a director record from a corporate registry).
We honour these rights for everyone, regardless of jurisdiction, even where local law does not require it. Where your jurisdiction provides stronger rights or shorter timelines than what is listed here, those local rules apply.
| Right | What it means | Laws | How to exercise | Timeline |
|---|---|---|---|---|
| Access (Subject Access Request) | Receive a copy of the personal data we hold about you, including the sources, purposes, recipients, retention windows, and the categories of automated processing involved. | GDPR Art 15 · UK GDPR · CCPA § 1798.110/.115 · LGPD Art 18(II) · PIPEDA Principle 9 · DPDP § 11 · PDPA s.21 · Privacy Act APP 12 | Email privacy@pulsesignal.co from the address on your account, or use the in-product Export my data button in Settings → Privacy. | 30 days (GDPR/DPDP/PIPEDA) · 45 days (CCPA) · 15 days (LGPD) |
| Correction (rectification) | Have inaccurate personal data corrected, and incomplete data completed. | GDPR Art 16 · CCPA § 1798.106 · LGPD Art 18(III) · PIPEDA Principle 9 · DPDP § 12 · PDPA s.22 | Edit your profile from Settings → Account. For records about you that you do not control (for example, an officer record mirrored from a public registry), email privacy@pulsesignal.co with the correct value and a source that supports it. | 30 days |
| Erasure (deletion / right to be forgotten) | Have personal data we hold about you deleted, subject to limited exceptions (statutory public-registry mirroring; defence of legal claims; freedom of expression). | GDPR Art 17 · CCPA § 1798.105 · LGPD Art 18(VI) · PIPEDA Principle 4.5 · DPDP § 12 · PDPA s.25 | Submit the structured form at /privacy/erasure-request or email privacy@pulsesignal.co. | 30 days (GDPR/DPDP) · 45 days (CCPA) · 15 days (LGPD) |
| Portability | Receive a copy of personal data you have provided to us in a structured, commonly used, machine-readable format (we use JSON), and the right to have it sent directly to another controller where technically feasible. | GDPR Art 20 · CCPA § 1798.130(a)(3)(B)(iii) · LGPD Art 18(V) | Use Settings → Privacy → Export my data, or email privacy@pulsesignal.co. | 30 days |
| Restriction of processing | Pause our processing of your personal data in defined circumstances (contested accuracy, unlawful processing, you object pending balancing test). | GDPR Art 18 · LGPD Art 18(IV) | Email privacy@pulsesignal.co with the records and the reason. We mark the record “restricted” in the database, which means we will not process it further beyond storage (and any processing required to defend legal claims) until the issue is resolved. | 30 days |
| Objection | Object to processing based on our legitimate interests, including objection to direct marketing (which we will honour unconditionally). | GDPR Art 21 · LGPD Art 18(IX) | Email privacy@pulsesignal.co and describe the records and the grounds. For marketing, you can also click the unsubscribe link in any email. | 30 days |
| Withdraw consent | Withdraw any consent you previously gave, at any time, without affecting the lawfulness of processing before the withdrawal. | GDPR Art 7(3) · LGPD Art 8 § 5 · DPDP § 6(4) · PDPA s.16 | Use the cookie banner controls for cookie consent (see /privacy/cookies), or email privacy@pulsesignal.co for any other consent. | Immediate |
| Opt out of sale or share (US state laws) | Direct us not to “sell” or “share” personal information for cross-context behavioural advertising. We do not sell or share, and the GPC signal is honoured. | CCPA / CPRA § 1798.120 · VCDPA · CPA · CTDPA · UCPA · TDPSA · OCPA · others | Send a GPC signal from your browser (we auto-respect it), or email privacy@pulsesignal.co. Because we do not engage in “sale” or “share,” the opt-out is already effective for you by default. | Immediate |
| Limit use of Sensitive Personal Information | Direct us to use Sensitive PI only for the purposes specifically allowed by CCPA § 1798.121(a). Not applicable to us in practice because we do not collect Sensitive PI. | CCPA § 1798.121 | Not applicable in practice; we do not collect CCPA-Sensitive PI. If you believe we hold any, email privacy@pulsesignal.co. | Immediate on receipt |
| No automated decision with legal effect | You will not be subject to a decision based solely on automated processing, including profiling, that produces a legal or similarly significant effect on you. Our automated processing (severity scoring, deduplication, LLM summarisation, similarity search) is operational metadata about companies, not decisions about people. | GDPR Art 22 · LGPD Art 20 · DPDP § 11(2)(b) · several US state laws | If you believe we have made such a decision about you, email privacy@pulsesignal.co and we will explain the logic, the significance, and the human-review path. | 30 days |
| Complain to a regulator | Lodge a complaint with the data-protection authority of your country of residence or place of the alleged infringement. | GDPR Art 77 · LGPD · DPDP · PIPEDA · PDPA · Privacy Act | See the regulator list on /privacy/regional. You do not need to contact us first, but we would appreciate the opportunity to fix the issue. | Set by the regulator |
We verify identity before acting on access, deletion, portability, or correction requests so that we do not hand over personal data to an impersonator. For requests sent from the email on your PulseSignal account we match the inbound address against our records; that is usually enough. For requests from a different address, requests about an officer record where you are not the account holder, or requests by an authorised agent, we may ask for one or more of: a signed declaration, government-issued ID number plus a redacted copy of the supporting document, or a copy of the written authorisation. We will tell you in writing what we need and why, and we will destroy any identity evidence after the request is closed (and after any retention period required by law for our defence of legal claims).
You may designate an authorised agent in writing to make a request on your behalf. We verify the agent’s authorisation by reviewing the written designation. A parent or guardian may submit a request on behalf of a minor child by providing proof of the parental/guardianship relationship.
We may decline or charge a reasonable fee for requests that are manifestly unfounded or excessive (for example, repetitive identical requests). We may also decline the parts of an erasure request that conflict with: (a) a statutory public registry whose record we are required to mirror (we will redact our copy, and the upstream record will remain public on the registry’s own site), (b) defence of legal claims, (c) compliance with another legal obligation, or (d) freedom of expression and information. Where we decline, we tell you in writing within the standard timeline and explain the next steps, including the right to appeal and the right to complain to a regulator.
If we decline or partly decline your request, you can appeal by replying to our response email within 60 days. A second reviewer (not the original handler) will look at the request afresh and respond within 30 days. The appeal is free. You also have an independent right to complain to your regulator at any time; see /privacy/regional.
We cannot edit or delete records on a primary public registry (UK Companies House, SEC EDGAR, MCA India, etc.). Those records sit with the registry and you must contact the registry directly to ask for redaction or removal there. We can, and on a valid request will, delete our mirror of the record and tombstone it so subsequent ingests do not resurrect it. We cannot guarantee that other downstream re-publishers of the same registry data will follow suit.
Primary contact for any rights request: privacy@pulsesignal.co.
Erasure flow: /privacy/erasure-request.
Regional regulators: /privacy/regional.
Security disclosures: security@pulsesignal.co.