In brief
- On the website www.pulsar-si.com: we only collect the information you send us via the contact form (name, email, message). No tracking cookies, no advertising trackers.
- In the Pulsar mobile app (iOS / Android), free tier only: ads provided by Google AdMob are displayed to fund the service. No ads for Pro / Starter / Professional / Enterprise users, and none on the web (PWA).
- Our typography on the website is hosted on our own servers — no transfer to Google Fonts during your visit.
- Hosted in France (OVHcloud). Non-EU processors: SendGrid (email) and Google Ireland Limited (mobile ads), framed by Standard Contractual Clauses.
- You can exercise your GDPR rights by emailing hello@pulsar-si.com. We reply within one month maximum.
Privacy policy
This policy describes the personal data that PULSAR Space Intelligence SAS (“PULSAR”, “we”) collects when you use:
- the website www.pulsar-si.com (the “Site”);
- the Pulsar mobile app distributed on the App Store (iOS) and Google Play (Android), and the web (PWA) version accessible from a browser (the “App”).
It explains how and why we use this data, who it is shared with, how long it is kept, and the rights you have under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the amended French Data Protection Act no. 78-17.
We apply a principle of data minimisation: we only collect what is strictly necessary to operate the Site and the App, nothing more. The Site does not sell your data, does not use advertising trackers and does not carry out any profiling. The mobile App, in its free tier only, integrates ads provided by Google AdMob to fund the service; the precise terms are described in a dedicated section below.
Data controller
The controller of the personal data collected through the Site is:
PULSAR Space Intelligence SAS 5 rue Gazan, 06130 Grasse, France SIREN: 988 868 808 — RCS Grasse
Single point of contact for all questions relating to your data: hello@pulsar-si.com (use “GDPR” as subject line for priority handling)
At its current stage of development, PULSAR Space Intelligence is not subject to the obligation to designate a Data Protection Officer (DPO) under article 37 of the GDPR. The President personally acts as point of contact for data-protection matters.
Data we collect
Through the contact form
When you fill in the contact form on the Site, we collect the information you voluntarily provide:
- Name (or identifier you wish to be addressed by)
- Email address (needed to reply to you)
- Organisation (if applicable, if you provide it)
- Content of your message
- Date and time of submission
Technical data related to browsing
When you visit the Site, our hosting provider (OVHcloud) automatically records technical logs for security, diagnostics and abuse-prevention purposes, containing:
- IP address of the connection
- User agent (browser and operating system type, as declared by the browser)
- Page visited, date and time
- HTTP response code and amount of data transferred
These logs are not used for profiling and are not cross-referenced with other sources to identify you.
What we do not collect (on the Site)
- No advertising or marketing tracking cookies.
- No third-party trackers (no Google Analytics, Meta Pixel, LinkedIn Insight Tag, Hotjar, etc.).
- No behavioural analytics (no heatmaps, no session recording).
- No font-based data leakage — the Cabin typeface is served from our own servers; no request is made to fonts.googleapis.com or fonts.gstatic.com.
- No geolocation beyond the coarse country-level information that can be derived from the IP address in technical logs.
Data collected by the Pulsar mobile App (iOS / Android / PWA)
The Pulsar App is a separate service from the Site, subject to the same minimisation principles and the same GDPR rights, but its processing differs by nature (user account, subscription, geolocation, push alerts, and — for the free tier on native mobile only — advertising).
Data we collect
- User account: email address and password (hashed with bcrypt, never stored in clear text).
- Subscription: status (free, starter, pro, professional, enterprise), Stripe customer ID (no banking data ever transits our servers).
- Geographic location: coordinates entered manually or obtained via the device GPS (with your explicit iOS/Android consent), stored locally on the device and in our database only if you create a custom alert rule.
- Push notifications: technical endpoint (Apple Push, Google FCM or Web Push), only if you enable alerts.
- Advertising data (free users, native mobile app only): device advertising identifier (IDFA on iOS, AAID on Android), IP address, ad interactions (impressions, clicks), device model, OS version, language. This data is collected and processed by Google AdMob (Google Ireland Limited) to display interstitial ads. No ads are displayed for Pro / Starter / Professional / Enterprise users, nor on the web (PWA) version.
Ads on the free tier of the mobile app
The free tier of the Pulsar mobile app (iOS and Android) displays full-screen interstitial ads provided by Google AdMob (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). These ads are the main source of revenue allowing us to keep the basic service free of charge.
Display frequency: at most 5 ads per session, with a minimum delay of 90 seconds between two displays, and never on critical screens (authentication, payment, onboarding).
Consent mechanisms:
- On iOS (from iOS 14.5): at first launch, the operating system displays the App Tracking Transparency (ATT) prompt. If you accept, the advertising identifier (IDFA) is shared with Google AdMob to serve personalised ads. If you decline, you will still see ads, but non-personalised ones (the revenue per ad is lower but remains essential to the free service business model). You can change your choice at any time in iOS Settings → Privacy & Security → Tracking.
- In the European Economic Area, the United Kingdom and Switzerland: a Google consent form (UMP, User Messaging Platform) is shown at first launch to collect your agreement on processing purposes (personalised ads, audience measurement). You can re-open it at any time from the app settings.
- Outside EU / EEA / UK / Switzerland: no UMP form is shown by default, in line with Google’s standard practice.
Google AdMob policy: policies.google.com/privacy. To manage your global Google ad preferences: adssettings.google.com.
How to remove ads: subscribe to a paid Pulsar plan (Starter, Pro, Professional or Enterprise). No ads are displayed for paid users.
What the App does not collect
- No third-party behavioural analytics on other app usage (no Google Analytics, no Firebase Analytics, no Mixpanel, etc.).
- No microphone listening, no camera access without explicit action on your part (the camera is only used in Aurora Hunter mode, on manual action).
- No reading of your address book, photos or messages.
Purposes and legal bases
Each processing activity relies on a specific legal basis under article 6 of the GDPR:
| Processing | Purpose | Legal basis (GDPR art. 6) |
|---|---|---|
| Contact-form data | Reply to your request, follow up commercially or institutionally if relevant | Pre-contractual measures taken at your request (art. 6-1-b) or consent (art. 6-1-a) |
| Technical logs | Site security, abuse detection, incident diagnostics | Legitimate interest in protecting our systems (art. 6-1-f) |
| Delivering the Site | Displaying requested pages and resources | Legitimate interest in providing the service (art. 6-1-f) |
| App account and subscription | Authentication, subscription management, access to paid features | Performance of the contract (art. 6-1-b) |
| Geolocation and alerts | Provide personalised forecasts and alerts | Explicit consent via iOS / Android permissions (art. 6-1-a) |
| Push notifications | Send the alerts you have subscribed to | Consent at the time of activation (art. 6-1-a) |
| Personalised ads (free mobile app) | Funding the free service, ad audience measurement | Consent collected via ATT (iOS) and UMP form (EU/UK/CH) (art. 6-1-a) |
| Non-personalised ads (free mobile app) | Funding the free service when the user has declined tracking | Legitimate interest in the free-service business model (art. 6-1-f) |
Recipients and processors
Your data is never sold, rented or transferred to third parties for commercial purposes. It may be accessed by the following categories:
- PULSAR team — access is limited to staff handling commercial, institutional or technical follow-up, on a need-to-know basis.
- Technical processors listed below, acting on our instructions under a contract compliant with article 28 of the GDPR.
Processors
| Provider | Role | Location | Transfer basis |
|---|---|---|---|
| OVH SAS | Site hosting, App API hosting, and technical log storage | France (EU) | No non-EU transfer |
| Stripe Payments Europe Ltd. | Processing of subscription payments to the App | Ireland (EU) with sub-processors in the United States | Standard Contractual Clauses + EU-US Data Privacy Framework certification |
| Google Ireland Limited (Google AdMob) | Display of ads on the free tier of the mobile app (iOS / Android); ad audience measurement | Ireland (EU) with transfers to the United States | Standard Contractual Clauses + EU-US Data Privacy Framework certification — see policies.google.com/privacy |
| OpenWeather Ltd. | Cloud cover for App weather alerts (anonymised coordinates) | United Kingdom | Adequacy decision of the European Commission for the United Kingdom (28 June 2021) |
| Twilio SendGrid (Twilio Inc.) | Delivery of contact-form messages to our internal mailbox | United States | Standard Contractual Clauses of the European Commission + EU-US Data Privacy Framework certification |
No processor is authorised to use your data for any purpose other than performing the service entrusted.
Retention periods
| Data | Retention period |
|---|---|
| Messages received via the contact form | 12 months from the last exchange, then intermediate archiving if a commercial relationship is engaged |
| Email addresses of active prospects / partners | Duration of the relationship + 3 years from last contact |
| App user account | Until deletion by the user, or 3 years of inactivity |
| Billing data | 10 years from the close of the accounting year (legal requirement) |
| Push notification subscriptions | Deleted at termination or when the user disables them |
| Advertising data (IDFA / AAID, session identifiers, audience measurement) | Retained by Google AdMob in line with its own policy (typically 14 months maximum for ad measurement data) |
| Web-server and App API technical logs | 12 months maximum |
| Security / abuse-prevention logs | 12 months maximum |
After these periods, data is deleted or irreversibly anonymised.
Transfers outside the European Union
The Site and the App API are hosted in France. The majority of processing takes place within the European Union.
Several processors may, however, operate from or transfer data outside the EU:
- Twilio SendGrid (United States) — delivery of contact-form messages;
- Google Ireland Limited / Google LLC (United States for ad delivery) — display of ads on the free tier of the mobile app;
- Stripe (sub-processors in the United States) — processing of subscription payments.
These transfers are framed by:
- the Standard Contractual Clauses adopted by the European Commission (decision 2021/914/EU);
- the providers’ certification under the EU-US Data Privacy Framework;
- additional security measures (TLS in transit, encryption at rest).
You can ask for a copy of the contractual safeguards applied by emailing hello@pulsar-si.com.
Your rights
Under articles 15 to 22 of the GDPR and articles 49 et seq. of the French Data Protection Act, you have the following rights:
- Right of access — obtain confirmation that data concerning you is (or is not) being processed, and receive a copy.
- Right to rectification — have inaccurate or incomplete data corrected.
- Right to erasure (“right to be forgotten”) — ask for the deletion of your data in the cases provided by the GDPR.
- Right to restriction — ask for the temporary suspension of processing while a contestation is being examined.
- Right to object — object, on grounds relating to your particular situation, to processing based on legitimate interest.
- Right to data portability — receive your data in a structured, commonly used and machine-readable format.
- Right to withdraw your consent at any time, without affecting the lawfulness of processing already carried out.
- Right to set post-mortem directives on the fate of your data after your death (art. 85 of the French Data Protection Act).
How to exercise your rights
- Send your request to hello@pulsar-si.com (or by post to the registered office).
- Clearly state the right you wish to exercise and any information that helps us locate your data (for example, the email address you contacted us with).
- In case of reasonable doubt about your identity, we may ask for proof of identity.
- We reply within one month maximum from the receipt of the complete request, possibly extended by two months for complex requests (with prior notice).
Lodging a complaint with the CNIL
If, after contacting us, you believe that your rights are not being respected, you may lodge a complaint with the French data-protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL):
- Online: www.cnil.fr/en/plaintes
- By post: CNIL — 3 place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07, France
Cookies and local storage
On the Site (www.pulsar-si.com)
The Site sets no cookies for tracking, audience measurement or advertising purposes. No consent banner is therefore required under article 82 of the French Data Protection Act.
No third-party tracker (advertising network, social network, analytics tool) is loaded while you browse.
Your browser may locally store small strictly technical items (display preferences, navigation state) if you use certain features. These items remain on your device and are never sent to our servers.
In the mobile App
The App uses your device’s local storage (the equivalent of localStorage on the PWA version) to store your preferences (language, location, theme), your JWT session, the onboarding state, and — for free users on the native mobile app — your ad consent state and the internal counters for ad display frequency.
On the native mobile app (iOS / Android, free tier), the Google AdMob SDK may store technical identifiers locally for ad measurement and frequency capping. These identifiers are governed by Google’s policy (policies.google.com/privacy).
Security
We implement appropriate technical and organisational measures to protect your data against loss, alteration, unauthorised disclosure or unauthorised access, in particular:
- TLS encryption on all exchanges with the Site (HTTPS).
- Restricted access to data, limited to team members who need it as part of their duties.
- Strong authentication on administration accounts.
- Logging and periodic review of access.
- Encrypted backups hosted in France.
- Regular security updates of software components.
In case of a personal-data breach likely to create a risk to your rights and freedoms, we will notify the CNIL within 72 hours and, where applicable, inform you directly, in accordance with articles 33 and 34 of the GDPR.
Updates to this policy
This policy may evolve to reflect technical, functional or regulatory changes. The last-updated date and the version number are displayed at the top of the page.
In case of substantial changes, individuals actively in contact with us (prospects, partners) will be informed individually. A history of previous versions is available on request at hello@pulsar-si.com.
Contact
For any question relating to this policy or the processing of your personal data:
- Email: hello@pulsar-si.com (recommended subject line: “GDPR”)
- Post: PULSAR Space Intelligence SAS — 5 rue Gazan, 06130 Grasse, France
A question about this document?
Our team replies within one business day. For GDPR requests, please use the subject "GDPR".