Privacy Policy

BePulse AI is operated by Beunorthodox Branding. For privacy inquiries, contact us at contact@bepulse.ai.

We collect the following categories of data:

• Account information — name, email address, and password (hashed) when you create an account.
• Instagram data — when you connect your Instagram Business account, we store your Instagram user ID, username, follower count, and a long-lived access token issued by Meta. We use this to fetch reach, impressions, and profile views on your behalf.
• Shopify data — when you connect your Shopify store, we store your shop domain, a permanent access token, and order/product data fetched from the Shopify Admin API.
• AI chat history — messages you send to and receive from our AI assistant are stored so you can review past conversations.
• Weekly revenue plans — AI-generated plans tied to your account are stored so you can retrieve them later.
• Usage data — standard server logs including IP address, browser type, and pages visited, retained for up to 30 days.

Your data is used exclusively to deliver and improve the BePulse AI service:

• Displaying your platform metrics in the dashboard.
• Generating AI-powered insights, recommendations, and weekly revenue plans using aggregated business data.
• Sending your weekly plan to your email if you opt in.
• Authenticating your account and keeping it secure.
• Responding to support requests and data deletion inquiries.

We do not sell your data, use it for advertising, or share it with third parties except as described in Section 4.

To deliver the platform, we share data with the following trusted third-party providers:

• Supabase— our database and authentication provider. All data is stored in Supabase’s hosted PostgreSQL infrastructure with encryption at rest.
• Anthropic — powers our AI assistant and recommendation engine (Claude API). Your business data is sent to Anthropic only when you actively request an AI insight or plan. Anthropic does not train on your data by default under its API terms.
• Vercel — our hosting provider. They process request data as part of serving the application.
• Meta / Instagram — we connect to Meta's Graph API using permissions you grant. We only request the minimum permissions required to display your Instagram metrics.
• Shopify — we connect to Shopify's Admin API using an offline access token you authorize during the OAuth flow.
• Resend — used to deliver transactional emails (weekly plans, notifications). Your email address is shared with Resend only to send these messages.

We retain your data for as long as your account is active. If you delete your account or submit a data deletion request, we will delete your personal data within 30 days, except where we are required to retain it by law.

Third-party integrations (Instagram, Shopify) may retain data independently per their own privacy policies. Revoking BePulse’s access in those platforms will prevent future data collection.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your account and all associated data.
• Withdraw consent for data processing at any time by disconnecting integrations.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at contact@bepulse.ai or use our data deletion request form.

BePulse AI uses session cookies for authentication (managed by Supabase) and a small number of short-lived cookies during the OAuth flow for Instagram and Shopify. We do not use tracking cookies or third-party advertising cookies.

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, row-level security on all database tables, and environment-isolated API keys. No system is 100% secure — if you discover a vulnerability please contact us immediately.

BePulse AI is not intended for users under the age of 16. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. Continued use of BePulse AI after changes constitutes acceptance of the updated policy. For material changes, we will notify users by email.

For any privacy-related questions, requests, or concerns: