Privacy Policy

HomeServicePulse, Inc. ("HSP," "we," "us," or "our") acts in two distinct capacities with respect to data:

• Controller: For data we collect directly from visitors to our marketing website (homeservicepulse.ai) and from individuals who register for or inquire about the Services, HSP is the data controller and this Privacy Policy applies.
• Processor: For Tenant Data — including end-customer records, appointment data, employee data, and other business information — that Customers upload, sync, or otherwise provide to the Platform, HSP acts as a data processor under the Customer's instructions. Processing of Tenant Data is governed by the Data Processing Agreement ("DPA"), not this Privacy Policy.

If you are an end customer of a home service company that uses HomeServicePulse, any questions about how your data is used should be directed to that company (our Customer), not to HSP.

This Policy applies to: (a) Users of the HomeServicePulse Platform who sign in with a verified account; (b) visitors to the homeservicepulse.ai marketing website; and (c) individuals who contact HSP directly (e.g., via email to our support, legal, billing, or privacy addresses). It does not govern Tenant Data for which Customers are the controllers.

3.1 Account and Identity Information

When you register for or use the Platform, we collect: your name and email address; your business name, trade category (e.g., irrigation, lawn care, HVAC), and timezone; Firebase user ID and display name; and account preferences such as your selected theme and last-active tenant context. This information is provided directly by you or your organization.

3.2 Tenant and Business Data (as Processor)

When you connect third-party CRM or financial platforms (e.g., ServiceMinder, QuickBooks Online), we receive and process your business data on your behalf, including: customer and contact records; appointments, invoices, payments, and proposals; technician and employee records; and brand and operational data. HSP processes this data as a Processor under Customer's instructions; see the DPA for details.

3.3 Usage and Technical Data

We automatically collect technical data when you use the Platform or visit the marketing site: HTTP request logs (method, URL, status code, IP address, request identifier, timestamp) retained for 90 days for security and operational purposes; Firebase App Check and authentication event logs for fraud prevention and session management; and device and browser type.

The Platform uses, or intends to deploy in the near term, the following analytics tools. Analytics data collection begins only when each tool is activated and any required consent mechanisms are in place:

• Google Analytics 4 (Google LLC) — aggregate page-level and session analytics with IP anonymization enabled; no advertising or remarketing features enabled; data retained per our GA4 property settings (planned 14 months).
• PostHog (PostHog Inc., US region) — product analytics, session replay (with PII masking where configured), and feature-flag delivery within signed-in sessions.

3.4 Communications

If you contact us by email (e.g., at support@, billing@, legal@, or privacy@homeservicepulse.ai), we retain the content of that communication and your contact details for the purpose of responding and for our records.

We use the information we collect to:

• Provide, operate, and improve the Services and the marketing site.
• Authenticate Users and maintain account security.
• Process payments and manage billing, subscriptions, and renewals.
• Generate AI-powered reports and insights from Tenant Data (as Processor).
• Send transactional and operational communications (receipts, security alerts, renewal notices, service updates).
• Respond to Customer and User inquiries and support requests.
• Monitor for and investigate security incidents, fraud, and misuse.
• Comply with applicable legal obligations and enforce our agreements.
• Generate aggregated, anonymized product-usage analytics to improve the Services (we do not use Tenant Data for this purpose).

5.1 Sub-processors and Service Providers

We share information with the following categories of service providers who help us operate the Platform. Each is bound by confidentiality obligations and is permitted to use data only for services rendered to HSP:

• Google Cloud Platform — infrastructure (Cloud Run, Cloud SQL, Cloud Storage, Secret Manager, Cloud Scheduler).
• Google Firebase / Google Cloud Identity Platform — authentication and session management.
• Anthropic, PBC — AI narrative generation; Tenant Data is sent to Anthropic as a sub-processor (see Section 12).
• Cloudflare, Inc. — CDN, Web Application Firewall, bot protection, and Turnstile challenge.
• Stripe, Inc. — subscription billing and payment processing.
• When deployed: Google LLC (Google Analytics) and PostHog Inc. (product analytics and session replay).

5.2 Business Transfers

If HSP undergoes a merger, acquisition, financing, reorganization, or sale of assets, Customer and User information may be transferred as part of that transaction. We will notify you of any such transfer and any material changes to this Privacy Policy.

5.3 Legal Requirements

We may disclose information when required by applicable law, regulation, legal process, or governmental authority, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of HSP, our Customers, or others.

5.4 With Consent

We may share information in other circumstances with your explicit prior consent. We do not sell, rent, or trade personal data to third parties for their own marketing or advertising purposes.

HSP's primary infrastructure is located in the United States (GCP region us-central1). Our Customers are primarily US-based businesses. If you access the Platform from outside the United States, your information may be transferred to and processed in the United States.

For Customers who transfer personal data originating in the European Economic Area (EEA) or the United Kingdom (UK) to HSP, we rely on Standard Contractual Clauses (Module 2: Controller-to-Processor) and, where applicable, the UK Addendum, as set out in the DPA. Where a sub-processor is located outside the EEA or UK, we ensure appropriate transfer safeguards are in place.

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal obligations. Our retention schedule:

• Account and identity data: retained for the duration of the active subscription, plus 90 days for data export following termination or expiration, after which it is deleted or anonymized.
• Tenant and business data: same as account data; Customer controls export during the 90-day window.
• Authentication-failure logs and security audit logs: 12 months.
• Billing records and invoices: 7 years (or the period required by applicable tax and financial law).
• Server access logs: 90 days.
• Analytics data (when deployed): per the retention settings of the applicable analytics provider (GA4: planned 14 months; PostHog: per Customer account settings).

HSP implements and maintains administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, or loss, including:

• Encryption of data in transit using TLS 1.2 or higher.
• Encryption of data at rest using AES-256 via Google Cloud SQL.
• Row-Level Security (RLS) policies at the database layer to enforce multi-tenant isolation.
• Firebase ID token authentication via Google Cloud Identity Platform.
• Cloudflare WAF and bot-management controls on all public endpoints.
• Access controls restricting HSP personnel access to Tenant Data to those with a business need.
• Structured audit logging of authentication events and privileged actions.

No security system is perfect. If you discover a security vulnerability, please report it responsibly to security@homeservicepulse.ai. If HSP becomes aware of a data breach affecting your personal data, we will notify you as required by applicable law and in accordance with our DPA obligations.

9.1 Access, Correction, and Portability

You may request a copy of the personal data we hold about you as Controller. You may also request correction of inaccurate data. Users of the Platform can access and update much of their account information directly within platform settings. For Tenant Data, rights requests must be directed to the Customer (the Controller); HSP will assist the Customer as required by the DPA.

9.2 Deletion

You may request deletion of your personal data for which HSP is the Controller. We will honor deletion requests subject to our legal retention obligations and to contractual obligations that require us to retain certain records. Account deletion will terminate your access to the Platform. Deletion of Tenant Data is a Customer (Controller) request handled under the DPA.

9.3 California Residents — CCPA Rights

California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: you may request disclosure of the categories and specific pieces of personal information we have collected, the sources, our business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: you may request deletion of personal information we collected from you, subject to certain exceptions.
• Right to Correct: you may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: HSP does not sell or share personal information for cross-context behavioral advertising. No opt-out is necessary.
• Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.
• Authorized Agent: you may designate an authorized agent to submit a CCPA request on your behalf by providing written authorization.

To submit a rights request, contact us at privacy@homeservicepulse.ai. We will verify your identity before responding and will respond within 45 days (with a possible 45-day extension where reasonably necessary).

The Platform and marketing site use cookies, localStorage, IndexedDB, and similar browser-storage technologies. These are described in detail in our Cookie Policy at homeservicepulse.ai/legal/cookies. In summary: strictly necessary storage enables authentication and tenant context (and cannot be disabled without preventing sign-in); functional storage remembers your preferences; Cloudflare sets security cookies for bot protection; and analytics tools (when deployed) set optional cookies you may disable through your browser controls or the Google Analytics Opt-out Browser Add-on.

The Platform recognizes Global Privacy Control (GPC) signals. Because HSP does not sell or share personal information for cross-context behavioral advertising, GPC signals do not currently change Platform behavior. If our practices change, we will update this Policy and the Cookie Policy accordingly.

The Services are intended for business use by adults. We do not knowingly collect personal information from children under 13 (COPPA), and we do not knowingly sell or share personal information of consumers under 16 (CCPA). If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe we have inadvertently collected such information, contact us at privacy@homeservicepulse.ai.

The Services use Anthropic's Claude AI models to generate narrative summaries, performance insights, and other AI Output from Tenant Data. Anthropic processes Tenant Data as a sub-processor under our DPA. We have configured our API usage with Anthropic so that Tenant Data submitted via the API is not used to train Anthropic's models.

HSP does not use Tenant Data to train its own AI or machine-learning models, nor does it allow third parties to use Tenant Data for model training. AI Output is generated for the benefit of the Customer and its authorized recipients and is not shared with other Customers.

AI Output may contain inaccuracies. Customers and Users are responsible for reviewing AI Output before relying on or distributing it. AI Output does not constitute professional advice of any kind. See the Terms of Service, Section 7, and the AUP, Section 2.4, for additional requirements.

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' advance notice by email to registered Users or by a prominent notice on the Platform or marketing site, prior to the change taking effect. For non-material changes, we will update the effective date above. Continued use of the Services or marketing site after any update constitutes acceptance of the updated Policy.

For privacy-related questions, data subject requests, or to report a privacy concern: privacy@homeservicepulse.ai

For DPA-related inquiries and legal notices: legal@homeservicepulse.ai