This Privacy Policy applies to the Pulpoo platform, including our web dashboard, mobile applications, and business messaging integrations (collectively, the "Service"), operated by Pulpoo, Inc. ("Pulpoo", "we", "us", or "our"). By using the Service you consent to the data practices described here.
Who we are
The entity responsible for the personal data processed under this policy (the data controller, or "responsable" under Mexico's Federal Law on the Protection of Personal Data Held by Private Parties, LFPDPPP) is:
- Pulpoo, Inc., a Delaware (USA) corporation
- c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, United States
- team@pulpoo.com · +1 (786) 432-5143
Information we collect
We collect information you provide directly to us, information collected automatically when you use the Service, and information received through integrations you connect.
- Account and profile information — name, email address, phone number, organization details, role, and password credentials (stored only as a secure hash).
- Content you create — tasks, messages, chats, calls, files, comments, and other content you and your team submit to the Service.
- Automatically collected data — device type and identifiers, IP address, operating system, browser type, approximate (non-precise) geographic location, and usage activity such as pages viewed and features used.
- Billing information — processed by our payment provider (Stripe); we do not store full card numbers on our servers.
WhatsApp Business and Meta integration
Where your organization enables our WhatsApp Business integration, Pulpoo processes messages and related data exchanged between your business and the people who message it, on your behalf and under your instructions. This may include:
- Message content, media, and message metadata (timestamps, delivery and read status, and the WhatsApp phone number identifiers of the sender and recipient).
- Contact profile details made available by WhatsApp, such as the display name associated with a phone number.
- Business messaging configuration, message templates, and conversation history needed to deliver customer support and automated responses.
This data is used solely to operate the messaging features you have enabled — routing conversations, powering AI-assisted and human replies, maintaining conversation history, and producing analytics for your organization. We do not use WhatsApp or Meta data for advertising, and we do not sell it. Our handling of this data complies with the WhatsApp Business Messaging Policy and the applicable Meta Platform Terms. Meta's own processing of messages is governed by the WhatsApp Privacy Policy.
How we use information
- To provide, maintain, secure, and improve the Service.
- To authenticate users and protect against fraud and abuse.
- To send you required notices, service updates, and — where permitted — relevant product communications.
- To provide customer support and respond to your requests.
- To generate aggregated, de-identified analytics about how the Service is used.
Cookies and analytics
We use strictly necessary cookies to keep you signed in and to secure your session. For product analytics we rely on first-party, privacy-respecting measurement: we do not run third-party advertising trackers, we do not build cross-site advertising profiles, and we do not sell your personal data to anyone. Analytics data is aggregated and used only to understand and improve the Service.
How we share information
We do not sell your personal information. We share it only in the following limited cases:
- Service providers — trusted vendors who process data on our behalf under contractual confidentiality obligations, including infrastructure hosting, our payment processor (Stripe), the WhatsApp Business / Meta messaging integration, email delivery (Amazon SES), AI processing, error monitoring, and push notifications. See our Subprocessors page for the current list.
- Within your organization — content you create in the Service is visible to other authorized members of your organization according to your permissions.
- Legal and safety — when required by law or legal process, or where we believe in good faith it is necessary to protect rights, safety, or to investigate fraud.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.
Some third-party providers maintain their own privacy policies, including Google, Stripe, Sentry, and Expo.
Data retention
We retain personal data for as long as your account is active and for a reasonable period afterwards, as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Automatically collected usage data is retained for up to 24 months and thereafter may be stored only in aggregate, de-identified form. When you delete data or close your account, we delete or anonymize the associated personal data within 30 days, except where a longer retention period is required by law.
International data transfers
We are a US company and process and store data on servers located in the United States (hosted on Amazon Web Services), including data of users located in Mexico and elsewhere. Our service providers are listed on our Subprocessors page; each is bound by contractual confidentiality and security obligations. By using the Service you acknowledge this transfer and processing in the United States.
Your rights and choices (ARCO)
Depending on your jurisdiction, you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. If you are in Mexico, these include the ARCO rights under the LFPDPPP: Access to the personal data we hold about you, Rectification of inaccurate data, Cancellation (deletion) when no longer needed, and Opposition to specific uses.
- To exercise any of these rights, email our data protection contact at stefanosilva@pulpoo.com or team@pulpoo.com, stating which right you wish to exercise and enough information to locate your data (account email or WhatsApp number).
- Exercising these rights is free of charge. We may need to verify your identity first, and we respond within 20 business days of receiving a verifiable request.
- You can update most account information directly in the Service, and request deletion at any time — see our Data Deletion Instructions.
Note that some data may be required for the Service to function. If you are in Mexico and believe your data protection rights have been violated, you may also lodge a complaint with the Mexican data protection authority.
Data protection contact
Questions and requests about personal data are handled by our data protection contact:
- Stefano Silva — Data Protection Contact, Pulpoo, Inc.
- stefanosilva@pulpoo.com · +1 (786) 432-5143
- c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, United States
Security
We maintain physical, electronic, and procedural safeguards to protect the information we process, including encryption in transit, hashed credentials, and access controls that limit data to authorized personnel who need it to operate and improve the Service. No system is perfectly secure, but we work continuously to protect your data.
Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If we learn that a child under 13 has provided personal information, we will delete it. If you believe a child has provided us data, contact team@pulpoo.com.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "last updated" date above and post the new policy on this page. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
Contact us
For any questions about this Privacy Policy or our data practices, contact us at team@pulpoo.com or visit pulpoo.com.