Effective date: August 12, 2025
Last updated: August 12, 2025
This Privacy Policy explains how Pulse AI Inc. ("Pulse," “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use Overmind and related Pulse services that integrate with it (collectively, the “Services”). It also describes your choices and rights.
Plain‑English promise: Overmind is designed to be private by default. You control discoverability and matchmaking. You can delete your Overmind data at any time with Purge.
1) Scope & Who We Are
Controller: Pulse AI Inc., a Delaware C‑Corporation (formation pending), with principal operations in Minnesota, USA.
Contact: info@pulseaiplatform.com
Coverage: This Policy applies to Overmind and Overmind components embedded in Pulse products. Pulse’s marketing site and blog may be covered by a separate policy.
If you access Overmind from outside the U.S., you understand your data will be processed in the United States.
2) Key Definitions
- Node – The base unit of Pulse. Every user operates their own Node, controls the data on it, and chooses whether to participate in Overmind features.
- Pod – A federated group of Nodes that voluntarily share digests with each other. Each Node selects what to share and may revoke/change access at any time.
- Digest – A unit of text-based information on a Node (e.g., system logs, chat/forum threads, descriptions of ingested media, notes, etc.).
- Embedding – A high‑dimensional vector representation of text used to compute similarity. (We treat embeddings as personal data and protect them accordingly.)
- Highlight – A notification created by users/their integrations and by Overmind (e.g., invitations to join Pods).
- Overmind – Pulse’s people‑search and matchmaking system that uses embeddings to suggest friends, topics, and Pods.
- User Profile – Registration and profile data associated with a Node (e.g., About, profile photo, coarse location, discoverability settings).
3) What We Collect
When you use Overmind, we may collect the following categories of information:
Account & Profile Data
About text, display name, profile photo, coarse location (optional, user‑entered city/region/country — we do not infer it from device sensors or IP geolocation), discoverability and matchmaking settings, Node URL.
Digest & Embedding Data (per‑Node)
- Embeddings of selected digests to enable similarity search and recommendations.
- Compressed, access‑controlled digests at rolling 30/60/90‑day intervals for Overmind operation and troubleshooting. Raw text is not pooled into a centralized data lake.
Service & Security Logs
Minimal event logs required to keep the system operating (e.g., request timestamps, auth outcomes, error traces). We do not log raw digest contents. We do not persist IP addresses in application logs. The original connecting IP is processed by our SSL termination provider (Cloudflare) for security and edge connectivity and may be retained in edge logs per our configuration (currently 30 days).
Support Interactions (optional)
If you ask for support and explicitly authorize access, we may temporarily view limited information from your Node to resolve the issue.
Sensitive data: You decide what to include in digests, About, and photos. Adding sensitive information is optional and at your discretion.
4) How We Use Information (Purposes)
We process information to:
- Operate Overmind (people search, similarity scoring, matchmaking, and Pod invitations).
- Provide, secure, and maintain the Services (including abuse prevention and fraud/security monitoring).
- Troubleshoot and improve performance (including investigating outages or bugs).
- Communicate with you about the Services.
- Comply with legal obligations.
We do not use Overmind data for third‑party advertising or sell/share it for cross‑context behavioral advertising. We do not create permanent “classes” of users; similarity is computed against text embeddings and can be turned off.
Automated Decision‑Making: Overmind uses automated similarity to surface potential matches and topics. We do not make decisions that produce legal or similarly significant effects without human involvement.
5) Your Controls (Discoverability, Matchmaking, Purge)
You can control exposure and participation at any time via profile toggles:
- Discoverable – Appear in people search.
- Opt‑in matchmaking – Allow Overmind to propose connections.
- Let others match me / Suggest topics / Prefer local friends – Fine‑tune suggestions.
- Purge – Immediately deletes your Overmind data from hot storage. Any encrypted snapshots are removed within ≤30 days.
The default Pulse experience (without registering for Overmind) is fully private and does not include people search, matchmaking, or scoring.
6) Coarse Location (Optional, User‑Entered)
Providing a location is optional. Overmind never uses device GPS, Bluetooth, Wi‑Fi, IP‑based geolocation, or background signals to determine your location. Instead, you may type a coarse location (e.g., city/region/country) that is stored as text and can be changed at any time.
Why we do it this way
- Privacy: No automatic geolocation or movement history is collected.
- Flexibility for travelers: If you move or travel frequently, you can update your location quickly so local suggestions (if enabled) stay relevant.
How it’s used
- When Discoverable is ON, People Search may display your coarse location.
- When Prefer local friends is ON, Overmind may use your coarse location to bias suggestions.
- We do not infer or autofill this field from IP addresses.
- Turning off these toggles or using Purge hides or deletes this field accordingly.
7) What Other Users Can See (Configurable)
If Discoverable is ON:
- Your About, profile photo, and coarse location may appear in People Search.
- Others may see counts/similarity scores to their queries.
- Others may visualize your embedding vectors on a 3D map alongside their own and Pulse anchor points.
If Matchmaking is ON:
- Overmind may share your Node URL and potential shared interests/topics with other users. We do not verbatim quote your digests in these suggestions.
Note on embeddings: Embeddings reduce—but do not eliminate—re‑identification risk. We therefore treat embeddings as personal data and protect them accordingly.
8) Automated Processing of Digest Texts
- No automated processing/storage occurs for users not registered with Overmind.
- No profiling, scoring, or matchmaking occurs unless you opt in by registering with Overmind.
- Overmind’s pipelines process digests to produce embeddings and highlights. Human operators and system logs do not capture raw digest text; only the resulting highlights are logged, and those logs are attributed to a user’s Node (not a centralized raw‑text repository).
- Embeddings and digests are stored separately and per‑user/per‑Node. Endpoints prevent retrieval of raw digests by anyone other than the verified Node operator.
9) Data Location & Storage Architecture
We operate a self‑hosted, S3‑compatible MinIO object store in our Minnesota facility. Overmind data is stored on Pulse‑owned hardware in private network segments and is not publicly exposed.
- At rest: Encrypted object storage (MinIO SSE) plus encrypted volumes.
- In transit: TLS 1.2/1.3 between Nodes, services, and storage.
- Separation: Raw digests and embeddings are stored separately per user/Node.
- Backups/retention: No separate long‑term backups beyond the rolling 30/60/90‑day copies used by Overmind. Purge deletes hot storage immediately; any encrypted snapshots are removed within ≤30 days.
- Data residency: No cross‑border replication; data remains in the U.S.
10) Data Sharing & Subprocessors
- We do not sell personal information and do not share personal information for cross‑context behavioral advertising.
- We do not use public cloud hosting providers for Overmind data. Storage is self‑hosted MinIO on Pulse‑owned hardware.
- If we use essential vendors (e.g., email delivery, payment processors, customer support tools), they act as processors under contract and do not receive digests or embeddings. Current essential vendors:
- Microsoft (email, domains, container registry for completed service images)
- Cloudflare (SSL termination, edge connectivity)
- Stripe (payment processing)
We don’t store or process payment card numbers; Stripe processes payments on our behalf and provides us tokens/receipts only.
11) Advertisers
We do not work with advertisers in Overmind and prohibit scraping for advertising purposes. (Bad actors may attempt scraping via proxies; we monitor and take reasonable steps to deter abuse.)
12) Cookies & Tracking
Overmind uses one first‑party session cookie to keep you signed in. We do not use third‑party cookies and do not track you across other sites. (Pulse’s marketing site/blog may have a different cookie policy.)
13) Minors
Overmind isn’t for children under 13, and we don’t knowingly collect personal information from children. If you’re 13–17, you may use Overmind only with a parent/guardian or institutional authorization (e.g., through your school or employer). If we learn a child under 13 used Overmind, we’ll delete the account and associated data.
14) Security
We apply layered controls appropriate to a federated system:
- Per‑Node authentication keys; least‑privilege access; role‑based controls for staff tooling.
- Encryption at rest and in transit; network isolation around MinIO and core services.
- Access logging, MFA for administrative access, periodic security reviews.
- Vulnerability disclosure: security@pulseaiplatform.com
No system is perfectly secure; we work to protect your information and notify you of significant incidents consistent with applicable law.
15) Data Retention & Deletion
We retain information only as long as needed for the purposes stated above.
| Category | Purpose | Typical Retention |
|---|---|---|
| Account & Profile Data | Account management & discoverability | Until you change or delete it; removed immediately on Purge |
| Embeddings | Similarity search & recommendations | Until Purge or account deletion |
| Compressed digests (30/60/90‑day copies) | Overmind operation & troubleshooting | Rolling copies only; deleted on Purge; snapshots (if any) removed ≤30 days |
| Highlights | Notifications & invitations | Until cleared or Purge |
| Support artifacts (with consent) | Resolve user‑requested issues | Up to 30 days, then deleted |
| Service/security logs (no raw text) | Operate, secure, and debug | Short operational window, typically ≤30 days unless extended for a specific incident |
Purge: Immediately removes your Overmind data from hot storage; encrypted snapshots (if any) are removed within ≤30 days. You may export your data before deletion.
16) Your Rights & How to Exercise Them
Your rights depend on where you live. We honor applicable privacy rights and requests, including:
- Access/Portability – Obtain a copy of your personal information.
- Delete – Delete personal information (subject to legal exceptions).
- Correct – Fix inaccurate information.
- Opt‑out of sale/sharing/targeted advertising – We don’t sell or share for cross‑context ads; we honor Global Privacy Control (GPC) signals where applicable.
- Restrict/Object (where available) – Limit or object to certain processing.
- Withdraw consent – Where processing is based on consent.
Non-discrimination: All Pulse users pay the same price, Overmind is opt-in, we hope you get enough benefit out of it that you choose to register!
We will not discriminate against you for exercising your privacy rights (for example, by denying services, charging different prices, or providing a different level or quality of service).
How to submit: Email privacy@pulseaiplatform.com. We’ll verify your request and respond within the time required by law (typically 45 days, with a possible single 45‑day extension). You may use an authorized agent where permitted. If we deny your request, you can appeal within 45 days; we’ll respond in writing within 60 days and tell you how to escalate to your state Attorney General if you disagree.
EU/UK users: Where GDPR/UK GDPR applies, our legal bases include: contract (to provide Overmind), legitimate interests (security, debugging), consent (discoverability/matchmaking), and legal obligation. You may lodge a complaint with your local data‑protection authority. We do not make solely automated decisions producing legal or similarly significant effects.
17) Law Enforcement & Legal Requests
We disclose user data only in response to valid legal process (e.g., subpoena, court order, or warrant) or when we believe in good faith it’s necessary to prevent imminent harm. We narrowly scope any disclosure and, where legally permitted, notify affected users before disclosure.
18) Content Responsibility (Moderation)
Pulse is a federated platform where each Node controls its own content. We do not pre‑screen content. We may remove or restrict access where required by law, to protect users, or to enforce our Terms. Nothing in this section limits rights or protections available under applicable law.
19) International Data Transfers
We primarily store and process Overmind data in the United States. If we collect personal data from the EEA/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and apply the protections described in this Policy.
We do not currently have an EU/UK Article 27 representative - if you are accessing from outside of the United States please keep in mind that this is not an officially supported location and there may be issues with your access if you managed to get signed up and logged in.
20) State & Regional Supplements
- Minnesota (MCDPA): Minnesota residents have rights to access, delete, correct, and opt out of certain processing (including profiling for decisions with legal/similar effects). We also maintain records of data‑protection practices consistent with MCDPA expectations. Contact us to exercise your rights.
- California (CCPA/CPRA): We do not sell personal information or share it for cross‑context behavioral advertising. We honor GPC signals. California residents may use an authorized agent to submit requests.
- Other U.S. States: Where state privacy laws provide additional rights, we honor them.
21) Changes to This Policy
We may update this Policy from time to time. If changes are material, we’ll provide reasonable notice (e.g., in‑product notice or email). The “Effective date” above shows when the latest version took effect.
22) How to Contact Us
- General & privacy inquiries: info@pulseaiplatform.com / privacy@pulseaiplatform.com
- Security/vulnerability reports: security@pulseaiplatform.com
- Mailing address: provided on request to privacy@pulseaiplatform.com within 7 days.
Pulse AI Inc.
Minnesota, USA (primary operations)