Privacy Policy

TextPulse.ai ("TextPulse," "we," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use our website and services at textpulse.ai ("Service").

Account Information

When you create an account, we collect your name, email address, and a hashed version of your password. We never store plaintext passwords — all passwords are hashed using bcrypt with 12 salt rounds.

Usage Data

We collect anonymized usage data including pages visited, features used, word counts processed, and timestamps. This data helps us improve the Service and is not linked to your submitted text content.

Payment Information

Payment processing is handled entirely by PayPal. We do not collect, store, or have access to your credit card numbers, bank account details, or other financial information. We receive only your PayPal email, transaction IDs, and subscription status.

Text Content

Text submitted for humanization is processed in real time and is not stored permanently after processing completes. AI detection reports store metadata (scores, timestamps, document hashes) for verification purposes, but the original submitted text is not retained.

We use collected information to:

• Provide, maintain, and improve the Service
• Process transactions and manage subscriptions
• Send transactional emails (receipts, password resets)
• Send marketing communications (only with your consent — you can unsubscribe anytime)
• Generate anonymous usage analytics
• Prevent fraud and enforce our Terms of Service
• Respond to support requests and inquiries

• We do not use your submitted text to train, fine-tune, or improve AI models
• We do not sell, rent, or share your personal data with advertisers or data brokers
• We do not embed watermarks, hidden metadata, or tracking markers in humanized output
• We do not store your submitted text content after processing
• We do not allow employees to access your submitted text content

All data in transit is encrypted using TLS 1.2+ (HTTPS). Data at rest in our database is encrypted using AES-256 encryption. Authentication tokens are stored in HTTP-only cookies with Secure and SameSite flags to prevent XSS and CSRF attacks.

Our infrastructure is hosted on Vercel (edge deployment) and Neon (serverless PostgreSQL). Both providers maintain SOC 2 compliance and implement industry-standard security practices.

We use the following third-party services that may process your data:

• PayPal — payment processing (governed by PayPal's Privacy Policy)
• GPTZero— AI detection scoring (text submitted for detection is processed through GPTZero's API)
• Resend — transactional and marketing email delivery
• Vercel — web hosting and edge deployment
• Neon — serverless PostgreSQL database hosting

Each third party processes data in accordance with their own privacy policies. We select providers that maintain strong security and privacy practices.

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Our authentication cookie is HTTP-only, Secure, and SameSite=Strict.

• Account data: Retained while your account is active. Deleted permanently when you delete your account.
• Submitted text: Not retained after processing.
• Detection reports: Metadata (scores, hashes, timestamps) retained for verification purposes. Deleted when you delete your account.
• Payment records: Retained as required by financial regulations (typically 7 years).
• Newsletter subscriptions: Retained until you unsubscribe.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Export: Request a machine-readable export of your data
• Objection: Object to processing of your data for marketing purposes
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at privacy@textpulse.ai. We will respond within 30 days.

For users in the European Economic Area (EEA), we process personal data on the following legal bases:

• Contract performance: Processing necessary to provide the Service (account data, text processing)
• Legitimate interest: Analytics, fraud prevention, and service improvement
• Consent: Marketing communications (you can withdraw consent anytime)

Data may be transferred outside the EEA to our hosting providers. We ensure adequate protections through standard contractual clauses or equivalent mechanisms.

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. We encourage you to review this page periodically. The "Last updated" date at the top indicates when the policy was last revised.

For privacy-related inquiries, contact us at privacy@textpulse.ai. For general inquiries, visit our contact page. For security vulnerabilities, email security@textpulse.ai.