PRIVACY POLICY

OUR COMMITMENT TO PRIVACY

Pulse iQ is committed to maintaining the confidentiality, integrity, and security of personal information about our current and prospective customers. In this policy personal information means information about an individual that is collected or maintained for counseling purposes and by which the individual can be identified. The privacy policies of Pulse iQ are reviewed annually. Our printed and online notices are then updated to reflect any changes.

PRIVACY POLICY

How and why we obtain personal informationPulse iQ takes great care to protect personal information about our clients and when we use it, we do so with respect for your privacy. We may use personal information about you to service, maintain, and protect your account; respond to inquiries from you or your parent or guardian; develop, offer, and deliver counseling products and services; or to fulfill legal requirements. PulseLogs (our Healthcare tool and which applies to PulseLogs clients only) may collect public and non-public personal information about you from any of the following sources:
  • You or your parent or guardian creating a user profile (for example, first name, last name, address, phone, and email, full face photographic images and any comparable images, etc.)
  • You or your parent or guardian filling out Intake forms (for example, name, address, birth date, marital status, email, fax and phone numbers, payment and billing information, signature, etc.)
  • Other forms you or your parent or guardian may fill out in your account (for example, various Client Intakes, Consent Forms, Release of Information)
  • Other interactions with our healthcare clients (for example, calls to schedule appointments or discussions with administrative staff, information you enter into our websites, when you enroll in our authentication services, filling out support tickets, etc.)
  • You or your parent or guardian regarding your preferences (for example, the screen layout you specify if you use our Internet sites)
  • Other documents uploaded and attached with your or your parent or guardian’s consent (for example, from other institutions or counselors)
  • User activity logs to troubleshoot our apps functionality and to provide IT support (for example, account numbers, device identifiers and serial numbers, Web Universal Resource Locators (URLs), Internet Protocol (IP) address numbers, and any other unique identifying number, characteristic, or code)
  • Data Backups and Archives
  • Restored Data

Please note that information by which you cannot be identified (for example, anonymous or aggregated information) is not considered personal information and therefore is not subject to this privacy policy.

How we protect information about youPulse iQ considers the protection of personal information to be a foundation of customer trust and a sound business practice. We employ physical, electronic and procedural controls and we regularly adapt these controls to respond to changing requirements and advances in technology.Pulse iQ restricts access to personal information to those who require it to develop, support, offer and deliver products and services to you.
How we share information about you with third partiesPulse iQ does not share or sell personal information about customers of our various tools with unaffiliated third parties. We may share personal information with the following entities:
  • Unaffiliated service providers (for example, server hosting, and other entities who may provide services at our clients’ direction)
  • Government agencies, other regulatory bodies and law enforcement officials as permitted or required by law (for example, to respond to a subpoena)
  • Other third-parties, with your consent or as directed by your parent or guardian (for example, if you choose to fill out a Release of Information form)
Our service providers are obligated to keep the personal information we share with them confidential and use it only to provide specified services requested by clients.
Your digital privacyIt is the policy of Pulse iQ to ensure that your information is protected from misuse, loss, tampering, or use by unauthorized persons. This policy addresses the safeguarding of your information received, created, used, maintained, and/or transmitted via the communication mediums to authorized parties such as counselors, database administrators, and whoever you so specify in your Release of Information forms, etc. Verification of identity is attained prior to release of any information in compliance with Pulse iQ Policy. Transmission of your information over Pulse iQ’s own network is managed with internal controls such as unique User ID and Password authentication.Pulse iQ utilizes a high security grade server that encrypts all of the data as it is entered as well as when it is at rest. We use firewall barriers, encryption techniques, and authentication procedures, among other controls, to maintain the security of your online session and to protect Pulse iQ accounts and systems from unauthorized access. Our HIPAA-compliant servers’ security measures used for PulseLogs protect as much information as possible from malicious attackers through:

a. Electronic data protection:

  • Cisco firewall
  • ClamAV antivirus
  • Encrypted Drives for Data Encryption At-Rest
  • Threat Stack Oversight Intrusion Detection System
  • Safe Harbor Compliant
  • Guardian backups for databases, or specific files and folders so no data is lost
  • 24/7/365 server monitoring service
  • In-house technicians are immediately alerted if a particular port or service goes down on the server.
  • Technicians further investigate the cause of the downed service right away to potentially identify greater threats at the first sign of trouble.
  • Server monitoring keeps an eye on services such as HTTP, FTP, and mail to ensure servers are working as intended.

b. Physical data protection (in server farm):

  • Off-site servers
  • Data Center Physical System Security
  • 24/7/365 Manned Facility
  • Closed Circuit TV Security Cameras
  • Monitored 24/7/365 by 3rd Party Security Company
  • Site Entrance Controlled by Electronic Perimeter Access Card System
  • Data Centers Privately Owned and Operated
  • Durable, Poured Concrete External Walls
  • Disaster Neutral Geographic Locations
  • Advanced Fire Prevention Infrastructure
  • Dry Pipe Preaction, Double Interlock System
  • NFPA 13 Compliant
  • Office Space Separate from Data Center Space
  • Advanced Proximity Credentials Required to Access Data Center
  • All Employees Receive Full Background Check
  • Secured Server Cabinets Included
  • Component Level Redundancy Available for Hard Drives
  • Hot and Cold Spare On-site Servers Available

Our service providers are obligated to keep the personal information we share with them confidential and use it only to provide specified services requested by clients.

Cookies and similar technologiesPulse iQ may use cookies and similar technologies to support the operation of our digital toolsets. Cookies are small amounts of data that a website or online service exchanges with a web browser or application on a visitor’s device (for example, computer, tablet, or mobile phone). Cookies help us to collect information about users of our digital toolsets, including date and time of visits, pages viewed, amount of time spent using our digital offerings, or general information about the device used to access our digital offerings. Pulse iQ cookies are also used for security purposes and to personalize your experience, such as customizing your screen layout.You can refuse or delete cookies. Most browsers and mobile devices offer their own settings to manage cookies. If you refuse a cookie, or if you delete cookies from your device, you may experience some inconvenience in your use of our digital offerings. For example, you may not be able to sign in and access your account, or we may not be able to recognize you, your device, or your online preferences.
AppsPulse iQ’s various apps including Pulse Analytics®, Pulse 360, Pulse Predictive, PulseLogs, Value Calculators, etc. applications, (“apps”) allow you to access your accounts, view and interact with reports, update your information, chat, etc. and in the case of some tools use advanced AI capabilities, conduct what-if scenarios, calculate profitability, fill out forms, manage invoicing, upload documents and submit support tickets using wireless or mobile devices. Our privacy practices apply to any information that we may collect through the app.

DATA RETENTION POLICY

SOC 2 Type 2 Compliance for Active and Retained Data
The Pulse iQ platform and infrastructure is built on Microsoft Azure and utilizes Microsoft as it’s cloud service provider (CSP). Microsoft CSP and data centers are SOC 2 Type 2 compliant as conducted by third-party CPA firms. This ensures all active and archive data stored by Pulse iQ meets, or exceeds, the minimum requirements deemed for System and Organization Controls (SOC) for Service Organizations as outlined by AICPA. The Microsoft Azure infrastructure utilized by Pulse iQ meets and/or exceeds the following attestations:
  • SSAE No. 18 Attestation Standards
  • SOC 2 Reporting Attestation
  • TSP section 100, 2017
Moreover, the Microsoft Azure SOC 2 Type 2 attestation report addresses the requirements set forth in the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) and the Cloud Computing Compliance Criteria Catalouge (C5:2020) created by the German Federal Office for Information Security (BSI). You may review the Azure compliance offerings here:
Payment Card Industry (PCI) Data Security Standard (DSS)Pulse iQ utilizes PCI DSS compliant vendors/gateway for payment processing and authorization. Pulse iQ does not store data related to payment other than card holder name, address, and transaction ID. All other payment data, if stored, is done so at the request of the card holder and stored with the vendor/gateway provider as outlined by PCI DSS requirements.
Data Retention PolicyPulse iQ only retains active data for subscribed clients and only data necessary to effectively conduct its activities and work in fulfillment of its mission.Pulse iQ strives to ensure that data is only retained for the period necessary to fulfill the purpose for which it was collected and is fully deleted when no longer required. This policy sets forth Pulse iQ’s guidelines on data retention as consistently applied throughout our organization.
ScopeThis policy covers all data collected by Pulse iQ and stored on Pulse iQ owned or leased systems and media, regardless of location, as it applies to data collected and held electronically.
Reasons for Data RetentionPulse iQ retains data that is necessary to effectively conduct its activities, fulfil its mission, and comply with applicable laws and regulations.Reasons for data retention include:
  • Providing an ongoing service to customer
  • Compliance with applicable laws and regulations associated with financial and programmatic reporting by Pulse iQ to its funding agencies and other donors
  • Security incident or other investigation
  • Intellectual property preservation
  • Litigation
Moreover, the Microsoft Azure SOC 2 Type 2 attestation report addresses the requirements set forth in the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) and the Cloud Computing Compliance Criteria Catalouge (C5:2020) created by the German Federal Office for Information Security (BSI). You may review the Azure compliance offerings here:
Data DuplicationPulse iQ seeks to avoid duplication in data storage whenever possible, however, there may be instances in which, for programmatic or other business reasons, it is necessary for data to be held in more than one place. This policy applies to all data in Pulse iQ’s possession, including duplicate copies of data.
Data DestructionData destruction ensures that Pulse iQ manages the data it controls and processes in an efficient and responsible manner. When the retention period for the data as outlined above expires, Pulse iQ will actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data and provide information as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by Pulse iQ’s data protection officer, or equivalent level executive member, in consultation with legal counsel prohibiting the destruction of certain documents and/or data records. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.
Client SeparationIf you are a former customer, these policies also apply to you; we treat your information with the same care as we do information about current customers.In the event that a Pulse iQ client elects to discontinue or otherwise unsubscribe from actively utilizing the Pulse iQ platform and infrastructure the client reserves the right to request any files and data records be destroyed. This request must be made official in writing acknowledging all active data related to the client’s account will be destroyed.
Data Backups and ArchivesData which is part of backup and/or archives will remain as such until the outlined retention period as outlined above expires. This is necessary to preserve the integrity of the backup/archive.
Restored DataIn the event that data must be restored from a backup or archive the data and records associated with the client will again be removed from active storage.

ADDITIONAL INFORMATION

Our apps enable you to access, review, and if necessary, correct your account information by logging into your account through an Internet service.
Effective May, 2022©2007-2023 Pulse iQ, Inc. All Rights Reserved.

View Pulse Analytics, Predictive, ROI Calculators, & PulseLogs across all your devices!