Privacy Policy

Last updated: January 15, 2025

1. Introduction

Palm Technologies Private Limited ("PulseSeal," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the PulseSeal platform, website, and related services.

2. Biometric Data

PulseSeal uses palm vein pattern recognition for authentication. Our approach to biometric data is fundamentally different from conventional biometric systems:

  • Raw biometric scans are destroyed within 50 milliseconds of capture
  • No biometric template is ever stored on our servers
  • Biometric-to-key conversion happens exclusively on your local device
  • We store only non-sensitive cryptographic helper strings and device public keys
  • PulseSeal staff cannot access, view, or reconstruct your biometric data

3. Information We Collect

We collect the following categories of information:

  • Account information: Name, email address, organization name, and role
  • Usage data: Authentication events, vault access logs, and session metadata
  • Device information: Device type, public key, and registration timestamp
  • Contact inquiries: Information submitted through our contact form
  • Payment data: Processed securely through PayU (India) or Stripe (international); we do not store card details

4. How We Use Information

We use collected information to provide and improve our services, process authentication requests, generate audit logs for compliance, communicate with you about your account, and respond to inquiries. We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Data Storage and Security

All data at rest is encrypted. All data in transit uses secure transport protocols. Vault files are encrypted using India's first quantum-resistance algorithm. For on-premise deployments, all data remains within your infrastructure. For cloud deployments, data is stored in SOC 2 compliant data centers.

6. Data Retention

Account data is retained for the duration of your subscription plus 30 days. Audit logs are retained according to your organization's configured retention policy (minimum 90 days, maximum 7 years). You may request deletion of your account and associated data at any time by contacting security@PulseSeal.com.

7. Your Rights

Under applicable privacy laws (including GDPR), you have the right to access, correct, delete, port, and restrict processing of your personal data. To exercise any of these rights, contact us at security@PulseSeal.com. We will respond within 30 days.

8. Contact

For privacy-related inquiries, contact our Data Protection Officer at security@PulseSeal.com or write to: Palm Technologies Private Limited, Hinjawadi Phase 2, Rajiv Gandhi Infotech Park, Pune, Maharashtra 411057, India. Phone: +91-9119426919.