Version: 1.0

Last Updated: August 2025

1. Introduction

ClearPulse, operated by Axiom Analytics, is committed to full compliance with the General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA), and the Digital Personal Data Protection Act, 2023 (DPDP – India).

We are a privacy-first analytics platform. By design, we do not request, capture, retain, analyze, or process personally identifiable information (PII) in user-uploaded content. Our core focus is aggregated, anonymized consumer review analytics for research and business intelligence purposes only.

This document explains:

• The type of data we collect and why
• How we comply with GDPR, CCPA, and DPDP
• Your rights under these laws
• Our obligations and data handling safeguards
• The process for consent and withdrawal

2. Data Collection Principles

ClearPulse strictly adheres to data minimization and purpose limitation principles.

2.1 Data We Collect

Mandatory fields in uploads:

• Review Text (non-PII text content describing a product/service experience)
• Date of the review

Optional fields in uploads:

• Location (non-personal — e.g., city, region, or store name)
• Product (generic product name or SKU without customer identifiers)
• Channel (e.g., “Instagram”, “Website”, “App”)

Account information: Name and email address used for account creation & communication

System-generated metadata: Timestamps of uploads, campaign names, user IDs, login logs, subscription activity

2.2 Data We Do NOT Collect

• No personal identifiers from end-users in uploaded files unless voluntarily included (strongly discouraged)
• No financial or payment card information (payments handled via third-party PCI-DSS compliant providers)
• No location tracking or behavioral profiling of individual users outside the platform scope
• No biometric, health, or sensitive personal category data

3. Lawful Basis for Processing

Our lawful basis for processing, under GDPR Article 6, CCPA Section 1798, and DPDP Section 4, includes:

• Contractual necessity: To provide analytics services requested by the user
• Legitimate interest: Improving platform features & preventing misuse
• User consent: Explicit agreement at first login to the terms in this document

4. Purpose Limitation

Your uploaded data will only be used for:

• Analytics processing (text classification, topic extraction, sentiment analysis)
• Generating dashboards, insights, and exports for your use
• System performance monitoring and bug fixing

We will not:

• Sell or share data with advertisers or unrelated third parties
• Use uploaded review content for AI model training without explicit opt-in
• Use your account data for marketing unrelated to ClearPulse services

5. Data Confidentiality & Security Measures

We apply strong security controls, including:

• Encryption in transit: TLS 1.2+
• Encryption at rest: AES-256 for stored files and databases
• Access control: Role-based permissions, access logging
• Data segregation: Campaign/layer isolation for each user
• Regular audits: Periodic compliance and vulnerability scans

6. Data Retention

• Uploaded files and derived analytics are retained only as long as your subscription or project is active, unless you delete them earlier
• You can delete individual files, campaigns, or your entire account at any time through the platform UI
• Deleted data is irreversibly erased from production and backups within our retention period (max 30 days for backups)

7. User Rights

Under GDPR, CCPA, and DPDP, you have the right to:

• Access: Request a copy of the data we hold about you
• Correction: Request correction of any inaccurate information
• Deletion: Request complete removal of your account and associated data
• Portability: Request an export of your data in machine-readable format
• Restriction: Limit processing of your data for specific purposes
• Objection: Object to processing for certain activities (e.g., marketing)
• Non-discrimination (CCPA): You will not be denied services for exercising your rights

8. Consent Management

• First Login Consent: You will be presented with this Compliance Document, our Privacy Policy, and Data Deletion Policy.
• You must explicitly agree before gaining access to the portal.
• A digital record of your acceptance (user ID, timestamp, IP) will be stored for compliance purposes.
• You can withdraw consent at any time by contacting our support team, which will trigger the account deletion process.

9. Data Deletion Process

(Aligned with our published Data Deletion Policy)

• Submit a deletion request via account settings or support
• Identity verification to prevent unauthorized requests
• Optional: Downloadable archive (.zip) of your data before deletion
• Permanent erasure from all systems & backups within retention period
• Confirmation email sent upon completion

10. Cross-Border Data Transfers

• Data may be stored or processed in secure AWS data centers located in India and/or other jurisdictions compliant with GDPR adequacy standards
• All transfers comply with GDPR Chapter V, using Standard Contractual Clauses where applicable

11. Regulatory References

• GDPR (EU Regulation 2016/679)
• CCPA (California Civil Code §§ 1798.100 – 1798.199)
• DPDP Act, 2023 (India)

12. Contact for Data Protection Matters

Data Protection Officer – Axiom Analytics
Email: cp@clearpulse.ai
Registered Address: Vertica C-1104, Casa Bella Gold, Palava, Mumbai, INDIA 421 204.

By clicking “I Agree” on the first login screen, you acknowledge that you have read, understood, and accepted this GDPR, CCPA, and DPDP Compliance Statement, along with our Privacy Policy and Data Deletion Policy.