Security & Privacy
Understand what Pulse AI stores locally, what can leave your workspace, and how to get private help with data or security questions.
Start here
Pulse AI is built around a workspace-first model. Most day-to-day operating records live in your project folder, while connected services are used for account, payment, support, and AI-provider workflows.
This page explains the practical boundaries: what Pulse AI touches, what you control, what external services may receive, and which support path to use when something looks sensitive.
What Pulse AI stores in your workspace
Pulse AI uses the .pulse/ folder in your project to keep tasks, sprints, workday state, deliverables, preferences, and task evidence close to the work they describe. That local folder may contain project context, generated summaries, screenshots, validation output, and operational notes.
Because the workspace folder is yours, you can inspect it directly. Treat it like any other project record: do not publish it, attach it to public issues, or share it with support unless you have reviewed the contents first.
What leaves your workspace
Some Pulse AI features need external services:
- AI agent work can send prompts or selected task context to the provider you configure.
- Voice narration uses Gemini when narration is enabled.
- Account, billing, support, and optional cloud-backed state can use hosted services.
- Payments are handled by Stripe. Card details are collected by Stripe and do not pass through Pulse AI servers.
If a feature depends on an external provider, assume the text or file context you submit to that feature can be processed by that provider. Keep secrets, private customer data, and unpublished legal or billing records out of prompts and artifacts unless you intentionally need that provider to process them.
Secrets and payment details
Keep API keys, access tokens, webhook secrets, card numbers, and private billing records out of docs, screenshots, public GitHub issues, Discord messages, and support examples.
For payments, share the account email, approximate time, product or plan, and Stripe receipt or payment reference if available. Do not send card numbers or full payment credentials. If a secret was exposed, rotate it first, then contact support with the feature, file path, and exposure summary.
Security incidents and urgent privacy concerns
Use private support for security, billing, or data-loss concerns. Public channels are fine for general product questions, but not for personal data, credentials, payment issues, or private workspace contents.
Contact:
- Privacy requests: privacy@pulse-ai.dev
- Product and technical support: support@pulse-ai.dev
- Security or data-loss concerns: use the contact form or support email with "security" in the subject
Before sharing evidence
Useful support evidence is specific but redacted:
- The Pulse AI version and editor version.
- The route or product surface involved.
- The exact error message, with secrets removed.
- A screenshot with private task names, customer details, and credentials hidden.
- Whether AI providers, voice narration, checkout, or Inventory were involved.
Do not include full .pulse/ folders, raw logs, payment credentials, API keys, or screenshots of private customer data unless support asks for a narrower artifact through a private channel.