Pulse Voices Metering Privacy Policy

1. ROLE OF PULSE LABS AND SCOPE

2. DATA WE COLLECT AND METHODS OF CAPTURE

Information automatically collected

In short: Some information – such as device characteristics, IP address, fraud prevention signals, and identity verification data – is collected automatically when you visit our Services or when fraud prevention measures are triggered.

We automatically collect certain information when you visit, use or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as:

• Device fingerprints (browser type, version, screen resolution, installed fonts, timezone, language, operating system, device characteristics)
• IP address and geolocation data
• Network information (ISP, ASN, proxy/VPN detection)
• Email validation and risk assessment data
• Fraud risk scores and flags
• Bot detection signals
  This information is primarily needed to:
• Detect and prevent fraud, including multiple accounts, location spoofing, and automated attacks
• Maintain the security and operation of our Services
• Verify participant eligibility and identity
• Conduct internal analytics and reporting
  We collect this fraud prevention information through our partners:
• Fingerprint.com (device fingerprinting and fraud signals)
• ProxyCheck.io (IP address and network analysis)
• Fraudo.io (email validation and risk scoring)
  Like many businesses, we also collect information through cookies and similar technologies.

Identity Verification Information

When fraud risk signals indicate potential account abuse, or when specific projects require verified identity, we may require identity verification through our partner Persona. This may include:

• Phone numbers for SMS verification
• Government-issued identification documents (driver's license, passport, national ID)
• Biometric data: facial images captured via selfie for identity verification
• Liveness detection data to confirm real-time selfie capture

IMPORTANT: Collection of government ID and biometric data (selfies) occurs only after you provide explicit, separate consent through Persona's verification interface. You may decline this enhanced verification, though doing so may limit your eligibility for certain projects that require verified identity.

Biometric data is processed solely for identity verification and fraud prevention purposes and is subject to heightened security protections under applicable biometric privacy laws including the Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), and similar state laws.

Information Collected Through Metering Studies

When you participate in metering studies, we collect additional types of information through automated screen capture technology:

• Screen Recordings: Automated video captures of your device screen when you interact with specific applications or content being studied (primarily sponsored advertisements and related content). These recordings focus on target interactions but may incidentally capture other information visible on your screen at the time of capture.
• App Usage Data: Information about when and how you use applications being studied, including timestamps, interaction patterns, session duration, and navigation flows.
• Device Configuration Data: Information about app-specific shortcuts, automations, or permissions configured to enable metering functionality, including details about trigger configurations and automation settings.
• Technical Performance Data: Information about the metering application's performance, including background app operation status, capture success rates, technical errors, and system resource usage.

Information Collected Through Community Forum

When you participate in our optional community forum for Trusted Testers, we collect additional information:

• Forum Registration Information: Your name and email address (auto-populated from your Pulse Labs account via SSO), forum profile information, avatar, and any additional profile details you choose to provide.
• Forum Content: All content you post, including discussions, comments, direct messages to other members, reactions, and any files or images you share within the forum.
• Forum Activity Data: Information about your forum usage, including login times, pages visited, threads viewed, search queries within the forum, and engagement metrics.



Third-Party Platform Data: The forum is powered by CircleCo, Inc. ("Circle"), which may collect technical data including IP addresses, browser information, and cookies specific to forum functionality. This data is processed according to both our Privacy Policy and Circle's platform requirements.

3. SPECIFIC PURPOSES FOR USING YOUR DATA

We use your data for the following specific and high-transparency purposes:

3.1. Algorithmic Matchmaking and Profiling

We use your Profile Data and Platform Use Data to create internal profiles. This profiling is used for:

• Matchmaking: Suggesting the most suitable Agencies/Agents to Clients and vice versa.
• Targeting: Inviting Panelists to research studies based on demographic criteria and past behavior.
• Personalization: Customizing the experience on our Platform (e.g., showing relevant features or content).
• 
  

3.2. AI Model Training and Improvement

We use anonymized, aggregated, and de-identified research data and usage logs to develop, train, and improve our proprietary AI/Machine Learning (ML) models, including tools for data analysis, transcription, and content generation. This is essential for improving the quality and functionality of the Services.

3.3. Payment Processing and Fraud Prevention

We share necessary identifying and technical data with our Designated Payment System and anti-fraud partners to:



• Process payments, verify identity, and comply with KYC/AML regulations.
• Detect, investigate, and prevent fraudulent transactions and illegal activity.
• Manage chargebacks and enforce the financial terms of our agreements.
• To detect and prevent fraud and abuse. We use device fingerprints, IP analysis, email validation, and identity verification to detect multiple accounts, location spoofing, automated bot signups, and other fraudulent activity to protect the integrity of our participant panel and research quality.
• To verify participant identity and eligibility. We may require SMS verification, government ID scanning, and biometric verification (selfie matching) for accounts flagged by fraud prevention systems or for high-value projects requiring verified identity. Biometric verification requires your explicit separate consent and you may decline (which may limit participation in certain projects).
• To make automated fraud prevention decisions. Based on fraud prevention signals, we may automatically flag accounts for review, require additional verification, restrict account access, or deny participation in projects. You have the right to human review and to contest such decisions.
• To conduct metering studies and research. We use screen recordings and related data to understand user interactions with applications, content, and advertisements for research purposes and to provide insights to our clients.
• To detect and analyze target interactions. We use automated detection systems to identify and capture specific content interactions (such as sponsored advertisements) during metering studies.
• To improve research methodologies. We use metering study data to develop and refine user experience research methodologies and automated data collection processes.
• To facilitate community engagement. We use forum data to enable peer-to-peer support, professional development discussions, and community building among our Trusted Testers.
• To monitor compliance with confidentiality obligations. We may review forum content to ensure compliance with Panelist Agreements and protection of client confidential information.
• To improve our testing programs. We analyze forum discussions and feedback to enhance our testing methodologies, training materials, and panelist support resources.
• To identify testing opportunities. Forum participation and expertise demonstrated through discussions may be considered when matching panelists with appropriate testing projects.

4. DATA SHARING AND DISCLOSURE

We share your data only in the following specific circumstances:

• With Matchmaking Partners: We share limited profile information (e.g., company size, industry focus, expertise) between prospective Clients and Agencies/Agents solely to facilitate matchmaking and evaluation.

• With Study Sponsors (Clients): If you are a Panelist, the Client sponsoring the study receives your Research Contributions (recordings, responses, feedback). We do not share your full name, email, or contact information unless you explicitly consent within the study itself.

• Legal Compliance and Protection: We may disclose data when required by law, subpoena, or legal process, or when necessary to protect the rights, property, or safety of Pulse Labs, our users, or the public (e.g., enforcing our Non-Circumvention clause).

• Sub-Processors: We share data with third-party vendors (Sub-Processors) who provide essential services (e.g., cloud hosting, analytics, security), subject to the strict confidentiality and security requirements outlined in our Data Protection Addendum.
  More specifically, we share your information with the following categories of third parties:

• Fraud Prevention and Identity Verification Vendors. We share device fingerprints, IP addresses, email addresses, phone numbers, government IDs, and biometric data (selfies) with our fraud prevention and identity verification partners (Fingerprint.com, ProxyCheck.io, Fraudo.io, and Persona) who process this information on our behalf to detect fraud, verify identity, and protect platform security. These vendors are contractually required to protect your data and use it only for the purposes we specify.

• Metering Study Clients. For metering studies, we typically share aggregated insights and analytics with our clients rather than raw screen recordings. However, we may share raw video captures with clients on a limited basis for quality verification and spot-checking purposes. Screen captures may incidentally contain personal information visible on your screen at the time of capture. We implement automated and manual processes to detect and remove personally identifiable information before sharing data with clients, though we cannot guarantee that all incidental personal information will be identified and removed.



• Forum Platform Provider. We share necessary information with CircleCo, Inc., our third-party forum platform provider, to enable forum operations. This includes your name, email, and content you post in the forum. Circle processes this data according to their platform requirements and may store it in data centers in different jurisdictions than our primary services.
  

5. WHO WILL YOUR INFORMATION BE SHARED WITH?

• Advertising, Direct Marketing, and Lead Generation
• Cloud Computing Services
• Communication & Collaboration Tools
• Data Analytics Services
• Finance and Accounting Tools
• Government Entities
• Order Fulfillment Service Providers
• Payment Processors
• Performance Monitoring Tools
• Product & Service Testing
• Retargeting Platforms
• Sales and Marketing Tools
• Social Networks
• Testing Tools
• User Account Registration & Authentication Services
• Web and Mobile Analytics
• Website Hosting Service Providers
• Fraud Prevention & Identity Verification
• Fingerprint.com (device fingerprinting and fraud detection)
• ProxyCheck.io (IP address and proxy/VPN detection)
• Fraudo.io (email validation and risk scoring)
• Persona (identity verification, SMS, government ID, and biometric processing)
  

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy unless otherwise required by law. Fraud prevention data may be retained longer for security and audit purposes.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, fraud prevention, or other legal requirements).

Specific retention periods:

• Account information: 2 years past account termination
• Device fingerprints: 6 months after account closure
• IP address logs: 6 months after account closure
• Email validation results: Permanent (as boolean flags only)
• SMS verification status: Permanent (as boolean only; phone number may be hashed)
• Government ID images: 30-90 days after verification (per Persona's retention policy), unless longer retention is required for fraud investigation or legal compliance
• Biometric data (selfies): 30-90 days after verification (per Persona's retention policy), unless longer retention is required for fraud investigation or legal compliance
• Fraud risk scores and flags: Permanent (for security audit trail and to prevent repeat fraud attempts)

For biometric data (government IDs and selfies), we follow retention requirements under applicable biometric privacy laws including Illinois BIPA (3 years or when the purpose is satisfied, whichever occurs first) and Texas CUBI (reasonable period).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Note: We may retain fraud prevention data (device fingerprints, risk scores, and flags) longer than other personal information because we have a legitimate interest in maintaining a security audit trail and preventing banned users from re-registering with new accounts. Such data is retained in a secure, isolated system and used solely for fraud prevention purposes.

• Metering Study Data Retention: Screen recordings and associated metering study data are retained for the duration necessary to fulfill research objectives and contractual obligations to our clients, typically ranging from 90 days to 2 years after the conclusion of the study, unless a longer retention period is required or permitted by law. Aggregated and de-identified insights derived from metering studies may be retained indefinitely for research and business purposes.



• Forum content and participation data may be retained separately from other platform data. Posts and comments may remain visible in the forum after account deletion to maintain discussion continuity, though we will anonymize or remove personally identifiable information upon request. Forum data deletion requests will be processed within 30 days, subject to our need to maintain records for legal compliance and to protect against fraudulent activity.
  

7. WHAT ARE YOUR PRIVACY RIGHTS?

• Right to access the personal information we hold about you
• Right to request correction of inaccurate personal information
• Right to request deletion of your personal information (subject to legal limitations)
• Right to object to processing of your personal information (subject to legitimate interest assessment)
• Right to restrict processing of your personal information
• Right to data portability
• Right to withdraw consent (where consent is the legal basis for processing)
• Right to file a complaint with your supervisory authority
  Biometric Data Rights (Illinois BIPA, Texas CUBI, and other state biometric laws):
  If you are a resident of Illinois, Texas, Washington, or another state with biometric privacy laws, you have specific rights regarding biometric data (selfies used for identity verification):
• Right to informed consent: We will obtain your explicit, written consent before collecting any biometric data
• Right to know: We will inform you of the specific purpose and length of time for which biometric data is being collected, stored, and used
• Right to deletion: You may request deletion of your biometric data at any time (subject to fraud prevention and legal requirements)
• Right to disclosure: We will not sell, lease, trade, or profit from your biometric data
• Right to protection: Your biometric data is stored using reasonable security standards
  Under Illinois BIPA specifically:
• We will retain biometric data for no more than 3 years or until the purpose for collection is satisfied, whichever occurs first
• You have the right to sue for violations with statutory damages of $1,000 per negligent violation or $5,000 per reckless/intentional violation
• We will not disclose biometric data without your consent, except as required by law or subpoena
  To exercise biometric data rights or withdraw consent for biometric processing, contact terms@pulselabs.ai or support@pulselabs.ai. 
• Fraud Prevention Rights: With respect to fraud prevention processing (device fingerprinting, IP analysis, email validation), you have:
• Right to access: You may request a copy of fraud prevention data we have about you
• Right to explanation: You may request an explanation of automated fraud decisions
• Right to human review: You may contest automated fraud decisions and request human review
• Right to rectification: You may request correction of inaccurate fraud prevention data
• Right to object: You may object to fraud prevention processing, subject to our legitimate interest assessment
• Right to deletion: You may request deletion, subject to fraud prevention and audit requirements
  To exercise fraud prevention rights, contact terms@pulselabs.ai or support@pulselabs.ai. We will respond within 30 days.
  Metering Study Opt-Outs and Data Deletion
• During metering studies, you may opt out of individual screen captures at any time. Please note that frequent opt-outs may affect your eligibility for study compensation as determined by the client conducting the research.
• You may request deletion of all your metering study data, which will result in your removal from the study. Data deletion requests cannot be honored after you have been paid for your participation in that study.
• You cannot request deletion of specific screen captures because the automated nature of the metering system means you may not know exactly what data was captured and submitted. You may only request deletion of all data from a specific metering study.
  

8. DATA SECURITY FOR METERING STUDIES

Screen recordings captured through metering studies are encrypted during transmission and storage. We implement technical and organizational measures to protect this data, including:

• Automated detection and redaction of personally identifiable information
• Manual review processes for sensitive data
• Access controls limiting who can view raw screen recordings
• Secure storage and transmission protocols using industry-standard encryption
• Regular security audits of metering data collection and storage systems
  However, due to the automated nature of screen capture, there is a possibility that personal information visible on your screen may be captured incidentally. We cannot guarantee that all personal information will be identified and removed. You should be mindful of what is displayed on your screen during metering studies.
  

9. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes, if you are a resident of California, you have specific rights regarding access to your personal information under the California Consumer Privacy Act (CCPA).

California Consumer Privacy Act (CCPA) Disclosures for Fraud Prevention and Identity Verification: Under the CCPA, we disclose the following:

Categories of Personal Information Collected for Fraud Prevention:

• Identifiers: Device fingerprints, IP addresses, email addresses, phone numbers
• Biometric information: Facial images from selfies, biometric templates
• Government identifications: Driver's license, passport, national ID
• Internet or network activity: Device characteristics, browser fingerprints, VPN/proxy detection signals
  Business Purpose for Collection:
• Detecting and preventing fraud, identity theft, and security incidents
• Protecting against malicious, deceptive, or illegal activity
• Verifying participant identity and eligibility
• Maintaining data integrity and security
  Third Parties with Whom We Share This Information:
• Fingerprint.com (device fingerprinting)
• ProxyCheck.io (IP address and network analysis)
• Fraudo.io (email validation)
• Persona (identity verification and biometric processing)

Your CCPA Rights:

• Right to know what personal information we collect, use, and disclose
• Right to request deletion (subject to exceptions for fraud prevention and security)
• Right to opt-out of "sale" of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

California Biometric Information Privacy Protections:

Under California Civil Code § 1798.140(o), biometric information includes physiological, biological or behavioral characteristics that can be used to establish individual identity, including facial images. We:

• Obtain explicit consent before collecting biometric information
• Inform you of collection, storage duration, and purpose
• Do not sell or disclose biometric information without consent
• Retain biometric information only as long as necessary
• Implement reasonable security measures
  To exercise CCPA rights, please visit our public privacy landing page: https://prighter.com/q/18708120581 or contact terms@pulselabs.ai.
  

10. DO WE MAKE UPDATES TO THIS POLICY?

Yes. We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Effective Date" and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

11. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have questions or comments about this policy, you may email us at terms@pulselabs.ai or by post to:

Pulse Labs
370 S. 300 E.
Suite 107
Salt Lake City, UT 84111
United States



To exercise your privacy rights, please visit our public privacy landing page: https://prighter.com/q/18708120581

12. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the laws of some countries, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request form by clicking below. We will respond to your request within 30 days.