Privacy Policy

This Privacy Policy explains how pulse-x.cc ("we", "us", "operator") processes personal data collected through the pulse-x.cc domain and its subdomains (including m.pulse-x.cc) in the course of providing email engagement tracking services to participating senders.

1. How tracking works

Senders who use our service embed two types of tracked elements in the emails they send to recipients:

A 1×1 transparent pixel image at a URL like https://m.pulse-x.cc/pixel/<id>.gif. When your email client loads images, the request to this URL is recorded as an "open" event.
Redirect links at URLs like https://m.pulse-x.cc/click/<id>?url=<destination>. When clicked, the request is recorded as a "click" event before forwarding you to the intended destination.

2. Data we collect

For each open or click event, we receive:

Event metadata: the type (open or click), timestamp, the unique tracking ID embedded in the URL.
Network signals: IP address, ASN, ISP, approximate geographic location (country, city).
Device/client signals: user agent, browser name and version (when present), operating system, device type.
Recipient identifier: the email address the sending tool substituted into the tracking URL (when configured). This is typically the recipient's business email.
Click destination: the URL you were forwarded to (for click events only).

We do not read or store the body of the email itself. We only record the engagement signals listed above. We do not store payment information, passwords, biometric data, health data, or any data of children under 16.

3. Cookies we set

The email-tracking domain itself does not set persistent cookies on opens. On clicks, the user is redirected through a sync step that places a cross-device identifier on the .d-edge.me domain (see the d-edge.me Privacy Policy for details on that cookie). The sync step only fires when the underlying tracking link carries a valid signed token from the sender.

Cookie name	Domain	Purpose	Lifetime
`dz_person_token`	.d-edge.me (set on click redirect)	Cross-device person identifier for email-source linkage	13 months

4. Why we process this data

Email engagement analytics — count opens and clicks per send, attribute engagement to recipients for reporting.
Identity linkage — connect a recipient's email click to their identity in our partner's analytics, when the recipient subsequently visits the partner's site (only when applicable consent is in place at the partner site).
Bot detection — distinguish automated email clients and scanner bots from real recipient engagement.
Service operation — ensure tracking pixels and click redirects function correctly, prevent abuse, debug issues.

5. Legal basis (GDPR)

Legitimate interest (Art. 6(1)(f) GDPR) — for engagement analytics, bot detection, and operational reliability.
Consent (Art. 6(1)(a) GDPR) — for cross-domain identity linkage and persistent person identifiers; obtained by the sender (the data controller for the email send).

The sender of the email is the data controller for the underlying recipient relationship. We process recipient data on the sender's behalf as a processor. Senders are responsible for obtaining valid recipient consent under applicable email-marketing and privacy laws (CAN-SPAM, GDPR, PECR, etc.).

6. Data retention

Raw event data (opens, clicks): up to 12 months
Aggregated send-level statistics (open counts, click counts, no personal identifiers): kept for the lifetime of the sender's account
Identified recipient records: retained per the underlying sender's data retention policy, up to a maximum of 24 months from last engagement

7. Sharing & transfers

We do not sell personal data. Data is shared only with:

The sender (data controller) whose email triggered the event.
Sub-processors strictly required to operate the service (cloud hosting, geo-IP enrichment) under written data processing agreements.
Authorities when required by law.

Personal data may be processed in the United States and other jurisdictions where our cloud providers operate. Cross-border transfers are governed by Standard Contractual Clauses (SCCs) where applicable.

8. Your rights

Under GDPR, CCPA/CPRA, and equivalent laws, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete data
Delete your data ("right to be forgotten")
Restrict or object to specific processing activities
Receive your data in portable format
Withdraw consent at any time (does not affect processing already done)
Opt out of "sale" or "sharing" under CCPA (we do not "sell" data)
Lodge a complaint with your local supervisory authority

To exercise any of these rights, email privacy@pulse-x.cc with your request. We respond within 30 days (extendable to 60 days for complex requests). Because we process data on behalf of the sender, we may need to forward your request to the sender for fulfilment.

9. Opt out

You can opt out of tracking by:

Disabling automatic image loading in your email client (prevents open tracking)
Hovering over links before clicking to see if they route through pulse-x.cc, and opening the destination URL directly in a new tab instead
Unsubscribing from the sender's mailing list (the "unsubscribe" link in their email)
Emailing privacy@pulse-x.cc to request permanent suppression

10. Children

Our service is intended for B2B audiences. We do not knowingly collect data from children under 16.

11. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date below.

12. Contact & data controller

Service operator: pulse-x.cc
Privacy enquiries: privacy@pulse-x.cc
Domain: pulse-x.cc (and subdomains, including m.pulse-x.cc)
Service: Email engagement tracking infrastructure
Last updated: 2026-06-04