Privacy Policy
Last updated: April 2, 2026
The short version: PulseRoute processes only transaction routing metadata (processor IDs, success/failure, latency). We never see, store, or process cardholder data, payment amounts, or personally identifiable customer information.
1. What Data We Collect
Transaction Metadata (from your SDK integration)
| Data | Example | Purpose |
|---|
| Processor ID | "stripe", "adyen" | Route health evaluation |
| Transaction result | success / failure | Success rate calculation |
| Latency | 145ms | Performance monitoring |
| Error code | "timeout", "declined" | Failure pattern analysis |
| Routing context | country, currency, payment method | Rule matching |
| Rule ID | "us_usd_visa" | Configuration reference |
Account Information
- Email address (for account access and communication)
- Company name
- API keys (hashed, for authentication)
What We Do NOT Collect
- Credit/debit card numbers or PANs
- Cardholder names or addresses
- Transaction amounts or order details
- Customer PII (names, emails, phone numbers)
- IP addresses of your end customers
2. How We Use Your Data
- Health evaluation: Computing processor success rates, latency percentiles, and failure patterns
- Routing decisions: Determining which processor to recommend for each transaction context
- Predictive models: Training ML models to predict processor degradation (Tier 2/3)
- Shadow reports: Comparing PulseRoute recommendations against actual routing for shadow mode
- Service improvement: Aggregate, anonymized metrics to improve the routing engine
3. Data Storage and Retention
- Transaction metadata is stored in Redis with a configurable time window (default: 5 minutes for real-time metrics)
- Aggregated health statistics are retained for the duration of your account
- Shadow mode observations are stored in-memory and cleared on engine restart or explicit clear
- All data is deleted within 30 days of account termination
4. Data Isolation
PulseRoute is multi-tenant with strict data isolation. Each tenant's data is stored in a separate Redis key namespace. There is no cross-tenant data access. Your data is never shared with other customers.
5. Data Security
- All API communication is encrypted via TLS
- API keys are transmitted via headers, never in URLs
- Redis data is encrypted at rest (when using managed Redis services)
- Access to production systems is restricted and logged
6. Third-Party Data Sharing
We do not sell, rent, or share your data with third parties. We may share aggregate, anonymized statistics (e.g., "average failover detection time across all customers") for marketing purposes, but never individual customer data.
7. PCI-DSS Compliance
PulseRoute is designed to operate outside the PCI-DSS cardholder data environment (CDE). We do not process, store, or transmit cardholder data. Our SDK integration points are positioned around your payment flow, not within it.
8. Your Rights
- Access: Request a copy of all data we hold about your account
- Deletion: Request deletion of your account and all associated data
- Portability: Export your configuration (rules, processor setup) at any time via the API
- Correction: Update your account information at any time
9. Cookies
The PulseRoute dashboard uses essential cookies for session management only. We do not use tracking cookies, analytics scripts, or advertising pixels.
10. Changes to This Policy
We will notify you of material changes via email. The "last updated" date at the top reflects when this policy was last modified.
11. Contact
For privacy-related questions or data requests: privacy@pulseroute.dev