Your Privacy Is Absolute

PulseApp ("we," "us," or "our") is a mobile CRM application designed exclusively for mortgage professionals, accessible via our iOS mobile app and this website at mobile-crm-app.com. We are the data controller for any personal data you provide when using our app or website. If you have any questions about this policy, you can reach us at info@mobile-crm-app.com.

We collect only the minimum data necessary to provide the service:

• Your name and email address (for account creation and login)
• Your professional details you choose to add (NMLS number, company, license)
• Contact records you create inside the app (names, phone numbers, notes)
• Call history logs you record through the app's disposition feature
• App usage preferences and notification settings
• Standard server logs from our infrastructure provider (IP, user agent, request paths) — auto-deleted after 30 days

We do not collect your device's contacts, location, camera, microphone, or any other device data not explicitly listed above.

The website (mobile-crm-app.com) does not use third-party analytics, tracking pixels, or advertising cookies. It is a static marketing site — no cookies are set.

Your data is used solely to operate PulseApp for you. Specifically:

• To authenticate your account and keep it secure
• To store and sync your contacts and call history across your devices
• To send you push notifications you explicitly schedule within the app
• To calculate your call queue and priority rankings

We do not use your data to train AI models. We do not use your data for advertising or marketing profiling. We do not analyze your contact data for any business purpose. Your contacts are your business relationships — we treat them that way.

This is called "zero-knowledge" encryption. Technically: AES-256-CBC with per-field random IVs, keyed by a 256-bit Master Encryption Key (MEK) that is itself sealed into two lock boxes (one with your password, one with your 16-character recovery key), each derived with PBKDF2-SHA256. See our Security page for the full technical breakdown.

We do not share your data with data brokers, advertising networks, analytics companies, or any commercial third parties. Full stop.

All your data is stored in Supabase (a Postgres-based cloud database hosted on AWS infrastructure in the United States), which provides:

• Encryption at rest using AES-256
• Encryption in transit using TLS 1.3
• Strict Row Level Security (RLS) — no other user can access your data
• AWS's enterprise-grade infrastructure (ISO 27001, SOC 2 certified)

On top of Supabase's at-rest encryption, every PII field in your contact records is encrypted client-side with your own key before upload. So even Supabase staff with raw database access see only ciphertext.

Your data is stored in the United States. If you are located outside the US, by using PulseApp you consent to your data being transferred to and processed in the US.

PulseApp uses a minimal set of trusted third-party services to operate:

• Supabase — authentication, database, and realtime sync infrastructure. Supabase's privacy policy applies to their processing: supabase.com/privacy. Supabase processes data on our behalf and is contractually prohibited from using your data for their own purposes.
• Apple App Store — all subscription billing and payment processing is handled exclusively by Apple. We never see, receive, or store your payment card details, billing address, or any financial information. Apple's Privacy Policy governs their handling of payment data.
• Expo / React Native — the open-source framework powering the app. No personal data is transmitted to Expo.
• Hostinger — hosts this website. Standard server access logs (IP, user agent) are kept for a limited period for security purposes. No tracking or analytics cookies are set.

That is the complete list. We do not use third-party analytics SDKs, advertising networks, crash reporting services that share data externally, social login providers, or data brokers of any kind.

When you subscribe to a paid plan, all billing is processed directly by Apple through the App Store. The only subscription-related data we store on our end is:

• Your current plan tier (Trial, Basic, Pro, or Premium)
• Your contact limit associated with that plan
• Your trial end date (if applicable)

We do not store your Apple ID, payment method, billing address, or transaction history. We do not receive your credit card number or any financial identifiers from Apple. To manage, cancel, or get a refund for your subscription, go directly to your Apple ID subscription settings — we cannot process refunds or subscription changes on your behalf.

Regardless of where you are located, we give you the following rights over your data:

• Right to Access — request a copy of all data we hold about you
• Right to Correction — update any inaccurate data in your account
• Right to Deletion — permanently delete your account and all associated data. You can do this at any time from Settings → Security → Delete Account. Deletion is permanent and irreversible within 30 days.
• Right to Portability — export your contacts as a CSV at any time from the app
• Right to Opt-Out — since we never sell data, there is nothing to opt out of. You may disable push notifications at any time in your device Settings.

To exercise any of these rights or for data-related inquiries, email us at info@mobile-crm-app.com. We respond to all requests within 5 business days and fulfill them within 30 days as required by law.

We retain your data for as long as your account is active. When you delete your account:

• All contact records are permanently deleted immediately
• All call history is permanently deleted immediately
• Your account credentials are removed from Supabase Authentication
• Your user profile is permanently deleted

We do not retain backups of deleted accounts. We do not keep anonymized versions of your data after deletion. When you delete, it is gone.

PulseApp is a professional business tool intended for adults (18+). We do not knowingly collect personal data from anyone under 18 years of age. If you believe a minor has created an account, contact us immediately at info@mobile-crm-app.com.

We take security seriously and implement industry-standard protections:

• Row Level Security policies enforce that only you can read or write your data
• Zero-knowledge encryption on every contact PII field (AES-256-CBC + HMAC-SHA256)
• Optional Face ID / biometric lock to prevent unauthorized access on your device
• Email verification required on account creation
• Rate limiting on login attempts to prevent brute-force attacks
• No sensitive data is ever logged to third-party crash reporting services

Despite our best efforts, no system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to info@mobile-crm-app.com. We respond to security reports within 48 hours.

If we make material changes to this Privacy Policy, we will notify you via email and in-app notification at least 14 days before the changes take effect. Continued use of the app after that date constitutes your acceptance of the updated policy.

We will never change the core principle: your data will never be sold or shared for commercial purposes. That is non-negotiable.

For any privacy-related questions, requests, or concerns:

• Email: info@mobile-crm-app.com
• Response time: within 5 business days

You also have the right to lodge a complaint with your local data protection authority if you believe we have violated applicable privacy law.