Vulse collects only the data it needs to provide the service. We do not sell your data, we do not share it with third parties for advertising, and we will never use your infrastructure data for any purpose other than running Vulse for you. You are always in control — you can export or delete your data at any time.
Vulse is an infrastructure intelligence platform operated by Vulse s.r.o., a company registered in the Slovak Republic.
Registered name: Vulse s.r.o.
Registration number: 51479605
Registered address: Tyršova 20A, 942 01 Šurany, Slovak Republic
VAT ID: SK2120725959
Data Protection Officer: dpo@vulse.sk
This Privacy Policy explains how we collect, use, store, protect, and share information about you when you use our website at vulse.io, our web application, APIs, and any related services (collectively, the "Service"). It applies to all users of Vulse, including visitors to our marketing website, registered account holders, and enterprise customers.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use the Service.
We collect information in the following categories, depending on how you interact with the Service:
When you register for a Vulse account, we collect:
If you sign up via a third-party authentication provider (Google, Microsoft, GitHub), we receive the name, email, and profile picture associated with that account. We do not receive your third-party password.
This is the core data you create while using Vulse — the content of your workspace. It includes:
Important: Your infrastructure data belongs to you. Vulse processes this data solely to provide the Service to your organisation. We do not analyse, mine, or use your infrastructure data for any commercial purpose.
We automatically collect certain technical information when you access the Service:
If you contact us for support, sales enquiries, or other correspondence, we collect:
We use Stripe as our payment processor. We do not store full payment card numbers on our servers. We retain non-sensitive billing metadata such as the last four digits of a card, card type, billing name, and transaction history for accounting purposes.
We use collected data for the following purposes:
| Purpose | Details |
|---|---|
| Providing the Service | Creating and managing your account, hosting your infrastructure data, processing release requests, and operating all platform features. |
| Authentication & Security | Verifying your identity at login, detecting and preventing fraudulent access, enforcing two-factor authentication where enabled. |
| Billing & Payments | Processing subscription payments, issuing invoices, handling refunds, and managing plan upgrades and downgrades. |
| Customer Support | Responding to support tickets, diagnosing bugs, and resolving technical issues you report. |
| Product Improvement | Analysing aggregated, anonymised usage patterns to improve features, fix issues, and prioritise our roadmap. |
| Communications | Sending transactional emails (password resets, billing receipts, incident alerts). We send product update emails only with your consent. |
| Legal Compliance | Fulfilling legal obligations, responding to lawful requests from authorities, and enforcing our Terms of Service. |
We do not use your data to display advertisements, and we do not sell your data to data brokers or marketing companies.
Under the EU General Data Protection Regulation (GDPR), we are required to identify a lawful basis for each type of processing. We rely on the following bases:
Where we rely on legitimate interests, we have conducted a Legitimate Interests Assessment (LIA) and concluded that our interests do not override your fundamental rights. You may request a copy of this assessment by contacting our DPO.
We do not sell your personal data. We share data only in the limited circumstances described below:
We use trusted third-party service providers ("sub-processors") to operate the Service. All sub-processors are contractually bound by Data Processing Agreements (DPAs) that restrict their use of your data:
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure & data hosting | EU (Frankfurt) |
| Stripe | Payment processing | USA (SCCs applied) |
| Postmark | Transactional email delivery | USA (SCCs applied) |
| Intercom | Customer support & live chat | USA (SCCs applied) |
| Cloudflare | CDN, DDoS protection, DNS | EU nodes prioritised |
| Sentry | Error monitoring & crash reporting | USA (SCCs applied) |
An up-to-date list of all sub-processors is available at vulse.io/subprocessors. We will notify you of any material changes to this list at least 30 days in advance.
We may disclose your data if required to do so by law, court order, or government authority, or where necessary to protect the rights, property, or safety of Vulse, our users, or others. We will notify you of any such disclosure request, to the extent permitted by law.
In the event of a merger, acquisition, bankruptcy, or sale of all or part of our assets, your data may be transferred to the acquiring party. We will notify affected users prior to any such transfer and ensure the new party agrees to at least the same level of privacy protections described in this policy.
We will share your data with third parties in any other circumstance only with your explicit consent, which you may withdraw at any time.
We retain your data for as long as your account is active or as necessary to provide the Service. Specific retention periods are:
When data is deleted, it is rendered unrecoverable through secure deletion procedures. We do not retain data in anonymised form beyond these periods unless stated otherwise.
Security is core to Vulse — we are an infrastructure management platform and we take our own security obligations extremely seriously. Our security measures include:
Despite our best efforts, no system is completely immune to security threats. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.
To report a security vulnerability, please contact security@vulse.io. We operate a responsible disclosure programme.
Vulse is headquartered in the European Union (Slovakia). Your data is primarily processed and stored on servers located within the EU (AWS eu-central-1, Frankfurt).
Some of our sub-processors (listed in Section 5) are based in the United States. For any transfer of personal data to countries outside the European Economic Area (EEA) that do not have an adequacy decision from the European Commission, we ensure that appropriate safeguards are in place, specifically:
Enterprise customers who require EU-only data residency may request this through their account settings or by contacting enterprise@vulse.io.
If you are located in the European Economic Area, you have the following rights regarding your personal data under the General Data Protection Regulation (EU) 2016/679:
You have the right to obtain confirmation of whether we process your personal data, and if so, to receive a copy of that data along with information about how it is processed.
You have the right to request correction of inaccurate personal data or completion of incomplete data. You can update most account information directly through the Settings panel in your Vulse dashboard.
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where the processing was unlawful. Note that we may need to retain certain data to comply with legal obligations (e.g. financial records).
You may request that we restrict the processing of your data in certain circumstances, for example while a dispute about its accuracy is resolved.
You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV), and to transmit it to another controller. You can initiate a full data export at any time from Settings → Data & Privacy → Export My Data.
You have the right to object to processing based on our legitimate interests. If you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Vulse does not make decisions that produce legal or similarly significant effects based solely on automated processing.
Where processing is based on your consent (e.g. marketing emails), you may withdraw that consent at any time using the unsubscribe link in any email, or from Settings → Notifications.
To exercise any of these rights, please submit a request to privacy@vulse.io or use the form at vulse.io/privacy-request. We will respond within 30 days. In complex cases we may extend this by an additional 2 months and will notify you accordingly. We will not charge a fee for reasonable requests. We may need to verify your identity before processing your request.
If you believe we have handled your data unlawfully, you have the right to lodge a complaint with your national data protection supervisory authority. In Slovakia, this is:
Úrad na ochranu osobných údajov Slovenskej republiky
Hraničná 12, 820 07 Bratislava 27, Slovak Republic
dataprotection.gov.sk
Tel: +421 2 3231 3214
We use cookies and similar tracking technologies on our website and within the application. You can manage your cookie preferences via the cookie banner displayed on your first visit, or at any time through Settings → Privacy → Cookie Preferences.
| Category | Purpose | Consent required? |
|---|---|---|
| Strictly necessary | Authentication session tokens, CSRF protection, load balancing. The Service cannot function without these. | No |
| Functional | Remembering your preferences (language, timezone, UI layout, notification settings). | No |
| Analytics | Aggregate, anonymised usage analytics to improve the product (we use a self-hosted, cookie-less analytics solution). | No (anonymised) |
| Marketing | If you arrive via a partner referral, a cookie records the referral for commission purposes only. No advertising cookies are placed. | Yes |
We do not use Google Analytics, Meta Pixel, or any other advertising tracking network. We do not place third-party advertising cookies on your device.
The Service is intended for use by businesses and professional engineering teams. It is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16.
If we become aware that a child under 16 has provided us with personal data without verifiable parental consent, we will promptly delete that information. If you believe a child has provided us with their data, please contact us at privacy@vulse.io.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Previous versions of this Privacy Policy are archived and available upon request by contacting our DPO. We encourage you to review this policy periodically to stay informed about how we protect your data.
Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy, to the extent permitted by applicable law.
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us through any of the following channels:
We aim to acknowledge all privacy-related enquiries within 2 business days and resolve them within 30 days. For urgent matters relating to a potential data breach or immediate risk to your data, please include "URGENT" in the subject line of your email.
This policy was last reviewed and approved by Vulse s.r.o. legal counsel on 1 January 2026.