# Pendulum Pulse — Privacy Policy
Last updated: May 1, 2026
Effective date: May 1, 2026
This policy explains what Pendulum Pulse ("the App," "we," "us") collects, how we use it, and what choices you have. The App is operated by Pendulum
Sales Training ("Pendulum"). If you have questions, email
## Who this applies to
Pendulum Pulse is a sales-performance dashboard sold to companies. If your employer or training partner enrolled you in the App, you are a User and yourcompany is the Customer. The Customer controls how the App is used insidetheir organization; this policy describes Pendulum's role as the serviceprovider.
## What we collect
We collect only what we need to operate the App. There is no advertising, no third-party analytics SDK, and no data sale.
You give us directly when you sign in or use the App:
- Account information — email address, password (hashed by Firebase Authentication; we never see the plaintext), display name, and the company your account belongs to.
- Profile fields — first/last name, optional photo, role (rep, admin, or master_admin), and the Pendulum company slug (e.g. `bdom`).
- Sales activity logs — calls/doors made, meetings booked, pitches completed, closes, revenue, and personal records (PRs). These are entered by you or your admin.
- Goal and quota settings — monthly revenue and activity targets you or your admin configure.
We collect automatically when you use the App:
- Authentication metadata — last sign-in time, last seen timestamp, and the unique user ID Firebase assigns to your account.
- Crash and error logs — when something breaks, we log the error and the
step at which it failed so we can fix it. These logs do not include your password or sales data, but may include your email, your company slug, and the action you were taking.
We do not collect: precise location, contacts, photos other than whatyou upload yourself, microphone or camera input, advertising identifiers, device fingerprints, or browsing history.
## How we use it
- To show you and your admin your dashboard, leaderboards, and pacing math.
- To authenticate you and keep your session secure.
- To send transactional emails — invitations, password resets, and important
service notices. We do not send marketing emails to dashboard users.
- To diagnose bugs and improve the App.
- To enforce our Terms of Service and Acceptable Use Policy.
We do not use your data to train AI models, sell to data brokers, or build advertising profiles.
## Where it lives
The App is built on Google Firebase. Your data is stored in Google Cloud data centers in the United States. The specific Google services we use:
- Firebase Authentication (sign-in)
- Firestore (your dashboard data)
- Firebase Hosting (the web app and mobile WebView shell)
- Firebase Storage (rep photos, when uploaded)
- Firebase Cloud Messaging (push notifications, opt-in)
Google Cloud handles the data per their Data Processing Addendum. Pendulum does not transfer data outside Google Cloud except as described below.
## Who we share it with
- Google Cloud / Firebase — hosting and storage processor. Required for the App to function.
- Your company's admin — anyone with the `admin` or `master_admin` role
in your company can see all reps' activity logs, goals, and revenue numbers within that company. They cannot see other companies' data.
- Pendulum master admin (David Reed) — for support and security incidents only. Pendulum does not browse customer data routinely.
- Law enforcement — only when legally required by valid process, and we will notify the affected customer where permitted.
We do not sell your data. We do not share it with advertisers. We do not share it with any party not named here.
## Push notifications (when enabled)
If you enable push notifications, we send notifications about goal hits,team milestones, and your own daily pacing. Notifications are delivered via
Apple Push Notification service (APNs) on iOS and Firebase Cloud Messagingon Android. You can turn them off any time in your device's Settings or in the App's notification preferences.
## Security
- Passwords are hashed by Firebase Authentication and never stored in plaintext.
- Multi-factor authentication is available on master admin accounts and recommended.
- Tenant data is isolated by Firestore security rules — a rep in one company cannot read another company's data.
- Invite tokens expire after 14 days and become single-use after they are redeemed.
We are a small company and we cannot guarantee perfect security. We will notify affected users without undue delay if we discover a breach involving their data.
## Data retention
- While your account is active: we keep your data as long as your company subscribes and your account is active.
- When you delete your account: we delete your user record, sales activity logs, profile photo, and personal records within 30 days. Your
Firebase Authentication record is deleted at the same time. We may retain audit logs (sign-in timestamps, security events) for up to 12 additional months for security and legal-compliance purposes.
- When your company cancels: the company admin can request deletion of the company workspace; we will purge it within 30 days.
- Backups: daily backups of Firestore are retained for 30 days. Deletion requests are honored on the live database immediately and on backups as
they roll off.
## Your rights
You can:
- See your data — most of it is visible inside the App. For anything else, email [email protected].
- Correct your data — edit your profile and sales logs in the App, or ask your admin.
- Delete your account — tap Delete my account in the sidebar (under your name and Sign Out), or email [email protected]. Deletion completes within 30 days, as above.
- Export your data — email [email protected] and we will send you a JSON export of your records within 30 days.
- Object to processing or restrict use — email us; we will honor reasonable requests within applicable law.
If you live in the EU, UK, California, or another jurisdiction with specific privacy rights (GDPR, UK GDPR, CCPA/CPRA), you have additional rights under those laws. We honor all valid requests under those frameworks.
## Children
Pendulum Pulse is not intended for and may not be used by children under 16. We do not knowingly collect data from children. If you believe a child has created an account, email [email protected] and we will remove it.
## Changes to this policy
We will update this policy when our practices change. Material changes will
be announced inside the App and emailed to active users. The "Last updated"
date at the top of this page reflects the most recent change.
## Contact
Email: [email protected]
Mail: Pendulum Sales Training, [street address], [city, state, zip]
---
*This policy is provided as a starting point and should be reviewed by
counsel before publication. Insert the company's legal mailing address
before going live.*