1. Who we are
For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, the data controller for personal data collected through the Service is the operator of PulseChain Nexus. You can contact us at hello@pulsechain.nexus.
2. The data we collect
We collect and process the following categories of personal data:
- Account data — name (where provided), email address, hashed password or magic-link token, subscription status, and account preferences.
- Billing data — handled by our payment processor (Stripe). We do not store full card numbers on our own systems; we receive only the masked details and metadata necessary to manage your subscription.
- Communications data — the content of any email, support message, or community message you send to us.
- Usage data — pages visited, articles read, links clicked, time on page, referrer, device type, browser, approximate location (derived from IP), and similar analytics signals.
- Technical data — IP address, user agent, log files, and cookie identifiers.
3. How we use your data and our lawful basis
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Operating your account and delivering the Service you have subscribed to | Performance of a contract |
| Processing payments and preventing fraud | Performance of a contract / Legitimate interests |
| Sending the newsletter and account/transactional emails | Performance of a contract / Consent |
| Analytics and improving the Service | Legitimate interests / Consent (where required) |
| Security, abuse prevention, and enforcing our Terms | Legitimate interests / Legal obligation |
| Complying with tax, accounting and other legal obligations | Legal obligation |
4. Cookies and similar technologies
We use cookies and similar technologies for the following purposes:
- Strictly necessary cookies — to keep you logged in, remember subscription state, and secure the Service. These do not require consent.
- Analytics cookies — to understand how readers use the Service in aggregate. These are loaded only where required consent has been given.
- Advertising cookies — third parties displaying ads on the Service may set their own cookies. See the Disclosures page.
You can control cookies via your browser settings and, where presented, via our cookie banner.
5. Sharing your data
We share personal data only with carefully selected processors that help us run the Service, including:
- Ghost — publishing platform and member management.
- Stripe — payment processing.
- Email delivery providers — for newsletters and transactional email.
- Hosting and CDN providers — for delivering the Service securely.
- Analytics providers — for usage measurement.
Each of these acts under contract and is bound to use your data only for the purposes we instruct. We do not sell your personal data.
We may disclose personal data where required by law, in response to a valid legal request, to enforce our Terms, or to protect our rights, property, or safety, or the rights, property, or safety of others.
6. International transfers
Some of our processors are located outside the United Kingdom and the European Economic Area, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.
7. Retention
We keep personal data only for as long as is necessary for the purposes for which it was collected, including for the duration of your subscription, plus any period required to comply with legal, accounting, or reporting obligations (typically up to 7 years for billing records). Analytics data is retained in aggregated form.
8. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of your data, in certain circumstances.
- Restrict or object to our processing, in certain circumstances.
- Receive a copy of your data in a portable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, email hello@pulsechain.nexus.
9. Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and use of reputable processors. No system is perfectly secure; you remain responsible for keeping your account credentials confidential.
10. Children
The Service is not directed at, and not intended for, persons under the age of 18. We do not knowingly collect personal data from children.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the date of the latest revision.