PulseDojo.ai ("PulseDojo", "we", "us") provides a multi-tenant software-as-a-service platform used by martial arts federations and dojos ("tenants") to run their operations. This policy describes how PulseDojo itself collects and handles personal information. Each tenant dojo is an independent controller of its students' personal information and maintains its own privacy notice — see the specific dojo site for that.
1. Scope and jurisdiction
PulseDojo is operated from Canada and is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and, where applicable, provincial privacy law in the province of Alberta. Tenant dojos operating in other jurisdictions remain responsible for their own regional compliance (GDPR, CCPA, etc.).
2. Information we collect
As the platform operator, PulseDojo's own direct data collection is limited. We collect:
- Platform inquiry contacts: name and email address submitted via the hello@pulsedojo.ai and support@pulsedojo.ai email addresses.
- Tenant administrator accounts: name, email, hashed password, and audit metadata for the admin users we provision for each tenant organization.
- Operational telemetry: aggregated request logs, error traces (via Sentry), and anti-abuse rate-limit counters. These contain IP addresses and user-agent strings but are not used for profiling individuals.
- Payment metadata (tenant-level): Stripe Connect account IDs and transaction references needed to reconcile our platform application fee.
Personal information about individual students, parents, and instructors of a specific dojo is collected and controlled by that tenant dojo, not by PulseDojo. PulseDojo processes that data on the tenant's behalf under a data-processor role.
3. Why we collect it
- Provisioning and supporting tenant accounts
- Responding to sales, support, and compliance inquiries
- Operating, securing, and improving the platform
- Detecting abuse and enforcing acceptable-use policy (see Terms of Service)
- Meeting legal obligations (tax records, court orders, PIPEDA data-subject requests)
4. Sub-processors
PulseDojo relies on these third parties to process personal information. Each is bound by its own privacy commitments and relevant data-transfer safeguards:
- Stripe, Inc. (United States / global) — payment processing via Stripe Connect
- Supabase Inc. (Canadian region) — primary database hosting
- Vercel Inc. (United States) — web hosting and delivery
- Twilio Inc. (United States) — SMS delivery (tenant-configured, opt-in only)
- Resend, Inc. (United States) — transactional email delivery
- Sentry (Functional Software, Inc.) (United States) — error monitoring (may contain user identifiers in diagnostic traces)
We also use supporting infrastructure providers (content delivery, caching, realtime messaging, rate-limit counters) that handle either no personal information or transient technical data only. The full current list is available on request at privacy@pulsedojo.ai.
Some sub-processors are located outside Canada. Tenants with strict data-residency requirements may opt into bring-your-own-database (BYOD) to keep student records in a database of their choice.
5. Consent and anti-spam compliance
PulseDojo never pre-checks SMS or email opt-in boxes. All marketing and transactional messaging consent is collected at the point of registration and logged with a timestamp in the consent audit log. SMS delivery requires three separate consent conditions (explicit opt-in, notification preference, and a present phone number) in line with Canada's Anti-Spam Legislation (CASL).
6. Retention
Platform inquiry emails are retained for up to 24 months for sales continuity. Tenant audit logs are retained for the life of the tenant account plus 7 years for financial compliance (CRA minimum for non-profit dojos). Tenants may request early deletion of their data under PIPEDA.
7. Your rights
Under PIPEDA you have the right to access, correct, and request deletion of personal information PulseDojo holds about you. Data-subject requests can be submitted to privacy@pulsedojo.ai. We respond within 30 days. If the data concerns a specific dojo's student record, we will route your request to that tenant (they are the controller for that information).
8. Security
PulseDojo applies strong database isolation between tenants, encryption of sensitive fields, securely hashed passwords, and full audit logging of all administrative actions. All platform traffic is served over modern HTTPS encryption.
10. Changes to this policy
Material changes are announced via email to tenant administrators at least 30 days in advance. The "Last updated" date at the top of this page reflects the most recent change.
11. Contact
PulseDojo.ai — Privacy
Calgary, Alberta, Canada
Email: privacy@pulsedojo.ai
If we do not resolve your complaint to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada.