Privacy Notice

Your privacy matters to us. This notice explains how CX Pulse collects, uses, and protects your information.

Effective Date: February 2025 · Last Updated: February 2025

This Privacy Notice ("Notice") describes how CX Pulse (www.cxpulse.app) ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects the personal data and information of users of our platform and services. This Notice applies to all individuals who interact with our Service, including account holders ("Form Creators") and individuals who respond to surveys and forms created on our platform ("Respondents").

This Notice is published in compliance with the following Indian laws and regulations:

  • Information Technology Act, 2000 (including Section 43A and Section 72A)
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")
  • Digital Personal Data Protection Act, 2023 ("DPDPA")

1. Information We Collect

1.1 Information You Provide Directly (Account Data)

When you create an account or use our Service, you may provide:

  • Account Information: Name, email address, and password (hashed and stored securely)
  • Profile Information: Organisation name, role, and preferences
  • Billing Information: Payment details, billing address, and GST identification number (for paid plans, processed by third-party payment processors)
  • Communications: Any information you provide when contacting our support team, submitting feedback, or participating in surveys about our Service

1.2 Survey and Form Data

  • Form Content: Survey questions, form structures, logic rules, branding configurations, and translations created by Form Creators
  • Response Data: Answers, selections, ratings, text responses, and any other data submitted by Respondents through forms created on our platform
  • AI Conversation Data: Follow-up questions generated by AI and the corresponding responses from Respondents during conversational survey sessions

1.3 Automatically Collected Information (Usage Data)

When you access our Service, we automatically collect:

  • Device Information: Browser type, operating system, device type, and screen resolution
  • Log Data: IP address, access times, pages viewed, referring URL, and actions taken within the Service
  • Performance Data: Page load times, errors, and system performance metrics
  • Analytics Data: Information collected through cookies and similar technologies (see Section 10)

1.4 Information from Third-Party Services

If you sign in using third-party authentication providers (such as Google), we receive basic profile information (name, email, profile picture) as authorised by you through those services.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

  • To create and manage your account
  • To provide, operate, and maintain the Service
  • To process and store survey forms and responses
  • To generate analytics, insights, and reports from survey data
  • To enable AI-powered features including conversational follow-ups and sentiment analysis
  • To facilitate data export and integrations

2.2 Communication

  • To send you service-related notifications, updates, and security alerts
  • To respond to your enquiries, support requests, and feedback
  • To send promotional communications (only with your consent, and you can opt out at any time)

2.3 Improvement and Development

  • To analyse usage patterns and improve the Service
  • To develop new features and functionality
  • To conduct research using aggregated and anonymised data
  • To monitor and prevent fraud, abuse, and security threats

2.4 Legal and Compliance

  • To comply with applicable laws, regulations, and legal processes
  • To enforce our Terms of Use and other agreements
  • To protect the rights, property, and safety of CX Pulse, our users, and the public

3. AI & Automated Processing

3.1 How AI Processes Your Data

CX Pulse uses artificial intelligence to enhance the survey experience. Our AI features include:

  • Conversational Follow-Ups: When enabled, AI analyses a respondent's answers in real time and generates contextual follow-up questions to gather deeper insights. The AI processes the respondent's current and prior answers within the same survey session to generate relevant questions.
  • Sentiment Analysis: AI analyses text responses to determine sentiment (positive, negative, or neutral) and identify key themes across responses.
  • AI-Generated Insights: AI processes aggregated response data to generate summaries, identify trends, highlight actionable insights, and provide recommendations for Form Creators.
  • Survey Generation: AI can generate survey questions and structures based on user-provided topics and objectives.
  • Translation: AI assists with translating survey content into multiple languages.

3.2 Third-Party AI Providers

We use AI services from providers including OpenAI and Anthropic (Claude) to power our AI features. When AI features are used:

  • Survey content and response data are sent to AI providers' APIs for processing
  • Data sent to AI providers is processed in transit and is not stored by these providers beyond the API request lifecycle (subject to their data retention policies for API usage)
  • Our AI providers are contractually obligated not to use customer data to train their general-purpose models
  • We minimise the data sent to AI providers to only what is necessary for the specific feature being used

3.3 Automated Decision-Making

Our AI features provide supplementary insights and suggestions. No significant decisions affecting individuals are made solely through automated processing. Form Creators retain full control over how AI-generated insights are interpreted and acted upon.

4. Data Sharing & Third-Party Services

We do not sell your personal data. We share information only in the following circumstances:

4.1 Service Providers

We engage the following categories of third-party service providers:

  • Supabase: Authentication, database hosting, and storage. Supabase processes account data and survey data on our behalf.
  • AI Providers (OpenAI, Anthropic): Processing survey data for AI-powered features as described in Section 3.
  • Analytics Providers: We use Google Analytics (via Google Tag Manager) to understand usage patterns on our marketing pages. Analytics data is collected in aggregated form.
  • Email Service Providers: For sending transactional emails and notifications.
  • Payment Processors: For processing payments on paid plans. We do not store your complete payment card details on our servers.

4.2 Form Creators

If you are a Respondent, your survey responses are shared with the Form Creator who created the survey. The Form Creator determines the purposes and means of processing your Response Data. We encourage Form Creators to maintain their own privacy policies informing Respondents about how their data will be used.

4.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including under the Information Technology Act, 2000, or in response to a lawful request by Indian authorities.

4.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.5 With Your Consent

We may share your information with third parties when you have provided explicit consent for such sharing.

5. Data Storage & Security

5.1 Data Storage

Your data is stored on servers operated by Supabase, our infrastructure provider. Our primary data storage is hosted on cloud infrastructure with data centres that employ industry-standard physical and environmental security measures.

5.2 Security Measures

We implement reasonable security practices and procedures as required under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These include:

  • Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
  • Authentication: Secure password hashing, support for multi-factor authentication, and session management through Supabase Auth
  • Access Controls: Role-based access controls ensuring that only authorised personnel can access user data
  • Row-Level Security: Database-level security policies ensuring users can only access their own data
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Incident Response: Documented procedures for detecting, reporting, and responding to data security incidents

5.3 Security Limitations

While we implement robust security measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your information for as long as necessary to fulfil the purposes described in this Notice, unless a longer retention period is required or permitted by law.

  • Account Data: Retained for the duration of your account and for 30 days after account deletion to allow for data recovery
  • Survey and Response Data: Retained for the duration of the Form Creator's account. Form Creators may delete individual surveys and responses at any time.
  • Usage and Log Data: Retained for up to 12 months for analytics and security purposes
  • Backup Data: Backups may be retained for up to 90 days before being purged
  • Legal Obligations: Certain data may be retained longer if required by applicable law, regulation, or legal proceedings

When data is no longer needed, it is securely deleted or anonymised in accordance with our data retention procedures.

7. Your Rights

Under Indian data protection law, including the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000, you have the following rights:

7.1 Right to Access

You have the right to obtain confirmation as to whether your personal data is being processed by us and to access a summary of such data. You can access most of your data directly through your account dashboard.

7.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal data. You can update your account information directly through the Service, or contact us for assistance.

7.3 Right to Erasure

You have the right to request deletion of your personal data where the data is no longer necessary for the purpose for which it was collected. You may request account and data deletion by contacting us at support@cxpulse.in.

7.4 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

7.5 Right to Grievance Redressal

You have the right to register a complaint with our Grievance Officer (see Section 12). If you are not satisfied with our response, you have the right to approach the Data Protection Board of India established under the DPDPA 2023.

7.6 Right to Nominate

Under the DPDPA 2023, you have the right to nominate any other individual who shall, in the event of your death or incapacity, exercise your rights with respect to your personal data.

7.7 Exercising Your Rights

To exercise any of the rights described above, please contact us at support@cxpulse.in or write to our Grievance Officer. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. Children's Privacy

CX Pulse is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such data as soon as possible.

If you are a parent or guardian and believe that your child has provided personal data to us, please contact us at support@cxpulse.in so that we can take appropriate action.

Form Creators must not create surveys intended to collect data from children without appropriate parental or guardian consent as required under the DPDPA 2023 and other applicable laws.

9. International Data Transfers

Our Service is operated from India. However, our infrastructure providers and AI service providers may process data in locations outside of India, including the United States and other jurisdictions.

When your data is transferred outside India, we ensure that:

  • Appropriate contractual safeguards are in place with our service providers, including data processing agreements
  • The receiving jurisdiction provides an adequate level of data protection, or additional protective measures are implemented
  • Such transfers comply with the requirements of the DPDPA 2023 and any rules or notifications issued by the Central Government of India regarding cross-border data transfers
  • Data is transferred only to the extent necessary for the purposes described in this Notice

By using the Service, you acknowledge and consent to the transfer of your data to jurisdictions outside India as described above, subject to the safeguards we implement.

10. Cookies & Tracking

10.1 What Are Cookies

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work efficiently and to provide reporting information.

10.2 Cookies We Use

  • Essential Cookies: Required for the operation of our Service, including authentication cookies (managed by Supabase Auth) and session management cookies. These cookies cannot be disabled.
  • Analytics Cookies: Used to collect information about how visitors use our website (via Google Analytics / Google Tag Manager). The information is aggregated and used to improve the Service.
  • Preference Cookies: Used to remember your preferences and settings, such as language preferences and UI customisations.

10.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies or to notify you when a cookie is being set. However, if you disable essential cookies, some parts of the Service may not function properly.

10.4 Do Not Track

We currently do not respond to "Do Not Track" signals in browsers, as there is no universally accepted standard for how to respond to such signals.

11. Changes to This Policy

We may update this Privacy Notice from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this Notice
  • Notify registered users by email
  • Display a prominent notice on our website

We encourage you to review this Notice periodically to stay informed about how we are protecting your data. Your continued use of the Service after any changes to this Notice constitutes your acceptance of the updated Notice.

12. Grievance Officer

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address any concerns or grievances related to the processing of your personal data.

Grievance Officer Details

  • Name: Grievance Officer, CX Pulse
  • Email: grievance@cxpulse.app
  • Response Time: We shall acknowledge your grievance within 24 hours and resolve it within 15 days of receipt, in accordance with applicable law.

If you are not satisfied with the resolution provided by our Grievance Officer, you may approach the Data Protection Board of India as constituted under the Digital Personal Data Protection Act, 2023.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Notice or our data practices, please contact us:

By using CX Pulse, you acknowledge that you have read and understood this Privacy Notice and consent to the collection, use, and processing of your information as described herein.

Back to Home