Pulvo

Privacy Policy

Effective Date: May 25, 2026

This Privacy Policy describes how JIE & P LLC (“Pulvo,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you visit our website, create an account, subscribe to a plan, or otherwise use the Pulvo service (collectively, the “Service”). By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Scope & Roles

Pulvo provides AI-assisted online reputation management tools to local small businesses (each, a “Customer”). This Policy covers two categories of personal information:

  • Account Data — information about Customers and their authorized users (e.g., business owner, staff), including (without limitation) the categories listed in §2 below and, with respect to v3.8 features: any verified phone number you elect to provide for SMS notifications under §6A; your in-product notification history, read/archive state, and notification preferences as described in §6B; and any browser web-push subscription endpoint registered under §6C. With respect to Account Data, Pulvo acts as an independent data controller.
  • Customer Content — data that Customers upload, sync, or otherwise process through the Service, including end-customer contact lists (names, phone numbers, email addresses) used for review requests, and reviews/ratings retrieved from third-party platforms. With respect to Customer Content, Pulvo acts as a data processor on behalf of the Customer, and the Customer is the data controller. The Customer is solely responsible for the lawfulness of its instructions, for obtaining all required consents and disclosures, and for honoring data-subject rights.

2. Information We Collect

2.1 Information You Provide

  • Account & profile: name, email, password (hashed), business name, business address, business phone, role, language preference, billing contact, and an optional mobile phone number (E.164 format) that you may add and verify if you choose to enable SMS notifications to your account (see §6A).
  • Payment information: processed by a PCI-DSS-compliant third-party payment processor. We do not store full card numbers; we receive a token, last-four, brand, and billing zip.
  • Communications: support requests, feedback, survey responses.
  • Customer Content uploads: end-customer contact lists, transaction notes, attestations of consent (see §6).

2.2 Information We Collect Automatically

  • Usage & device data: IP address; approximate geolocation derived from IP address (city / region / country, not GPS-precise); browser type and version; operating system; device-fingerprint elements such as timezone, screen dimensions, preferred language, and browser capability signals; referring and exit pages; pages viewed and clicks; timestamps; and session identifiers.
  • Analytics & error monitoring: small request/response measurements (“beacons”) used to count feature usage, detect performance regressions, and capture client-side errors. Where applicable law requires consent for analytics, we will request it via a cookie banner (see §9).
  • Cookies and similar technologies: see §9.
  • Logs: error logs, API call metadata, audit trails.

2.3 Information from Third Parties

  • Connected platforms: when you connect Google Business Profile (and any additional review platforms Pulvo may add in future releases), we receive review content, reviewer display name, rating, review text, timestamps, and platform-issued identifiers, in accordance with each platform’s API terms. Pulvo does not currently integrate with Facebook/Meta or Yelp.
  • Identity / fraud signals: from our payment processor and similar service providers.

3. How We Use Information

  • Provide, operate, secure, and improve the Service.
  • Generate AI-assisted review replies, insights, alerts, and summaries (see §5).
  • Send review-request messages on behalf of Customers (see §6).
  • Deliver service communications and notifications to authorized account holders across multiple channels (in-product notification feed, email, optional SMS to verified phone, optional browser web push), including critical-event escalation as described in §§6A.3, 6A.4, 6B, and 6C.
  • Persist your in-product notification history for audit, troubleshooting, and access via your account; honor your archive / restore / preference choices; and apply the retention limits in §10.
  • Process payments, manage subscriptions, prevent fraud, and enforce our Terms.
  • Communicate service announcements, security notices, and (with consent where required) marketing.
  • Comply with legal obligations and respond to lawful requests.

4. Legal Bases (where applicable)

Where required by law, we rely on: (a) contract performance — to provide the Service you request; (b) legitimate interests — operating, securing, and improving the Service; (c) consent — for optional features, marketing, and certain cookies; and (d) legal obligation — tax, accounting, anti-fraud, lawful requests.

5. AI Processing & Model Use

Pulvo uses one or more reputable third-party large-language-model (LLM) providers to generate suggested replies, insights, and summaries. Pulvo may add or replace AI providers from time to time, subject to the same contractual restrictions described in this Section. We process the minimum data necessary, including review text, business context, and your reply preferences. We do not permit our AI vendors to use your Customer Content to train their foundation models, and we contractually require zero-retention or short-retention modes where the vendor offers them. The specific identity of our current AI vendor is provided upon request via our Data Processing Addendum (see §8). AI-generated text is a suggestion; the Customer is responsible for reviewing and approving content before it is published or sent (see Terms §7).

6. End-Customer Contact Data & Outbound Messaging on Customer’s Behalf (TCPA / CAN-SPAM / 10DLC)

This section addresses messages the Customer sends to its own end-customers through Pulvo (e.g., review-request SMS / email). It does notaddress communications from Pulvo to the Customer’s account holders — for that, see §6A.

When a Customer uploads end-customer contact information for review-request messaging, the Customer represents and warrants that:

  • It has obtained all consents required by applicable law (including the U.S. Telephone Consumer Protection Act, CAN-SPAM, state mini-TCPA laws, and CTIA / 10DLC carrier requirements) before contacts are messaged through the Service.
  • It has provided its end-customers a clear privacy notice describing how their information will be used.
  • It will honor opt-out requests promptly and instruct Pulvo to suppress contacts when required.

Pulvo provides standard opt-out language (e.g., “Reply STOP to opt out”), maintains a suppression list, and supports rate-limit and quiet-hours settings. Pulvo is not a co-controller of the contact list and cannot independently verify consent at the contact-record level.

6A. Service Communications to Account Holders (Email & Optional SMS)

Pulvo sends service communications to its Customers’ authorized account holders (typically the business owner) for transactional, account, security, and product-operations purposes — including notifications about new reviews requiring response, alerts you have configured, billing events, authentication events, and account changes. These communications are not marketing and are integral to providing the Service.

6A.1 Email (default channel)

We send service communications by email to the address you provide on registration (and any notification-email override configured in Settings). Service-essential email cannot be turned off while your account is active — the alternative is to close the account. Marketing emails (if any) have an independent unsubscribe link.

6A.2 SMS to verified owner mobile phone (opt-in only)

You may, at your option, add and verify a mobile phone number in Settings and elect to receive critical service notifications by SMS as a secondary channel. SMS to your account-holder phone is separate and independent from outbound messaging your business sends to its end-customers under §6, and consent for one does not imply consent for the other.

  • Verification. Adding a phone number triggers a one-time SMS containing a 6-digit code; entering the code confirms control of the device. The number is stored in E.164 format and marked verified only upon successful code entry.
  • Consent.SMS delivery to your phone requires an additional, explicit opt-in checkbox separate from account registration and separate from §6 end-customer-outreach consent. Pulvo retains a record of your consent, the consent text version you accepted, the timestamp, the source IP, and the user-agent string, in an audit log distinct from end-customer consent records (consent purpose: “owner_notification”).
  • Scope & frequency. SMS is used solely for service notifications scoped to your account (e.g., a new 1-star review requiring response, billing failure, security event, trial expiry warning). Frequency is estimated to be fewer than five messages per month under normal operation; frequency may temporarily increase during high-activity periods.
  • Carrier rates. Standard message-and-data rates from your carrier may apply. Pulvo does not charge for SMS delivery. Carriers may also impose their own deliverability limits or filtering.
  • Opt-out. You may opt out at any time by (a) replying STOP to any SMS, (b) toggling SMS off in Settings → Notifications, or (c) removing or unverifying your phone number in Settings. We will cease SMS within one business day. Opting out of owner SMS does not affect §6 end-customer-outreach consent or any other Pulvo service.
  • 10DLC.SMS to U.S. numbers is delivered via 10DLC-registered Application-to-Person (A2P) infrastructure operated by our SMS-gateway sub-processor (identity available upon DPA review per §8). Carriers may apply A2P-specific throttling. Pulvo’s 10DLC registration covers transactional alerts to authorized account holders.
  • U.S. mobile numbers only (v1 scope). SMS opt-in under §6A.2 is currently available only to mobile numbers issued by U.S. carriers (E.164 country code +1 with U.S. North American Numbering Plan area code). Pulvo has not completed sender registration or carrier filings outside the United States, and we will not initiate SMS to non-U.S. mobile numbers. In particular and without limitation: Canadian recipients are excluded pending separate Canada Anti-Spam Legislation (CASL) compliance work; European Economic Area / United Kingdom recipients are excluded pending separate GDPR and PECR analysis; and recipients in jurisdictions requiring local SMS-sender registration (e.g., Japan, South Korea, Singapore, UAE, Saudi Arabia) are excluded until the corresponding registrations are obtained. Email service communications (§6A.1) and email escalation (§6A.3) remain available globally subject to §14 below.

6A.3 Email escalation for unread critical notifications

For critical-severity notifications (e.g., a new 1- or 2-star review, a connection failure that stops review syncing, a billing failure), if the notification remains unread in the Service for a defined interval (currently approximately four hours), we will additionally send an email summary to your registered email address even if you have not opted in to SMS, because email is a service-essential channel under §6A.1. This escalation is a delivery-reliability feature, not marketing, and cannot be independently disabled; the underlying notification can be muted at the alert-rule level.

6A.4 SMS escalation (only if SMS opt-in active)

If you have opted in to SMS under §6A.2 and have a verified phone, critical-severity unread notifications older than approximately two hours will also generate an SMS to your phone. Each notification produces at most one email escalation and at most one SMS escalation.

6A.5 Records of consent and revocation

For each opt-in event, opt-out event, and phone-verification event under §6A, we retain in an audit log: timestamp, source IP, user-agent, the version of the consent text presented, the consent-purpose identifier, a one-way hash of the phone number, and a reference to the account. These records are retained for the duration of the account plus seven (7) years after closure to satisfy applicable TCPA defense and audit obligations, then permanently deleted.

6A.6 Right to revoke; effect of revocation

Revoking SMS consent will not affect the lawfulness of processing carried out prior to revocation. After revocation, we will continue to deliver service communications by email as described in §6A.1 and §6A.3 until the account is closed.

6B. In-Product Notification History

The Service maintains an in-product notification feed accessible from the application’s top navigation. Each notification includes the kind (e.g., new review, alert match, billing event), a severity tier, a timestamp, a human-readable title and body, and a structured reference to the underlying source object (e.g., the review identifier). Notification records are stored within your account in Pulvo’s primary database, encrypted at rest.

  • Long-term retention. Notifications are retained for the lifetime of your account. You may archive any notification from the in-product UI (soft delete). Archived notifications remain restorable for one (1) year after archive, after which they are permanently deleted on a daily Celery-scheduled job. Records of escalation (whether email/SMS were sent) are retained on the same schedule.
  • Export and deletion. You may request a full export of your notification history, or accelerated deletion, by writing to privacy@pulvo.ai. Accelerated deletion may be limited where the underlying notification is also referenced by an applicable legal-hold or by another retention obligation (e.g., billing records).
  • Relationship to alerts.Notifications generated by user-configured Alert Rules (see Settings → Alert Rules) are tagged with the originating rule’s identifier in the stored record, allowing you to trace back which alert produced which notification.

6C. Browser (Web Push) Notifications

If you grant the Service permission via your browser, Pulvo may deliver critical-severity service notifications using the browser’s native Web Notifications API. These notifications appear at the operating-system level (outside the browser tab) and remain visible until acknowledged.

  • Permission is browser-controlled.Pulvo cannot send a web-push notification unless you have explicitly granted notification permission to our domain in your browser. You may revoke this permission at any time via your browser’s site-settings panel. Revocation takes effect immediately and is not tracked by Pulvo (it is a browser-side state).
  • Content scope. Web-push payloads include only the notification title, a short body, and a deep link back into the Service. They do not include sensitive personal data, payment data, or end-customer contact data.
  • Visibility risk. Web-push notifications may appear on your screen while it is visible to other persons (e.g., during screen-sharing or in shared physical spaces). You are responsible for managing this risk in your own environment.
  • No marketing. Pulvo will not use the web-push channel for marketing communications.

7. Reviewer Privacy & Removal

Reviews retrieved from public platforms include the reviewer’s display name, rating, text, and timestamp as published. We do not attempt to re-identify reviewers, enrich their data, or sell reviewer information. If you are a reviewer and would like Pulvo to remove cached review content relating to you, contact privacy@pulvo.ai; note that we cannot remove the underlying review from the source platform.

Verification & response timeline.Before fulfilling a removal request we may require you to verify your identity by commercially reasonable means — for example, by replying from the email address associated with the reviewer account on the source platform, or by providing a copy of the review URL together with a contemporaneous statement of identity. We will respond to a verified removal request within forty-five (45) days, with one (1) discretionary extension of up to forty-five (45) additional days where reasonably necessary, in line with CCPA §1798.130 and GDPR Article 12(3). Unverified requests will be acknowledged with instructions on how to complete verification.

8. How We Share Information

  • Service providers / sub-processors.We engage third parties to provide infrastructure and supporting services in defined categories: cloud hosting and operational infrastructure; transactional database and storage services; AI / large-language-model providers (subject to the no-training restriction in §5); email-delivery services for transactional and service email; SMS-gateway services for §6 end-customer outreach and §6A owner notifications; PCI-DSS-compliant payment processing; analytics and error monitoring; and customer-support tooling. Each sub-processor is engaged under written terms requiring confidentiality and limiting use to providing the contracted services. We describe sub-processors by category rather than name them inline in order to reduce the operational-security attack surface that publishing the full supply chain creates — this approach is consistent with industry-standard practice (e.g., how comparable B2B SaaS providers handle DPA disclosure). A complete and current sub-processor list — including hosting-provider identity, payment-processor identity, AI vendor identity, SMS-gateway identity, email-delivery identity, and processing locations — is available upon written request to privacy@pulvo.ai together with our Data Processing Addendum (DPA) for the purpose of GDPR Article 28 or state-privacy-law processor review.
  • Connected platforms: Google Business Profile, when you instruct us (e.g., publishing a reply); additional review platforms Pulvo may integrate in future releases.
  • Compliance, safety & legal: to comply with law, lawful requests, enforce our Terms, prevent fraud, or protect rights, property, or safety.
  • Corporate transactions: in connection with a merger, acquisition, financing, or asset sale, subject to confidentiality.
  • With your consent for any other disclosure.

We do not sellpersonal information for monetary consideration, and we do not engage in cross-context behavioral advertising that would qualify as a “sale” or “share” under the CCPA/CPRA.

Specifically, data obtained from Google APIs is used and transferred only in compliance with the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to develop, improve, or train generalized AI/ML models.

9. Cookies & Similar Tracking Technologies

Pulvo uses a small number of cookies and similar local-storage technologies, organized in the following categories. We do not use third-party advertising cookies, retargeting pixels, or cross-site behavioral tracking.

  • Strictly-necessary cookies and storage. Required to operate the Service. Examples: a session identifier used to keep you signed in; JWT access and refresh tokens stored in browser local-storage to authenticate API calls; a CSRF token for cross-site-request-forgery protection; and the OAuth state cookie used to defend against authentication interception. These are set when you sign in and cleared when you sign out or after their natural expiry (session for the session cookie; up to seven days for the refresh token). The Service will not function without these.
  • Functional cookies and storage. Used to remember your preferences. Examples: the pulvo_locale cookie storing your selected interface language (1 year); your last-seen notification timestamp persisted in browser local-storage (1 year); your active-business-location selection on multi-location accounts.
  • Analytics & error-monitoring beacons. Used to count feature usage and capture client-side errors so we can fix them. These are first-party measurements; we do not share or sell them. In jurisdictions where consent is required for analytics (e.g., EEA / UK under the e-Privacy Directive), we will request that consent via a cookie banner before placing them.

Do Not Track (DNT) and Global Privacy Control (GPC). Pulvo honors the GPC signal for users whose state law treats it as a valid opt-out request (currently California, Colorado, and Connecticut). We do not respond to legacy DNT browser headers, which lack a consistent meaning across browsers.

Cookie consent banner. The Service does not currently present a cookie consent banner because the v1 launch is U.S.-scoped (see §14) and the only cookies set without explicit in-product action are strictly-necessary cookies (which do not require consent under the GDPR e-Privacy Directive). Before launching in any jurisdiction whose law requires prior consent for non-strictly-necessary cookies (EEA, UK, Brazil, certain Asian jurisdictions), Pulvo will add a consent banner to this Service and update this Policy accordingly.

You can manage cookies in your browser. Some features (notably authentication) will not work if you block strictly-necessary cookies.

10. Data Retention

We retain personal information for the period reasonably necessary to achieve the purpose for which it was collected and to satisfy the legal, regulatory, accounting, and compliance obligations that attach to that purpose. Retention is therefore purpose-tied rather than expressed as a single timeline; the categories below describe the actual purposes that drive retention in the Pulvo Service.

  • Active Account Data and Customer Content: retained for as long as we continue providing the Service to you under your subscription.
  • Free-trial accounts that do not convert: Customer Content and connected-platform data are deleted within thirty (30) days after trial expiry. The associated trial-claim record (see PRD §1 anti-abuse BusinessTrialClaim) survives purge to prevent the per-business trial from being consumed twice; it stores only the Google Business Profile identifier and a timestamp, with no personal information.
  • Account deletion lifecycle: Account deletion requests must be confirmed via a verification link sent to your registered email address (single-use, valid 24 hours). After confirmation, your account enters a 30-day grace period during which you may cancel the deletion by signing back in. After the grace period expires, your Account Data and Customer Content are permanently deleted from primary storage, subject to the carve-outs below. Email confirmation satisfies our identity-verification obligation under CCPA §999.323 (Verifiable Consumer Request).
  • Tax, accounting, and billing records: retained for the period required by applicable financial-reporting and tax law (typically seven (7) years in the United States), even after account deletion, in order to satisfy IRS, state Department of Revenue, and analogous foreign-jurisdiction audit obligations.
  • Security and audit logs:retained for as long as reasonably necessary to investigate incidents, defend legal claims, demonstrate regulatory compliance, and detect or prevent fraud and abuse — typically twelve (12) months for routine access and request logs; longer where a record is relevant to an active investigation, legal hold, or regulatory matter (in which case the retention period extends until that matter is closed).
  • Owner SMS / phone-verification consent records:consent and revocation events for §6A SMS opt-in are retained for the duration of the account plus seven (7) years post-closure, in order to provide a defensible record under the U.S. Telephone Consumer Protection Act’s four-year (and tolling-extended) statute of limitations (see §6A.5).
  • Notification history: in-product notifications (see §6B) are retained for the lifetime of your account, subject to user-initiated archive followed by a one-year archive-restore window, after which permanent deletion runs automatically. Retention beyond archive serves only your ability to restore on demand; we do not analyze or mine archived notifications.
  • De-identified / aggregate analytics: data that has been de-identified or aggregated to a degree that re-identification of any specific Customer or end-user is not reasonably possible may be retained indefinitely for product-improvement and benchmarking purposes, consistent with the limits in Terms §4.
  • Backups: Account Data may persist in offline rotation-protected backups for up to ninety (90) days after deletion from primary storage, after which scheduled backup rotation overwrites the relevant records. Backups are not subject to read access for purposes other than disaster recovery; per-record deletion from backup media is not technically feasible until the rotation cycle completes.
  • Records subject to legal hold: notwithstanding any other provision of this Section, records identified as relevant to anticipated, threatened, or pending litigation, a government investigation, an active subpoena, or a regulatory inquiry will be preserved until the relevant matter is resolved and the hold is released.

11. Security

We use administrative, technical, and physical safeguards intended to protect personal information, including encryption in transit, encryption at rest for sensitive fields, principle-of-least-privilege access controls, audit logging, secret management, and routine vulnerability scanning. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11A. Security Incident Response & Notification

We maintain an internal incident-response process designed to identify, investigate, contain, and (where required) notify affected parties of security incidents involving personal information. Where a confirmed incident triggers a notification obligation under applicable law — including the breach-notification provisions of U.S. state law (such as California, Colorado, Connecticut, Virginia, Texas, and similar regimes), GDPR Article 33 (for Customers subject to that regime), or analogous foreign laws — we will provide notification in accordance with the timelines, recipients, and content requirements those laws prescribe.

Where notification is provided, it will be delivered to the registered account email and (where the severity warrants) via the in-product Notification Center described in §6B, and will include, to the extent then known: (a) the nature of the incident (including where possible the categories and approximate number of records concerned); (b) the likely consequences; (c) the measures we have taken or propose to take to address the incident and mitigate adverse effects; and (d) the contact point at Pulvo for further information. Where complete information is not yet available at the time of an initial notification, we may send the initial notification followed by supplementary information as it becomes known.

For Customers acting as data controllers under GDPR or comparable laws where Pulvo acts as their processor, we will reasonably cooperate with the Customer’s own notification obligations to data subjects or regulators, including by providing the information described above on a timely basis. Customers remain solely responsible for any onward notification obligations they owe to their own end-customers, employees, business partners, or regulators.

For the avoidance of doubt, a “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information transmitted, stored, or otherwise processed by Pulvo — consistent with the definition in GDPR Article 4(12). Trivial events that do not rise to this threshold (e.g., a single failed authentication attempt, a routine spam-bot probe, an internal-only data-access anomaly resolved before personal information was exposed) are not breaches for purposes of this Section. Whether a given event constitutes a Personal Data Breach is determined by Pulvo in good faith based on the facts available at the time of investigation.

12. Your Rights (U.S. State Privacy Laws)

Depending on your state of residence (including California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and similar states), you may have rights to: access; correct; delete; obtain a portable copy; opt out of sale, sharing, or targeted advertising; opt out of certain profiling; and limit use of sensitive personal information. To exercise these rights, email privacy@pulvo.ai. We will verify your identity before fulfilling a request and will respond within the legally required timeframe. You may designate an authorized agent. We will not retaliate against you for exercising your rights. If your request relates to Customer Content, we will route it to the relevant Customer (the data controller).

California “Shine the Light”:California residents may request information about disclosures to third parties for those parties’ direct marketing purposes. We do not make such disclosures.

13. Children’s Privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from any child under sixteen (16) years of age in any jurisdiction, and in the United States we do not knowingly collect personal information from any child under thirteen (13) years of age as defined by the Children’s Online Privacy Protection Act (COPPA). If you believe a child has provided us information, contact privacy@pulvo.ai and we will take steps to delete it without unnecessary delay.

14. International Users & Country-Specific Availability

The Service is operated and hosted in the United States. If you access the Service from outside the U.S., you consent to the transfer and processing of your information in the U.S. and other jurisdictions where we or our service providers operate, which may have different data-protection rules than your home country. For users in the European Economic Area, United Kingdom, or Switzerland, transfers occur subject to the European Commission’s Standard Contractual Clauses (SCCs) or an equivalent transfer mechanism; a copy of the applicable SCCs is available upon request to privacy@pulvo.ai.

Feature availability by region (v1 launch scope). Several features of the Service are scoped by region:

  • Owner SMS Notifications (§6A.2): available only to U.S. mobile numbers, as described in §6A.2. Will expand to additional jurisdictions in future releases subject to local regulatory registration and consent-framework analysis.
  • Email service communications (§6A.1) and Browser Web Push (§6C): available globally, subject to local consent and data-transfer requirements.
  • End-customer outreach SMS (§6) configured by Customers: currently supported only for U.S. end-customer mobile numbers via 10DLC infrastructure. Customers in other regions may not use the SMS outreach feature pending separate sender registration in the destination country.
  • Connected platforms (§2.3):Google Business Profile coverage tracks Google’s own geographic availability. Other connected platforms (Facebook, Yelp, etc.) may be region-limited.

Country-specific privacy notices.This Privacy Policy is published in English. The Service’s user-interface elements are available in multiple languages. In the event of any inconsistency between an unofficial translation of this Policy and the English version, the English version governs. If you are located in a jurisdiction that requires a privacy notice in the local language (including but not limited to Japan under APPI, South Korea under PIPA, mainland China under PIPL, Vietnam under Decree 13/2023, Indonesia under PDP Law, the United Arab Emirates under the Federal Personal Data Protection Law, or Saudi Arabia under PDPL), please contact privacy@pulvo.ai before using the Service to confirm whether Pulvo has completed the corresponding compliance steps for your jurisdiction.

Data-residency.Pulvo currently stores Account Data and Customer Content in U.S. data centers. If your jurisdiction’s law requires data-residency in-country (e.g., certain sectoral rules in mainland China, Russia, Vietnam, or the United Arab Emirates), please confirm with privacy@pulvo.ai before signing up. We may decline to provide service where required residency cannot be honored.

15. Third-Party Services & Links

The Service integrates with and links to third-party platforms in the categories described in §8. For your direct awareness, this includes the review platforms you authorize via OAuth (notably Google Business Profile, which you connect explicitly in onboarding) and the sub-processor categories enumerated in §8. Their handling of your information is governed by their own privacy policies, which we encourage you to review. The specific identity of our payment processor, AI vendor, SMS gateway, and email-delivery provider is provided via Pulvo’s Data Processing Addendum upon written request.

16. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the Service or by email. Your continued use of the Service after the effective date of the updated Policy constitutes acceptance.

17. Contact Us

JIE & P LLC
100 N Howard St, Ste R, Spokane, WA 99201
State of Incorporation: Washington
Email: privacy@pulvo.ai

This document is a working draft and is not legal advice. It should be reviewed and finalized by qualified counsel familiar with SaaS, AI, TCPA/CAN-SPAM, CCPA/CPRA, GDPR, APPI (Japan), PIPA (South Korea), PIPL (mainland China), PDPA (Singapore/Thailand), and applicable platform API terms before publication. Specific items requiring counsel review prior to launch: (i) confirmation of all sub-processor written agreements implied by §8 (DPAs actually executed with each sub-processor in the categories enumerated there); (ii) sign-off on the Owner SMS opt-in flow and TCPA consent text in §6A; (iii) confirmation of 10DLC sender registration coverage stated in §6A.2 (already approved at TCR registration time, but verify language matches the registered campaign use case); (iv) for any non-U.S. launch, completion of the localized privacy notice and consent framework referenced in §14.