Privacy Policy

Ainpulse is a B2B SaaS service for anomaly monitoring of marketing analytics data, operated at ainpulse.com. We provide automated detection of unexpected changes in Google Analytics 4, Google Ads, and Meta Ads properties and deliver alerts via email and Slack. When this policy says "we", "us", or "our", it refers to Ainpulse.

Account data. When you register, we collect your name and email address to create and manage your account. Authentication is handled via Firebase Authentication (Google). We store a user profile in our own PostgreSQL database (Google Cloud SQL, region: europe-west6, Switzerland).

Connected analytics properties. When you connect a GA4 property, Google Ads account, or Meta Ads account, we store the property identifiers and account names you select. OAuth access and refresh tokens are stored encrypted using AES-256-GCM in our database — we never store your Google or Meta credentials in plain text.

Aggregated analytics data. To detect anomalies, we collect aggregated metrics from your connected properties (sessions, users, conversions, ad spend, etc.) and store them in Google BigQuery (region: europe-west6). We do not collect individual end-user identifiers or raw event-level data from your GA4 properties.

Usage and technical data. We log service activity — which rules triggered, when alerts were sent, error logs — for operational purposes. We collect standard server logs including IP address and request timestamps for security.

We use your data solely to operate the Ainpulse service:

• Run scheduled anomaly detection checks against your connected properties
• Deliver email and Slack alerts when anomalies are detected
• Display anomaly history and account status in your dashboard
• Process subscription payments via Stripe
• Send transactional emails (alerts, billing receipts) via SendGrid
• Improve detection accuracy and service reliability

We do not use your analytics data for advertising, profiling, or any purpose other than providing the anomaly detection service you subscribed to. We do not sell your data.

Ainpulse integrates with the following third-party services. Data shared with each is limited to what is necessary for that integration:

Google (Firebase Auth, GA4, Google Ads). Authentication is handled via Google Firebase. Analytics and advertising data is fetched via Google APIs under your authorized OAuth grants. Use of data fetched from Google APIs is subject to the Google API Services User Data Policy, including Limited Use requirements.

Meta (Meta Ads API). Ad performance data is fetched via Meta's Marketing API under your OAuth authorization.

Stripe. Subscription billing is handled by Stripe. We store only Stripe customer IDs and subscription metadata — no payment card data touches our servers.

SendGrid. Alert emails and billing receipts are delivered via SendGrid. Your email address is shared with SendGrid for delivery purposes only.

Slack. If you connect a Slack workspace, alert messages are sent to channels you specify via the Slack API. We store the OAuth token needed to post on your behalf.

Google Cloud Platform. All infrastructure runs on GCP in the europe-west6 region (Zürich, Switzerland): Cloud Run (compute), Cloud SQL / PostgreSQL (relational data), BigQuery (analytics data), Secret Manager (encrypted secrets).

All data is stored on Google Cloud Platform in the europe-west6 region (Switzerland). OAuth refresh tokens are encrypted at rest using AES-256-GCM before database storage. Application secrets are stored in GCP Secret Manager and never written to source code or logs. Access to production infrastructure is restricted to authorized personnel only.

We implement appropriate technical and organizational measures to protect your data from unauthorized access, alteration, or disclosure. No system is completely secure; if you believe your account has been compromised, contact us immediately at admin@ainpulse.com.

We retain your account data and connected property configurations for as long as your account is active. Aggregated analytics metrics in BigQuery are retained for rolling 13 months to support anomaly baseline calculations. Anomaly records and alert history are retained for 12 months. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

Depending on your jurisdiction (including GDPR for EU/EEA users), you may have rights to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; restrict or object to certain processing; and receive your data in a portable format.

To exercise any of these rights, contact us at admin@ainpulse.com. We will respond within 30 days. You may also disconnect any integrated account (GA4, Google Ads, Meta, Slack) at any time from your account settings, which revokes our access to that integration.

We use only the cookies necessary to operate the service: a session authentication cookie issued by Firebase and standard browser storage for UI preferences. No third-party advertising or analytics cookies are set on the ainpulse.com application. You can clear cookies in your browser settings; this will sign you out.

We may update this policy as the product evolves. Material changes will be communicated via email at least 14 days before they take effect. The effective date at the top of this page reflects the most recent revision. Continued use of the service after the effective date constitutes acceptance. For questions, contact admin@ainpulse.com.