Privacy Policy
Last updated: April 13, 2026
1. Introduction
CitiXsys ("we", "us") operates iVend Pulse ("the Service") at pulse.ivend.com. This Privacy Policy explains what data we collect, why, how we use it, and your rights.
2. Data We Collect
2.1 Account Information
When you register, we collect: name, email address, organization name, and job title. This is used to create your account and communicate with you about the Service.
2.2 Operational Metrics (via Agent)
The Pulse Edge Agent installed on your premises collects aggregated infrastructure metrics:
What We Collect
- Health check scores and dimensions
- Server CPU, memory, disk utilization
- Replication queue depths and sync status
- Store online/offline status
- POS terminal connectivity
- ERP integration sync status
- Database index fragmentation levels
- Settlement and EOD processing status
What We Never Collect
- Transaction or sales data
- Customer names or PII
- Payment card or financial data
- Employee personal information
- Product catalog or pricing
- Loyalty member details
- Business financial reports
- Database record contents
Each Agent payload is approximately 3-5KB of JSON, transmitted over HTTPS every 5 minutes.
2.3 Usage Data
We collect standard web analytics: pages visited, features used, browser type, and IP address. This helps us improve the Service.
3. How We Use Your Data
- Provide the Service — Process metrics, generate health scores, power dashboards and alerts
- Communicate — Send transactional emails (welcome, trial ending, billing confirmations)
- Improve — Analyze aggregate usage patterns to improve features
- Support — Respond to help requests and troubleshoot issues
- Comply — Meet legal obligations
We do not sell your data. We do not use your operational metrics for advertising. We do not share individual customer data with third parties except as described below.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Billing email, payment method details |
| SendGrid | Transactional email delivery | Email addresses, email content |
| AWS | Cloud hosting | All Service data (encrypted at rest and in transit) |
| Anthropic (Claude API) | Pulse AI module | Aggregated metrics used in AI queries (no PII) |
5. Data Retention
Operational metrics are retained according to your subscription tier (7 days to 365 days). Account information is retained for the duration of your account plus 30 days after deletion. Billing records are retained as required by law (typically 7 years).
6. Data Security
- All data in transit is encrypted via TLS 1.2+
- All data at rest is encrypted using AES-256
- Tenant isolation — each customer's data is logically separated
- Agent authentication via unique API keys per deployment
- Access controls — role-based permissions within each account
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your data — request a copy of all data we hold about you
- Correct inaccurate data
- Delete your account and all associated data
- Export your data in a machine-readable format
- Object to processing for specific purposes
To exercise these rights, contact us. We will respond within 30 days.
8. Cookies
We use essential cookies for session management and authentication. We do not use third-party tracking cookies or advertising cookies.
9. International Data Transfers
The Service is hosted on AWS. Your data may be processed in regions where AWS operates. We ensure adequate protection through AWS's compliance certifications (SOC 2, ISO 27001).
10. Children's Privacy
The Service is not intended for use by individuals under 18. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this Privacy Policy by posting the revised version here. Material changes will be communicated via email at least 30 days before taking effect.
12. Contact
For privacy questions or data requests:
For privacy questions or data requests, contact us.