Last updated: June 2026
StudPulse ("we", "our", or "us") operates the StudPulse platform โ an AI-native horse management system for breeding, boarding, and stud management.
This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it. It is designed to comply with the General Data Protection Regulation (GDPR), the EU Artificial Intelligence Act (AI Act), and applicable US privacy laws including the California Consumer Privacy Act (CCPA/CPRA), the CAN-SPAM Act, COPPA, and the Nevada Privacy Law (SB 220).
To ensure maximum data sovereignty and privacy, all StudPulse application servers, databases, and AI models are hosted exclusively within the European Union.
Data Protection Contact: StudPulse is a startup and, based on the nature and scale of our processing, is not required to appoint a formal Data Protection Officer (DPO) under GDPR Art. 37. Our designated privacy contact handles all data protection enquiries and can be reached at support@studpulse.com.
For the purposes of the GDPR, StudPulse acts as the Data Controller for your account information. For the equine and farm data you input into the platform regarding your clients, boarders, or staff, you act as the Data Controller and StudPulse acts as the Data Processor.
We collect the following categories of information:
Under the GDPR, we process your personal data only when we have a valid legal basis. The table below maps each processing activity to its specific lawful basis:
| Processing Activity | Legal Basis (Art. 6) |
|---|---|
| Provide and operate the StudPulse platform (account creation, authentication, core features) | Contract performance โ Art. 6(1)(b) |
| Power the AI Barn Agent (horse records and conversation history used as AI context) | Contract performance โ Art. 6(1)(b) |
| Send push notifications for bookings, reminders, and care alerts | Consent โ Art. 6(1)(a) (you explicitly opt in to push notifications) |
| Voice transcription and storage for AI Barn Agent commands | Consent โ Art. 6(1)(a) (requires explicit opt-in before recording begins) |
| Generate AI-powered dashboard summaries and analytics | Contract performance โ Art. 6(1)(b) |
| Send transactional emails (password resets, invitation links, account notifications) | Contract performance โ Art. 6(1)(b) |
| Send marketing or promotional emails (if any) | Consent โ Art. 6(1)(a) (opt-in required; every marketing email includes an unsubscribe link in compliance with the CAN-SPAM Act) |
| Detect and prevent fraudulent or abusive use | Legitimate interests โ Art. 6(1)(f) (securing the platform and its users) |
| Improve and develop new features | Legitimate interests โ Art. 6(1)(f) (only anonymised, aggregated data is used for analysis) |
| Website analytics via Google Analytics 4 | Consent โ Art. 6(1)(a) (cookie consent banner shown to EU/EEA visitors; GA loads only after consent is given) |
Because StudPulse is an AI-native platform powered by generative AI (Google Gemini), we strictly adhere to the transparency and safety requirements of the EU AI Act:
We use Google Analytics 4 (property ID: G-G9WWE3TGC6) on our marketing website to understand visitor behaviour. In compliance with the ePrivacy Directive and GDPR, a cookie consent banner is displayed to visitors from the EU/EEA on their first visit. Google Analytics is only loaded after you have given explicit consent. You can withdraw consent or opt out at any time via the Google Analytics Opt-out Browser Add-on.
We also set functional cookies strictly necessary for authentication (JWT session management) and your language preference (studpulse_lang). These cookies do not track you across other websites and are set on the lawful basis of contract performance; they cannot be disabled without breaking the service.
We do not sell your personal data. We share data only with the following sub-processors and only to the extent necessary to operate the service. All sub-processors are contractually bound by Data Processing Agreements (DPAs) under GDPR Art. 28.
| Sub-Processor | Role | Data Transferred | Location & Transfer Mechanism |
|---|---|---|---|
| EU Cloud Hosting Provider | Server infrastructure & database storage | All application data | European Union โ no cross-border transfer |
| Google LLC (Google Analytics 4) | Website analytics (consent-gated) | Anonymised usage statistics, truncated IP address | US โ EU-U.S. Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs) |
| Google LLC (Gemini AI API) | AI language model for Barn Agent | Horse records, conversation history (organisation-scoped) | EU endpoints โ Google DPA (GDPR Art. 28); no data used for model training |
| Email Delivery Service | Transactional emails (password resets, invitations) | Email address, message content | EU or SCC-covered jurisdiction |
International Data Transfers: Where data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through Standard Contractual Clauses (SCCs) approved by the European Commission, or by relying on the EU-U.S. Data Privacy Framework (DPF) where applicable (GDPR Art. 44โ49).
We retain data only as long as necessary for the purposes described in this policy:
| Data Category | Retention Period |
|---|---|
| Account data (name, email, organisation) | Until account deletion + up to 90 days for deletion processing |
| Horse & farm records, event logs | Until account deletion + up to 90 days |
| AI conversation history (Barn Agent threads) | Until account deletion + up to 90 days; users may delete individual threads at any time |
| Voice transcriptions | Until deleted by user via AI settings, or on account deletion + 90 days |
| Push notification tokens | Until subscription is revoked by the user or browser, or on account deletion |
| Device & technical logs (IP addresses, error logs) | 90-day rolling window |
| Google Analytics data | 14 months (per GA retention settings); subject to Google's Privacy Policy |
| Anonymised aggregated statistics | Indefinite (cannot be linked back to any individual) |
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection law, you have the right to:
To exercise any of these rights, contact us at support@studpulse.com. We will respond within 30 days and, in complex cases, within 90 days with advance notice of the extension.
We protect your data using industry-standard measures:
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to support@studpulse.com.
StudPulse is a B2B and professional tool not directed at children. We do not knowingly collect personal data from minors.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email or a notice within the application at least 30 days before the changes take effect.
For privacy-related questions, data requests, or to exercise your rights, contact us at:
support@studpulse.com
This Privacy Policy and any disputes arising from it are governed by the laws of the European Union and the Republic of Poland (as the jurisdiction of the Data Controller). This does not affect your right to bring proceedings before your local supervisory authority or courts under applicable data protection law.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:
Categories of Personal Information Collected (CCPA categories): Identifiers (name, email address, IP address); Commercial information (subscription plan); Internet or other electronic network activity (usage logs, pages visited); Audio/electronic data (voice transcripts, if consented); Inferences drawn (AI-generated farm summaries).
Shine the Light (California Civil Code ยง 1798.83): California residents may request once per year a list of categories of personal information disclosed to third parties for direct marketing purposes. StudPulse does not disclose personal information for third-party direct marketing purposes.
To exercise any of your California rights, contact us at support@studpulse.com with the subject line "California Privacy Request". We will respond within 45 days (extendable by a further 45 days with notice).
Nevada Revised Statutes Chapter 603A gives Nevada residents the right to opt out of the "sale" of certain personal information to third parties. StudPulse does not sell personal information as defined by Nevada law. If you have questions or wish to submit a request, contact us at support@studpulse.com.