Privacy Policy

Updated: January 31, 2026

1. General Provisions

TeamPulse ("we", "our company") is committed to protecting the privacy of personal data of users of our team mental health monitoring platform. This Privacy Policy describes how we collect, use, store, and protect your information in accordance with GDPR, HIPAA, and other applicable data protection laws.

2. What Data We Collect

2.1. Personal Data

• First name, last name, email, job title
• Company profile data (organization name, team size)
• Technical data (IP address, browser type, operating system)

2.2. Health and Wellbeing Data

• Responses to daily mood and wellbeing surveys
• Stress indicators, energy levels, sleep quality (if devices are used)
• Anonymized sociometry data (team interactions)
• Voluntary comments and feedback

2.3. Integration Data

• Data from wearable devices (Oura Ring, Apple Watch, Fitbit, Garmin, Whoop) - only with consent
• Metadata from Slack, Microsoft Teams, Telegram integrations (without access to message content)

3. How We Use Data

• Service Provision: displaying individual and aggregated analytics
• AI Analytics: detecting trends, burnout risks, generating recommendations
• Alerts: notifying HR/managers about critical changes in aggregated metrics
• Product Improvement: usage analysis for feature development
• Communication: sending important service updates

4. Data Protection Principles

4.1. Employee Data Confidentiality

• Each employee sees only their own individual data
• Managers and HR receive ONLY aggregated analytics (without the ability to identify individuals)
• Personal health data is never disclosed to third parties without explicit consent

4.2. Technical Protection

• Data encryption in transit (TLS 1.3) and at rest (AES-256)
• HIPAA-certified servers for health data (Professional + Devices plan)
• Regular security audits and penetration testing
• Multi-factor authentication (MFA) for administrators
• Logging of all access to sensitive data

4.3. Organizational Protection

• Access to personal data is limited to authorized employees following the principle of least privilege
• All employees undergo GDPR and HIPAA training
• Signed non-disclosure agreements (NDA)

5. Data Storage and Deletion

• Active Subscription: data is stored throughout the service usage period
• After Cancellation: personal data is deleted within 30 days (unless otherwise specified)
• Backup Copies: completely deleted within 90 days
• Anonymized Aggregated Data: may be retained for statistical research

6. Your Rights (GDPR)

• Right of Access: obtain a copy of all your data
• Right to Rectification: correct inaccurate data
• Right to Erasure: request complete data deletion ("right to be forgotten")
• Right to Restriction of Processing: temporarily suspend processing
• Right to Data Portability: receive data in a machine-readable format
• Right to Object: opt out of certain types of processing

To exercise these rights, contact: work.olegkaminskyi@gmail.com

7. International Data Transfers

Data is stored on servers in the European Union (AWS Frankfurt). In case of data transfers outside the EU, we use Standard Contractual Clauses (SCC) or other approved transfer mechanisms.

8. Cookies and Analytics

• Essential Cookies: for authentication and security
• Analytics Cookies: Google Analytics (anonymized) - can be disabled
• Functional Cookies: for saving preferences (language, theme)

9. Policy Changes

We may update this Privacy Policy. We will notify you of significant changes by email 30 days before they take effect. Continued use of the service after changes constitutes acceptance of the new version.

10. Contact

Data Protection Officer (DPO):
Email: work.olegkaminskyi@gmail.com

Complaints:
You have the right to file a complaint with your national data protection supervisory authority.

← Back to Home