PulseOwl

Privacy Policy

Last updated: 25 May 2026

This Privacy Policy explains how Hamiware Pty Ltd (ABN 64 694 753 734) (“Hamiware”, “we”, “us”, “our”) collects, uses, discloses and protects personal information in connection with our website pulseowl.dev, the PulseOwl application at app.pulseowl.dev, our APIs, our GitHub app, and our Slack app/bot (together, the “Services”). We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If we process personal data of individuals in the EEA/UK, the GDPR/UK GDPR addendum in Section 12 also applies.

1) What we collect

“Personal information” has the meaning given in the Privacy Act (information or an opinion about an identified individual, or an individual who is reasonably identifiable). We collect only what is reasonably necessary to operate and improve the Services. This includes:

  • Name, business email, organisation name and role/title.
  • Account and authentication information (including data received from our identity provider for sign-in).
  • Service usage, diagnostics and telemetry (e.g., device/IP headers, timestamps, pages or features used).
  • Cloud/integration metadata that you choose to connect on a read-only basis (e.g., configuration and status needed to deliver PulseOwl functionality). We do not ingest customer production application data, including data about your own users or customers, source code content beyond configured metadata/files needed for enabled features, or business transaction data.
  • Communications you send to us (support requests, feedback).
  • Payment metadata (when paid plans commence). Card details are processed by our payment provider and are not stored by Hamiware.

We do not collect sensitive categories (e.g., health, biometric data). If you provide personal information about others, you must ensure you are authorised to do so and have notified them as required by law.

2) How we collect information

  • Directly from you (account creation, forms, emails, support, in-product actions).
  • Automatically via the Services (logs, telemetry, cookies/analytics—see Section 6).
  • From service providers and integrations you authorise (e.g., identity provider, cloud/integration endpoints on a read-only basis).
  • Public sources where appropriate (e.g., domain records) and only as permitted by law.

You may decline to provide information; however, some features may not work without it.

3) How we use information

  • Provide, operate, secure and support the Services you request.
  • Improve and develop the Services (including troubleshooting, testing, analytics).
  • Communicate with you about the Services, including important notices and support.
  • Billing and account administration when paid plans commence.
  • Comply with legal obligations and enforce our terms.

4) Direct marketing

We may send product updates and marketing communications where permitted by law. You can opt out at any time using the unsubscribe link in the message or by contacting [email protected]. We will continue to send service/transactional emails necessary to operate your account.

5) Disclosure of information

We disclose personal information only for purposes described in this Policy, including to trusted service providers who assist us in operating the Services. Examples include:

  • Hosting and infrastructure, networking and security.
  • Identity/authentication, customer support tools, and email delivery.
  • Product and website analytics.
  • Payments processing (when paid plans commence).
  • Professional advisers and auditors, where required.

We may also disclose information if required or authorised by law, in connection with a transaction (e.g., merger/acquisition), or with your consent. We do not sell personal information.

6) Cookies & analytics

We use cookies and similar technologies to operate the Services and understand usage. On our sites and app we currently use Google Analytics and PostHog. You can control cookies via your browser settings; blocking some cookies may impact functionality. We may update our analytics tools over time and will update this Policy accordingly.

7) Service providers & subprocessors

To deliver the Services, we use service providers that process personal information on our behalf (“subprocessors”). Our current core providers include:

  • AWS (hosting/IaaS), Cloudflare (DNS/DDoS/CDN).
  • Clerk (authentication & sessions).
  • PostHog (analytics).
  • Google (AI model providers).
  • OpenAI (AI model providers).
  • Stripe (payments) when paid plans commence.
  • We do not send Customer Data to AI model providers unless the relevant AI-powered feature is enabled or requested. Where AI model providers are used, we use enterprise/API terms where available and do not permit providers to use Customer Data to train their models.

We may add or replace providers as our Services evolve. Material changes will be reflected in this Policy.

8) Data retention & deletion

We retain personal information only for as long as necessary for the purposes described in this Policy or as required by law. Operational logs may be retained briefly for security and audit.

On verified request to close your account, we will delete or de-identify personal information within 14 business days where technically practicable, and otherwise within a reasonable period, subject to backups, security logs, and legal retention obligations. Confirmation will be provided once complete.

9) Security

We implement reasonable administrative, technical and organisational measures to protect personal information (including encryption in transit and at rest, access controls, and network protections).

No method of transmission or storage is completely secure. If we suspect a data breach may have occurred, we will take reasonable and expeditious steps to contain, assess and remediate the incident. Where required by the Notifiable Data Breaches scheme, we will take reasonable steps to complete our assessment within 30 days and, if the breach is an eligible data breach, notify affected individuals and the Office of the Australian Information Commissioner as soon as practicable.

10) International transfers

Our service providers may process personal information in countries including Australia, the United States, the European Union, the United Kingdom, and other locations where our providers or their subprocessors operate. Where we transfer personal information overseas, we take reasonable steps to ensure recipients protect it in a way that is consistent with applicable privacy laws (for example, by using contractual protections).

11) Your rights: access, correction, deletion

You may request access to, or correction of, the personal information we hold about you, and you may request deletion subject to legal retention requirements. We will respond within a reasonable time (normally within 30 days) after verifying your identity. We do not charge a fee unless a request is manifestly unfounded or excessive.

To make a request, contact us at [email protected].

12) GDPR/UK GDPR addendum (if you are in the EEA/UK)

When the GDPR/UK GDPR applies, Hamiware is the data “controller” for personal data processed via the Services. Legal bases for processing typically include:

  • Contract (to provide and support the Services you request).
  • Legitimate interests (e.g., service improvement, security, and fraud prevention).
  • Consent (e.g., certain marketing or optional features), which you can withdraw at any time.
  • Legal obligation (where processing is required by law).

You may have additional rights, including: access; rectification; erasure; restriction; portability; and objection to processing (including direct marketing). You also have the right to lodge a complaint with your local supervisory authority.

For international transfers, we use appropriate safeguards (e.g., contractual protections) to protect your personal data. To exercise rights, contact [email protected].

13) US/CCPA addendum (if you are in the US)

PulseOwl is a business-to-business service. We do not sell personal information and do not intentionally collect personal information from consumers for consumer marketing, profiling, or advertising purposes. If applicable state privacy laws provide you with rights to access, correct, delete, or opt out of certain processing, you may contact us at [email protected].

14) Children

The Services are intended for business users and are not directed to individuals under 18. If we learn we have collected personal information from a minor, we will delete it.

15) Complaints & contact

Questions, requests, or complaints about this Policy or our handling of personal information can be sent to [email protected]. We will respond as soon as reasonably practicable and within required timeframes.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner at www.oaic.gov.au.

16) Changes to this Policy

We may update this Policy to reflect changes to our practices or applicable laws. We will post the updated version on this page with a new “Last updated” date. If changes are material, we will provide additional notice where appropriate.