Acceptable Use Policy

• Use the Service to violate any applicable law, including data-protection law, securities law, sanctions law, anti-discrimination law, or consumer-protection law.
• Send unsolicited bulk email, SMS, or other communications (“spam”) using PulseSignal-delivered contact information.
• Harass, threaten, defame, or stalk any individual, including any executive whose departure or role we have surfaced.
• Use the Service to phish, deceive, or impersonate any person or organisation.
• Distribute malware, ransomware, or any code intended to disrupt, damage, or gain unauthorised access to any system.
• Probe or test the security of the Service except under our coordinated disclosure programme at security@pulsesignal.co.
• Circumvent rate limits, billing, authentication, or any other control we have placed on the Service.
• Share, resell, or publish your API key, magic-link tokens, or session cookies.

• Do not make consequential decisions about individuals without independent verification. PulseSignal delivers intelligence about companies and is not a consumer-reporting agency. Do not use our data, on its own, to make decisions about credit, employment, housing, insurance, immigration status, or any other matter that produces a legal effect or similarly significant effect on an individual. If you choose to use our data as one input to such a decision, you must verify the underlying facts at the primary source and you must comply with all applicable law (for example, the U.S. Fair Credit Reporting Act, the EU Artificial Intelligence Act, GDPR Article 22, India DPDP Section 11(2)(b), and equivalent statutes).
• Do not retrain, fine-tune, evaluate, or otherwise feed PulseSignal data into a competing competitive-intelligence product or into any large-language-model, machine-learning, or AI system that derives material commercial value from it, without our prior written consent.
• Do not scrape, crawl, or use automated tools to extract data beyond the limits documented for your plan’s API access. Manual review of records you have legitimately accessed under your own subscription is fine.
• Do not strip attribution, source links, or upstream-registry references from records we hand to you.
• Do not redistribute the raw data set, in whole or in substantial part, except to recipients inside your organisation who are bound by these Terms. Sharing a single specific record with a colleague, a regulator, or a court is fine.
• Do not use the data to discriminate against any individual on the basis of any characteristic protected by applicable law.
• Do not use the data to engage in or facilitate insider trading, market manipulation, or any other securities-law violation. Public-source intelligence is not a substitute for material non-public information; treat our outputs accordingly.

When you configure watchlists, notes, custom alert expressions, or webhook destinations, do not upload:

• Sensitive personal data within the meaning of GDPR Article 9 (health, biometric, racial or ethnic origin, religious or political beliefs, sexual orientation, trade-union membership) or comparable sensitive categories under CCPA/CPRA, India DPDP, or LGPD, unless you have a documented lawful basis and have notified us in writing first.
• Information about children under 16, or information you know to be about minors.
• Credentials, secrets, payment-card data, or any data that would normally be classified as “regulated” (PHI, PCI, ITAR, EAR, etc.).
• Content protected by attorney-client privilege or that is otherwise covered by a duty of confidentiality you owe a third party.
• Content that infringes a third-party intellectual-property right.

• Use a unique API key per integration so we can revoke a single key without disrupting your other workflows.
• Respect the rate limits documented for your plan. If you need higher limits, contact hello@pulsesignal.co rather than parallelising requests across multiple keys.
• Implement exponential back-off on 429 and 5xx responses. Do not retry tight-loop.
• Identify your integration in the User-Agent header so our on-call can contact you if your traffic is causing operational issues.

You may not use the Service if you are located in, or are a citizen or resident of, a country or region that is subject to comprehensive U.S., EU, UK, or other applicable sanctions, or if you, your end users, or any beneficial owner appears on a government-maintained denied-party or sanctions list. We screen account creation and may suspend access if a screening hit appears.

We may take any of the following steps, in our reasonable discretion and proportionate to the breach: warn you in writing, throttle or suspend specific features, suspend the whole account, terminate the account without refund, blacklist the IP or organisation, and report the conduct to a competent authority.

We will, where lawful and practical, give you notice and an opportunity to cure. We will not give notice where the breach is severe, where giving notice would prejudice an investigation, or where law forbids it.

If you believe another PulseSignal customer is breaching this AUP, send a description to security@pulsesignal.co. Include URLs, screenshots, timestamps in UTC, and any context that would help us reproduce the conduct. We will acknowledge your report within two business days.

We will update this AUP whenever the threat landscape, our integrations, or our regulatory exposure materially shifts. Effective date 2 June 2026 (prior version: 22 May 2026). We will notify active customers by email or in-product banner at least 30 days before any material tightening takes effect.

AUP questions, abuse reports, and appeals against a suspension: security@pulsesignal.co.
General product and billing questions: hello@pulsesignal.co.