Privacy

Privacy Policy

Part IV of the legal package, with the Cookie Policy integrated below.

Part IV

IV. PRIVACY POLICY (GDPR)

Pulsely Stories is committed to processing your personal data with full transparency, in compliance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and applicable national data protection law.

Article 20 – Data Controller

The data controller for users' personal data is:

  • Name: Pulsely Stories
  • Status: Non-professional publisher (private individual)
  • Contact: contact@pulselystories.com

For any questions regarding the processing of your personal data, you may contact the data controller at the address indicated above.

Article 21 – Data Collected

21.1 Data collected upon registration

  • Username / display name;
  • Email address;
  • Password (stored in encrypted form – never in plain text);
  • Preferred language.

21.2 Data collected during use

  • IP address and device/browser information;
  • Login data (date, time, session duration);
  • Reading and interaction history (likes, comments, reading activity);
  • Published content (stories, chapters, comments, podcasts);
  • Analytics data (pages visited, reading time, interaction rate).

21.3 Data NOT collected

Pulsely Stories does not collect or process particularly sensitive data within the meaning of the GDPR (health data, biometric data, political opinions, detailed religious beliefs, etc.) beyond what is strictly necessary for the operation of the service.

Article 22 – Purposes & Legal Bases for Processing

Processing Purpose Legal Basis (GDPR) Retention Period
Account creation and management Contract performance (Art. 6-1-b) Account lifetime + 3 years
Platform provision and operation Contract performance (Art. 6-1-b) Account lifetime
Content moderation and security Legitimate interest (Art. 6-1-f) 3 years from collection
Audience analytics and service improvement Consent (Art. 6-1-a) Maximum 13 months
Advertising (Phase 2) Consent (Art. 6-1-a) Maximum 13 months
Compliance with legal obligations Legal obligation (Art. 6-1-c) As per applicable legal duration
Reports management and disputes Legitimate interest (Art. 6-1-f) 5 years from closure

Article 23 – Sub-processors & Data Transfers

23.1 Sub-processors

Pulsely Stories may engage third-party service providers (sub-processors within the meaning of the GDPR) for website hosting, transactional email delivery, audience analytics and other technical services. These providers are contractually required to comply with applicable data protection regulations.

The main sub-processors likely to be involved include:

  • Website hosting provider: Hostinger International Ltd. – 61 Lordou Vironos Street, 6023 Larnaca, Cyprus – www.hostinger.com;
  • Audience analytics tool (Google Analytics or equivalent, subject to prior consent);
  • Transactional email provider (confirmation emails, notifications).

23.2 Transfers outside the European Union

In the context of certain service providers (notably Google Analytics), personal data may be transferred to countries outside the European Union. Pulsely Stories ensures that such transfers are covered by appropriate safeguards (European Commission standard contractual clauses, adequacy decisions, etc.).

Article 24 – Users' Rights (GDPR)

In accordance with the GDPR, each user has the following rights regarding their personal data:

Right Description
Right of access Obtain a copy of the personal data concerning you processed by Pulsely Stories.
Right of rectification Correct inaccurate or incomplete data concerning you.
Right to erasure Request the deletion of your personal data (subject to legal retention obligations).
Right to object Object to certain processing based on legitimate interest.
Right to data portability Receive your data in a structured format and transmit it to another data controller.
Right to restriction Request temporary suspension of the processing of your data.
Withdrawal of consent Withdraw your consent at any time for processing based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, send your request to: contact@pulselystories.com. Pulsely Stories undertakes to respond within one month of receiving your request (extendable by two additional months for complex requests).

If you receive an unsatisfactory response or no response at all, you have the right to lodge a complaint with the competent supervisory authority in your country of residence. In France: Commission Nationale de l'Informatique et des Libertés (CNIL) – www.cnil.fr.

Article 25 – Data Breach Procedure

In the event of a personal data breach likely to result in a risk to the rights and freedoms of users, Pulsely Stories undertakes to:

  • Notify the competent supervisory authority within 72 hours of becoming aware of the breach (in accordance with Art. 33 of the GDPR);
  • Inform affected users as promptly as possible when the breach is likely to result in a high risk to their rights and freedoms;
  • Implement all technical and organisational measures to contain the breach and limit its consequences.

Article 26 – Data Security

Pulsely Stories implements appropriate technical and organisational measures to protect users' personal data against any unauthorised access, loss, accidental destruction or disclosure, including:

  • Password encryption;
  • Secure connections via HTTPS protocol;
  • Access to data limited to authorised personnel;
  • Regular backups of Platform data.

Part V

V. COOKIE POLICY (CNIL)

In accordance with CNIL recommendations and European guidelines, Pulsely Stories is committed to obtaining your prior consent before placing any non-strictly necessary cookies on your device.

Article 27 – What is a Cookie?

A cookie is a small text file placed on your device (computer, smartphone, tablet) by a website when you browse. Cookies allow the site to remember certain information about you, such as your language preferences, login status or browsing habits.

Article 28 – Categories of Cookies Used on Pulsely Stories

Category Purpose Examples Duration / Consent
Strictly necessary Session maintenance, security, basic Platform operation Session cookie, CSRF token, cookie preference storage Session duration – ALWAYS ACTIVE – No consent required
Functional Storing your preferences (language, display settings) Language cookie, interface preferences 12 months – Consent recommended
Analytics Audience measurement and Platform usage analysis Google Analytics or equivalent 13 months – Prior consent REQUIRED
Advertising (Phase 2) Displaying relevant ads upon monetisation activation Third-party ad networks (to be defined) 13 months – Prior consent REQUIRED upon activation

Article 29 – Cookie Banner & Consent

In accordance with CNIL recommendations, upon your first visit to the Platform, a cookie banner is displayed allowing you to:

  • Accept All: you consent to the placement of all cookies, including analytics and functional cookies;
  • Reject Optional: only strictly necessary cookies are placed. Your navigation remains fully possible;
  • Manage Preferences: you can individually enable or disable each category of cookies.

Your choice is stored for 6 months. You can modify your preferences at any time by accessing "Cookie Settings" available at the bottom of every page of the Platform.

Article 30 – Managing Cookies via Browser Settings

Independently of the Platform's cookie banner, you may also configure your browser to accept or reject cookies.

Cookie management settings are accessible in the preference menus of the main browsers:

  • Google Chrome: Settings > Privacy and security > Cookies;
  • Mozilla Firefox: Options > Privacy & Security > Cookies;
  • Safari: Preferences > Privacy;
  • Microsoft Edge: Settings > Privacy, search and services > Cookies.

Please note: disabling certain cookies may affect the proper functioning of some Platform features (login persistence, preference storage, etc.).