Your data, treated with care.

Welcome to ReferralPulse. This policy explains how your personal information is collected, used, and shared when you use the ReferralPulse web application, mobile apps, and any related services.

By using these services you agree to the collection, use, and disclosure of your information as described below. If you do not agree, please do not use ReferralPulse.

ReferralPulse is a referral management platform built for professionals including attorneys, financial advisors, CPAs, and insurance agents. The platform helps you manage your professional referral network, track referrals, and strengthen business relationships.

2.1 Account information

When you create an account, ReferralPulse collects:

• Name and email address
• Profile photograph (optional)
• Professional title and business type
• Company name and business address
• Phone number (optional)
• Professional license information (when applicable)

2.2 Professional network information

To provide referral management services, ReferralPulse collects:

• Information about your referral partners, including name, contact details, and business information
• Referral history and status updates
• Notes and communications related to referrals
• Meeting transcripts, when you use the meeting recording features
• LinkedIn profile URLs and publicly available professional information

2.3 Behavioral and usage data

ReferralPulse automatically collects:

• Device information such as browser type, operating system, and device identifiers
• Log data including IP addresses, access times, and pages viewed
• Feature usage patterns
• AI chat conversations and voice commands

2.4 Third-party integrations

When you connect third-party services like a CRM, calendar, or email account, ReferralPulse may receive data from those services in accordance with the authorization you grant. Section 5 lists the specific third-party services in use.

3.1 Service delivery

• Provide, maintain, and improve the referral management platform
• Match you with relevant referral partners
• Track and manage referral status and outcomes
• Generate AI-powered insights and recommendations
• Process meeting recordings and generate summaries

3.2 Communications

• Send transactional emails such as account verification, password resets, and referral notifications
• Provide customer support
• Send product updates and announcements, with your consent
• Generate and send AI-drafted communications on your behalf, with your approval

3.3 Compliance and legal

• Support compliance features for regulated professionals, including referral fee tracking and 1099 preparation
• Maintain audit logs for compliance purposes
• Respond to legal requests and enforce the Terms of Service

3.4 Improvement and analytics

• Analyze usage patterns to improve the service
• Develop new features and functionality
• Conduct research and analysis using aggregated, de-identified data

4.1 AI features

ReferralPulse uses artificial intelligence to enhance your experience:

• Partner matching. Analyzing your network to suggest optimal referral matches.
• Email drafting. Generating personalized introduction and follow-up emails.
• LinkedIn summarization. Creating professional summaries from LinkedIn profiles.
• Meeting analysis. Transcribing and summarizing meeting recordings.
• Voice commands. Processing natural-language queries about your network.
• Proactive recommendations. Suggesting actions to strengthen relationships.

4.2 Data sent to AI providers

When you use AI features, the following may be processed by AI providers such as OpenRouter and OpenAI:

• Partner information including names, business details, and relationship history
• Your queries and commands
• Meeting transcripts, when using meeting analysis features
• LinkedIn profile content, when using enrichment features

4.3 Automated decision-making

ReferralPulse AI systems make the following automated assessments:

• Match scores. Calculating compatibility between you and potential referral partners.
• Reciprocity analysis. Identifying imbalances in referral relationships.
• Follow-up recommendations. Suggesting when to reconnect with partners.
• Network gap analysis. Identifying missing expertise in your network.

These assessments are recommendations only. No automated decisions are made without your review and approval.

4.4 Opting out of AI features

You can disable AI features in your privacy settings. When disabled:

• Your data will not be sent to AI providers
• AI-powered features for matching, drafting, and analysis will be unavailable
• Core referral tracking functionality remains available

ReferralPulse uses the following third-party services:

Google OAuth

Authentication (Sign in with Google)

Name, email address, profile picture

OpenRouter / OpenAI

AI features

Partner info, queries, transcripts

LeadMagic

LinkedIn enrichment

LinkedIn URLs

Clio CRM

Contact sync (when connected)

Contacts, matters

Recall.ai

Meeting recording

Audio, video, transcripts

Resend

Email delivery

Email addresses, message content

Vercel Blob

File storage

Uploaded files

Upstash Redis

Caching

Session data (anonymized)

Neon PostgreSQL

Database

All account data

Vercel

Hosting

Application logs

Each service operates under its own privacy policy. You are encouraged to review those policies directly.

ReferralPulse offers Sign in with Google as an authentication option. This section describes how data received from Google APIs is handled, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

6.1 Data accessed from Google

When you sign in with Google, ReferralPulse requests access to basic profile information only:

• Name. Your display name, used to personalize your account.
• Email address. Used as your account identifier and for transactional communications.
• Profile picture. Displayed inside ReferralPulse as your avatar.

ReferralPulse does not request access to Gmail, Google Drive, or any other Google services beyond basic authentication, except for the optional Google Calendar integration described in section 6.2 below. Calendar access is never requested during sign-in and only happens if you choose to connect it from the settings page.

6.2 Optional Google Calendar integration

If you choose to connect Google Calendar from your settings page, ReferralPulse requests read-only access to your primary calendar (calendar.readonly scope). You can disconnect at any time and Google will also show the connection at myaccount.google.com where you can revoke it directly.

• What is accessed. Events from your primary calendar over the last 12 months, including event titles, times, and attendee email addresses. No other calendars are scanned and no events are created, modified, or deleted.
• Why. To suggest potential referral partners from people you have met with more than once.
• How it is used. Attendee emails are filtered (internal colleagues, large meetings, resource calendars, and scheduling bots are excluded) and scored. Candidates surface for your review on the Partners suggestions page, and nothing becomes a Partner until you explicitly approve it.
• Retention. Meeting titles are shown on the review page only so you can recognize who a suggestion is. The moment you approve or ignore a suggestion, those meeting titles are dropped from our database. Aggregate numbers (how many times you met, first and last meeting date) are kept so the same person is not surfaced again. Sample event titles used internally for debugging sync quality are removed after 30 days. You can delete your account at any time to remove all of this data.
• Revocation. Disconnect from the settings page or revoke access at myaccount.google.com. Once revoked, no further calendar data is read.

6.3 How Google user data is used

• To create and authenticate your ReferralPulse account
• To display your name and profile picture within the application
• To send you account-related notifications and service communications

6.4 Storage and protection

Google profile data (name, email, profile picture URL) is stored in a secure database hosted on Neon PostgreSQL with encryption at rest. Access is restricted to authenticated sessions tied to your account.

6.5 Limited Use disclosure

Specifically, ReferralPulse confirms that:

• Google user data is only used to provide and improve user-facing features of ReferralPulse
• Google user data is not transferred to third parties except as necessary to provide the service, with user consent, or as required by law
• Google user data is not used for advertising, including retargeting, personalized, or interest-based advertising
• Humans do not read Google user data unless you have given affirmative consent, it is necessary for security purposes, or it is required to comply with applicable law
• Google user data is not used to train AI or machine-learning models

6.6 Revoking access

You can revoke ReferralPulse access to your Google account at any time through your Google Account permissions. You can also delete your ReferralPulse account from within the app, which will remove all stored Google user data.

ReferralPulse does not sell your personal information. Information may be shared in the following circumstances.

7.1 With your consent

• When you explicitly authorize sharing, such as connecting CRM integrations
• When you choose to share your profile with other ReferralPulse users

7.2 Service providers

With third-party service providers who perform services on behalf of ReferralPulse (see section 5), subject to confidentiality obligations.

7.3 Legal requirements

• To comply with applicable laws, regulations, or legal processes
• To protect the rights, privacy, safety, or property of ReferralPulse, its users, or the public
• To enforce the Terms of Service

7.4 Business transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. You will receive notice before your information becomes subject to a different privacy policy.

ReferralPulse retains your information for as long as necessary to provide the service and fulfill the purposes described in this policy. Specific retention periods:

Account information

Duration of account, plus 30 days after a deletion request

Referral records

7 years, for tax and compliance purposes

Payment and fee tracking records

7 years, IRS requirement for 1099 reporting

Meeting recordings

90 days, or until manually deleted

AI conversation history

90 days

Audit logs

7 years, compliance requirement

Application logs

30 days

Regardless of your location, you have the following rights over your personal information:

• Access. Request a copy of the personal information held about you.
• Correction. Request correction of inaccurate or incomplete information.
• Deletion. Request deletion of your personal information, subject to legal retention requirements.
• Export. Request your data in a portable, machine-readable format.
• Restrict processing. Request that ReferralPulse limit how your data is used.
• Withdraw consent. Withdraw previously given consent at any time.
• Opt out of AI. Disable AI-powered features in your settings.

To exercise these rights, contact privacy@referralpulse.ai or use the controls in your account settings. Responses are provided within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act.

10.1 Categories of information collected

• Identifiers such as name, email, and phone number
• Professional information including job title, company, and licenses
• Commercial information including referral history and transaction records
• Internet activity such as usage data and browsing history within the service
• Inferences such as match scores and recommendations

10.2 Your California rights

• Right to know. Request details about categories and specific pieces of information collected.
• Right to delete. Request deletion of your information.
• Right to correct. Request correction of inaccurate information.
• Right to opt out of sale or sharing. See the note below.
• Right to non-discrimination. ReferralPulse will not discriminate against you for exercising your rights.

10.3 Do not sell or share my personal information

10.4 Global Privacy Control (GPC)

ReferralPulse honors Global Privacy Control signals. If your browser sends a GPC signal, it is treated as a valid opt-out request.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation.

11.1 Lawful bases for processing

ReferralPulse processes your data based on:

• Contract. To provide the service as agreed in the Terms of Service.
• Legitimate interests. To improve the service, prevent fraud, and communicate with you.
• Consent. For optional features like marketing communications and AI processing.
• Legal obligation. To comply with applicable laws and regulations.

11.2 Your GDPR rights

In addition to the rights in section 9, you have:

• Right to object. Object to processing based on legitimate interests.
• Right to restrict. Request restriction of processing in certain circumstances.
• Right to portability. Receive your data in a structured, machine-readable format.
• Right to lodge a complaint. File a complaint with your local supervisory authority.

11.3 Data protection contact

For GDPR-related inquiries, contact the data protection representative at dpo@referralpulse.ai.

ReferralPulse is based in the United States. If you access the service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where the service providers operate.

For transfers from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, ReferralPulse relies on:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with appropriate safeguards
• Binding corporate rules where applicable

You may request a copy of the relevant transfer mechanism by contacting privacy@referralpulse.ai.

13.1 Types of cookies in use

• Essential cookies. Required for authentication and core functionality.
• Functional cookies. Remember your preferences and settings.
• Analytics cookies. Help ReferralPulse understand how the service is used.

13.2 Managing cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the service.

13.3 Do Not Track

ReferralPulse honors Do Not Track browser signals. When DNT is enabled, non-essential tracking is disabled.

ReferralPulse implements industry-standard security measures to protect your information:

• Encryption in transit. All data transmitted between you and the service uses TLS 1.3 encryption.
• Encryption at rest. Sensitive data is encrypted using AES-256 encryption.
• Access controls. Role-based access controls limit who can access your data.
• Authentication. Secure authentication via Google OAuth and email or password with bcrypt hashing.
• Monitoring. Continuous security monitoring and logging.
• Regular audits. Periodic security assessments and penetration testing.

No system is completely secure. If you believe your account has been compromised, contact security@referralpulse.ai immediately.

This policy may be updated from time to time to reflect changes in practices or for legal, operational, or regulatory reasons.

When changes are made:

• The Updated date at the top of this policy will change
• For material changes, you will be notified by email or through a prominent notice inside the service
• At least 30 days' notice will be given before material changes take effect

Continued use of the service after the changes take effect constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this policy or data practices, the ReferralPulse privacy team is available at the addresses below.