Last updated: May 30, 2025
1. Data Protection Principles
PulsePay follows strict data protection principles including data minimization, purpose limitation, accuracy, storage limitation, and security by design.
2. Biometric Data Security
- Biometric templates are stored as irreversible hashes
- No raw biometric images are retained
- SHA-256 and Argon2 encryption algorithms
- Local device processing before transmission
3. Technical Safeguards
- End-to-end encryption for all data transmission
- AES-256 encryption for data at rest
- Multi-factor authentication systems
- Regular security penetration testing
- Secure development lifecycle practices
4. Organizational Measures
- Employee background checks and security training
- Role-based access controls
- Regular security audits and assessments
- Incident response procedures
5. Data Processing Lawful Basis
We process personal data based on:
- Consent for biometric enrollment
- Contract performance for payment services
- Legal obligations for compliance
- Legitimate interests for fraud prevention
6. Data Subject Rights
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
7. Data Breach Procedures
In case of a data breach, we will notify relevant authorities within 72 hours and affected users without undue delay.
8. International Data Transfers
Any international data transfers are protected by appropriate safeguards including Standard Contractual Clauses.
9. Contact Our DPO
For data protection inquiries, contact our Data Protection Officer at pulsexpay999@gmail.com