Privacy Policy – PulseCT


Last updated: June 2026

PulseCT ("we", "us") takes the protection of your personal data seriously. This Privacy Policy explains which data we process within the PulseCT app, for what purposes and on what legal basis, and what rights you have.

This policy is based on the Swiss Data Protection Act (revFADP) and, where applicable (e.g. for users in the EU/EEA), the EU General Data Protection Regulation (GDPR).

1. Data Controller

PulseCT Birsfelderstrasse 34 4132 Muttenz, Switzerland Email: info@pulsect.com

Owner and responsible: Cristian Tasso

2. Principles

We process personal data lawfully, fairly, proportionately and for specified purposes. We collect only the data needed for the purposes described below and protect it with appropriate measures.

3. Data We Process

Identification and contact data: name, email address, login credentials (password stored encrypted).

Usage and training data: training activities and progress, nutrition entries, use of individual app features.

Health-related data (sensitive): physical parameters (weight, height, age), training behaviour, eating habits, individual fitness goals. See Section 5.

Image data (food scanner): photos of meals that you capture for analysis. See Section 6.

Technical data: IP address, device type and operating system, app version, system logs.

4. Purposes and Legal Bases

We process your data in order to:

  • provide and operate the app,

  • personalise training and nutrition recommendations,

  • communicate with you,

  • further develop our features,

  • ensure system security and prevent misuse,

  • comply with legal obligations.

Legal bases (GDPR): performance of a contract (Art. 6(1)(b)), legitimate interest in operation and security (Art. 6(1)(f)), your consent (Art. 6(1)(a), e.g. for camera/push), and for health data your explicit consent (Art. 9(2)(a)). Under the Swiss revFADP, processing is based on contract, legitimate interest or your consent.

5. Health-Related Data

Training, nutrition and health-related information qualifies as sensitive personal data (revFADP) and as a special category of personal data (Art. 9 GDPR). We process such data only with your explicit consent and solely to provide and personalise our services. You may withdraw this consent at any time with effect for the future.

6. Food Scanner (Camera and Photos)

The food scanner requires access to your camera. Access is requested only after your explicit consent and can be revoked at any time in your device settings.

The captured photos are compressed locally on the device, then transmitted over a secure connection to our server (hosting: Vibecode) and from there to the OpenAI Vision API (OpenAI, L.L.C., USA) for analysis. The analysis is used to estimate calories and nutritional values.

The photos are not stored after analysis – neither on our servers nor permanently at OpenAI. Only the resulting nutritional data is stored and added to your nutrition log.

7. Use of Artificial Intelligence

To provide essential features, we use systems based on automated data processing and artificial intelligence (in particular the OpenAI Vision API). Data is analysed to recognise meals and to generate individualised training and nutrition recommendations. This processing is automated.

Important note: The generated results may be inaccurate, incomplete or unsuitable. They are for guidance only and do not replace medical or nutritional advice.

8. Subscriptions and Payment Processing

Paid subscriptions are processed through Apple's App Store systems (or Google Play on Android). The required payment data is transmitted directly to the respective provider; we do not store complete payment information.

To manage subscriptions technically (status, renewal, restoring purchases) we use RevenueCat (RevenueCat, Inc., USA). This involves processing an anonymised user identifier as well as purchase and device information.

9. Apple Health / Google Health Connect

If you enable the connection to Apple Health (HealthKit) or Google Health Connect, the relevant health and activity data is processed exclusively locally on your device. This data is not transmitted to us or to any third party and does not leave your device. You can disable the connection at any time in your device settings.

10. Push Notifications

The app may send push notifications to inform you about content, features or activities. You can disable them at any time in your device settings or within the app.

11. Tracking and Analytics

We do not use any tracking or analytics tools to evaluate user behaviour, and no advertising or marketing trackers. No data is collected for advertising purposes or shared with advertising networks. Should such technologies be introduced in the future, we will update this policy beforehand.

12. Sharing of Data and Third Parties

We do not sell your data. We share it only where necessary to operate the app and perform our contract, with:

Provider Purpose Country Vibecode Hosting of server and database per provider OpenAI, L.L.C. AI analysis of scanner photos (Vision API) USA RevenueCat, Inc. Subscription management USA Apple Payment processing (App Store) USA / Ireland Google Payment processing (Google Play, on Android) USA

These providers are contractually obliged to process personal data in accordance with applicable data protection law (data processing agreements).

13. International Data Transfers

Some providers (in particular OpenAI and RevenueCat) process data in the United States. In such cases we ensure an adequate level of protection – for example through an adequacy decision or standard contractual clauses.

14. Retention

We store your data only for as long as necessary for the stated purposes or as required by statutory retention obligations. Scanner photos are not retained after analysis. Once the purpose no longer applies, data is deleted or anonymised.

15. Data Security

We take appropriate technical and organisational measures (e.g. encrypted transmission, access controls) to protect your data against unauthorised access, loss or misuse.

16. Your Rights

You have the right to:

  • access your stored data,

  • rectification of inaccurate data,

  • erasure,

  • restriction of processing,

  • data portability,

  • object to certain processing,

  • withdraw consent (with effect for the future).

To exercise these rights, contact info@pulsect.com.

Right to complain: In Switzerland, with the Federal Data Protection and Information Commissioner (FDPIC); in the EU, with your competent data protection authority.

17. Delete Your Account

You can delete your account and all associated data at any time within the app:

Profile → Settings → Security → Delete account

This deletes your account and the associated personal data – in particular profile and contact data, training and nutrition data, stored nutritional values and your settings. Data subject to a statutory retention obligation is kept until the relevant period expires and then deleted. Alternatively, email us at info@pulsect.com.

18. Minors

PulseCT is intended for persons aged 16 and over. We do not knowingly collect data from persons under 16. If we become aware of such processing without the required consent, we will delete the data concerned.

19. Changes

We may update this Privacy Policy at any time. The current version published in the app and at https://www.pulsect.com/privacy applies.

20. Contact

PulseCT Birsfelderstrasse 34, 4132 Muttenz, Switzerland Email: info@pulsect.com