Privacy Policy
Effective Date: January 1, 2026 | Last Updated: January 27, 2026
1. Introduction
Welcome to ReferralPulse ("Company," "we," "us," or "our"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your personal information.
This Privacy Policy applies to all services provided by ReferralPulse, including our web application, mobile applications, and any related services (collectively, the "Services"). By using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.
ReferralPulse is a referral management platform designed for professionals including attorneys, financial advisors, CPAs, and insurance professionals. We help you manage your professional referral network, track referrals, and strengthen business relationships.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name and email address
- Profile photograph (optional)
- Professional title and business type
- Company name and business address
- Phone number (optional)
- Professional license information (when applicable)
2.2 Professional Network Information
To provide our referral management services, we collect:
- Information about your referral partners (name, contact information, business details)
- Referral history and status updates
- Notes and communications related to referrals
- Meeting transcripts (when you use our meeting recording features)
- LinkedIn profile URLs and publicly available professional information
2.3 Behavioral and Usage Data
We automatically collect:
- Device information (browser type, operating system, device identifiers)
- Log data (IP addresses, access times, pages viewed)
- Feature usage patterns
- AI chat conversations and voice commands
2.4 Third-Party Integrations
When you connect third-party services (such as CRM systems, calendars, or email), we may receive data from those services in accordance with your authorization. See Section 5 for details on specific third-party services.
3. How We Use Your Information
3.1 Service Delivery
- Provide, maintain, and improve our referral management platform
- Match you with relevant referral partners
- Track and manage referral status and outcomes
- Generate AI-powered insights and recommendations
- Process meeting recordings and generate summaries
3.2 Communications
- Send transactional emails (account verification, password resets, referral notifications)
- Provide customer support
- Send product updates and announcements (with your consent)
- Generate and send AI-drafted communications on your behalf (with your approval)
3.3 Compliance and Legal
- Support compliance features for regulated professionals (referral fee tracking, 1099 preparation)
- Maintain audit logs for compliance purposes
- Respond to legal requests and enforce our terms
3.4 Improvement and Analytics
- Analyze usage patterns to improve our Services
- Develop new features and functionality
- Conduct research and analysis (using aggregated, de-identified data)
4. AI and Automated Processing
Important: We do NOT use your data to train AI models. Your information is processed only to provide our services to you.
4.1 AI Features
ReferralPulse uses artificial intelligence to enhance your experience. Our AI-powered features include:
- Partner Matching: Analyzing your network to suggest optimal referral matches
- Email Drafting: Generating personalized introduction and follow-up emails
- LinkedIn Summarization: Creating professional summaries from LinkedIn profiles
- Meeting Analysis: Transcribing and summarizing meeting recordings
- Voice Commands: Processing natural language queries about your network
- Proactive Recommendations: Suggesting actions to strengthen relationships
4.2 Data Sent to AI Providers
When you use AI features, the following data may be processed by our AI providers (OpenRouter/OpenAI):
- Partner information (names, business details, relationship history)
- Your queries and commands
- Meeting transcripts (when using meeting analysis features)
- LinkedIn profile content (when using enrichment features)
4.3 Automated Decision-Making
Our AI systems make the following automated assessments:
- Match Scores: Calculating compatibility between you and potential referral partners
- Reciprocity Analysis: Identifying imbalances in referral relationships
- Follow-up Recommendations: Suggesting when to reconnect with partners
- Network Gap Analysis: Identifying missing expertise in your network
These assessments are recommendations only. No automated decisions are made without your review and approval.
4.4 Opting Out of AI Features
You can disable AI features in your Privacy Settings. When disabled:
- Your data will not be sent to AI providers
- AI-powered features (matching, drafting, analysis) will be unavailable
- Core referral tracking functionality remains available
5. Third-Party Services
We use the following third-party services to provide our platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Stack Frame | Authentication | Email address, OAuth tokens |
| OpenRouter / OpenAI | AI features | Partner info, queries, transcripts |
| LeadMagic | LinkedIn enrichment | LinkedIn URLs |
| Clio CRM | Contact sync (when connected) | Contacts, matters |
| Recall.ai | Meeting recording | Audio/video, transcripts |
| Resend | Email delivery | Email addresses, message content |
| Vercel Blob | File storage | Uploaded files |
| Upstash Redis | Caching | Session data (anonymized) |
| Neon PostgreSQL | Database | All account data |
| Vercel | Hosting | Application logs |
Each service operates under its own privacy policy. We encourage you to review their policies.
6. Data Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
6.1 With Your Consent
- When you explicitly authorize sharing (e.g., connecting CRM integrations)
- When you choose to share your profile with other ReferralPulse users
6.2 Service Providers
With third-party service providers who perform services on our behalf (see Section 5), subject to confidentiality obligations.
6.3 Legal Requirements
- To comply with applicable laws, regulations, or legal processes
- To protect the rights, privacy, safety, or property of ReferralPulse, our users, or the public
- To enforce our Terms of Service
6.4 Business Transfers
In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.
7. Data Retention
We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion request |
| Referral records | 7 years (for tax/compliance purposes) |
| Payment/fee tracking records | 7 years (IRS requirement for 1099 reporting) |
| Meeting recordings | 90 days or until manually deleted |
| AI conversation history | 90 days |
| Audit logs | 7 years (compliance requirement) |
| Application logs | 30 days |
8. Your Privacy Rights
Regardless of your location, you have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Export: Request your data in a portable, machine-readable format
- Restrict Processing: Request that we limit how we use your data
- Withdraw Consent: Withdraw previously given consent at any time
- Opt-out of AI: Disable AI-powered features in your settings
To exercise these rights, contact us at privacy@referralpulse.ai or use the controls in your account settings. We will respond within 30 days.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
9.1 Categories of Information Collected
- Identifiers (name, email, phone number)
- Professional information (job title, company, licenses)
- Commercial information (referral history, transaction records)
- Internet activity (usage data, browsing history within our Services)
- Inferences (match scores, recommendations)
9.2 Your California Rights
- Right to Know: Request details about categories and specific pieces of information collected
- Right to Delete: Request deletion of your information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out of Sale/Sharing: See below
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
9.3 "Do Not Sell or Share My Personal Information"
ReferralPulse does NOT sell your personal information. We do NOT share your personal information for cross-context behavioral advertising.
9.4 Global Privacy Control (GPC)
We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request.
10. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
10.1 Lawful Bases for Processing
We process your data based on:
- Contract: To provide our Services as agreed in our Terms of Service
- Legitimate Interests: To improve our Services, prevent fraud, and communicate with you
- Consent: For optional features like marketing communications and AI processing
- Legal Obligation: To comply with applicable laws and regulations
10.2 Your GDPR Rights
In addition to the rights in Section 8, you have:
- Right to Object: Object to processing based on legitimate interests
- Right to Restrict: Request restriction of processing in certain circumstances
- Right to Portability: Receive your data in a structured, machine-readable format
- Right to Lodge a Complaint: File a complaint with your local supervisory authority
10.3 Data Protection Contact
For GDPR-related inquiries, contact our Data Protection representative at dpo@referralpulse.ai.
11. International Data Transfers
ReferralPulse is based in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
For transfers from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with appropriate safeguards
- Binding Corporate Rules where applicable
You may request a copy of the relevant transfer mechanism by contacting privacy@referralpulse.ai.
13. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in Transit: All data transmitted between you and our Services uses TLS 1.3 encryption
- Encryption at Rest: Sensitive data is encrypted using AES-256 encryption
- Access Controls: Role-based access controls limit who can access your data
- Authentication: Secure authentication via Stack Frame with optional OAuth providers
- Monitoring: Continuous security monitoring and logging
- Regular Audits: Periodic security assessments and penetration testing
While we strive to protect your information, no system is completely secure. If you believe your account has been compromised, contact us immediately at security@referralpulse.ai.
14. Children's Privacy
COPPA Compliance: ReferralPulse is designed for business professionals and is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@referralpulse.ai.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.
When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via email and/or a prominent notice in our Services
- We will provide at least 30 days' notice before material changes take effect
Your continued use of our Services after the changes take effect constitutes acceptance of the updated policy.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
ReferralPulse Privacy Team
Email: privacy@referralpulse.ai
For GDPR inquiries: dpo@referralpulse.ai
We aim to respond to all privacy-related inquiries within 30 days.