Privacy Policy

Omnipulse | Last updated: April 28, 2025


1. Introduction

Welcome to Omnipulse. Omnipulse (“we”, “our”, or “us”) operates the platform available at omnipulse.co — a unified customer communication platform that enables businesses to reach their customers via SMS, WhatsApp, Email, and AI-powered Voice calls from a single workspace.

We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and what rights you have over it.

By accessing or using our platform, website, APIs, or any related services (collectively, the “Services”), you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our Services.


2. Who This Policy Applies To

This policy applies to three groups:

Platform customers — businesses and individuals who create an Omnipulse account to manage customer communication campaigns, inboxes, and automations.

End users — the customers of our platform customers who receive communications (SMS, WhatsApp messages, emails, or voice calls) sent through Omnipulse.

Website visitors — anyone who visits omnipulse.co without necessarily creating an account.

Important distinction: When you use Omnipulse to communicate with your own customers, you are the data controller for your customers’ personal data. Omnipulse acts as a data processor on your behalf. You are solely responsible for ensuring you have obtained the necessary consents and legal bases to contact your customers through our platform.


3. Information We Collect

3.1 Information You Provide Directly

Account registration data — your full name, business name, work email address, phone number, and password when you sign up.

Billing and payment information — credit or debit card details, billing address, and transaction history. Payment data is handled exclusively by our PCI-DSS compliant payment processor and is never stored on our servers.

Profile and team settings — role assignments, notification preferences, team member information, sender IDs, and message templates you configure within your account.

Contact lists and campaign data — phone numbers, email addresses, names, and any custom attributes you upload or import to send campaigns or manage your unified inbox.

Support communications — messages, attachments, and details you share when you contact our customer support team.

Feedback and survey responses — any optional information you provide when participating in product research or satisfaction surveys.

3.2 Information Collected Automatically

Usage and behavioural data — features used, pages visited within the platform, buttons clicked, campaigns created, messages sent, and time spent on each section.

Device and technical data — IP address, browser type and version, operating system, screen resolution, device identifiers, language settings, and time zone.

Log and access data — server-side logs recording login times, API requests made, error events, and system actions.

Message delivery and engagement data — delivery receipts, open rates, click-through rates, reply rates, bounce rates, unsubscribe events, and call duration and outcomes for all messages sent through the platform.

Cookies and tracking technologies — as described in detail in Section 9 of this policy.

3.3 Information From Third Parties

Integration partners — when you connect Omnipulse to third-party tools such as Shopify, HubSpot, Salesforce, Google Sheets, Stripe, Intercom, Twilio, or Zapier, we receive data from those platforms according to your configuration and their own privacy policies.

Telecom and carrier networks — delivery status, routing metadata, and network operator information provided by mobile carriers when delivering SMS and Voice communications.

WhatsApp Business API — messaging metadata provided through Meta’s official WhatsApp Business API to enable WhatsApp functionality within your account.


4. How We Use Your Information

We use your information for the following purposes, each grounded in a lawful basis:

Purpose Legal Basis
Providing, operating, and maintaining the platform Contract performance
Processing payments and issuing invoices Contract performance
Sending account and transactional notifications Contract performance
Delivering customer support Contract / Legitimate interest
Sending product updates and announcements Legitimate interest / Consent
Detecting fraud, abuse, and security threats Legitimate interest / Legal obligation
Improving platform performance and features Legitimate interest
Complying with applicable laws and regulations Legal obligation
Personalising your dashboard and experience Legitimate interest / Consent

We will never use your data or your customers’ data for any purpose not listed above without obtaining your explicit consent first. We do not sell data to advertisers or data brokers under any circumstances.


5. Channel-Specific Data Processing

Omnipulse processes data differently depending on which communication channel is used:

5.1 SMS & MMS

When you send SMS or MMS through Omnipulse, we process recipient phone numbers, message content, timestamps, delivery status, and any inbound replies. Message content is transmitted securely to licensed carrier partners for delivery. Content is retained for the period configured in your account settings.

5.2 WhatsApp

WhatsApp messaging is facilitated via the official WhatsApp Business API. We process phone numbers, approved message templates, media files, and delivery metadata in compliance with Meta’s Business Messaging Policy. End-to-end encryption between recipient devices and WhatsApp’s infrastructure is maintained by Meta. Omnipulse processes messages at the API layer for delivery, logging, and analytics.

5.3 Email

For email campaigns and transactional emails, we process recipient email addresses, names, message subject lines, HTML content, and engagement data including opens, clicks, bounces, and unsubscribes. We maintain and honour suppression lists to ensure compliance with anti-spam laws. Unsubscribe requests are processed immediately.

5.4 AI-Powered Voice

Voice calls initiated through Omnipulse involve processing of recipient phone numbers, call duration, call recordings (where enabled and legally permitted in your jurisdiction), call transcripts, and call disposition data. You are solely responsible for obtaining any legally required consent from recipients before initiating voice calls in your region. Recordings are stored securely and automatically deleted upon expiry of your configured retention period.


6. Sharing Your Information

We do not sell, rent, trade, or otherwise disclose your personal information or your customers’ personal information to any third party for their own use. We share data only in the following limited circumstances:

Service providers and sub-processors — we engage carefully vetted third-party providers to help operate our platform, including cloud infrastructure, payment processors, SMS gateways, email delivery services, and analytics tools. All are bound by data processing agreements and may only process data on our explicit instructions.

Integration partners — when you enable a third-party integration, data flows between Omnipulse and that service are authorised by you and governed by both parties’ privacy policies.

Telecom operators — delivering SMS and Voice messages requires sharing recipient phone numbers and message content with licensed telecom operators and carrier networks, solely for the purpose of routing and delivering your messages.

Legal requirements — we may disclose information when required by law, court order, or governmental authority, or when we have a good-faith belief that disclosure is necessary to protect our legal rights, prevent fraud, or ensure the safety of any person.

Business transfers — in the event of a merger, acquisition, or sale of the business, your data may be transferred to a successor entity. We will notify you at least 30 days in advance via email and a prominent notice on the platform.

With your explicit consent — we may share your information with other parties when you have given us clear, specific consent to do so.


7. Data Retention

We retain data for as long as your account is active or as necessary to provide our Services:

  • Account data — retained throughout your active subscription and for 90 days after account closure, then permanently deleted or anonymised.
  • SMS, WhatsApp, and Email message content — retained for 12 months by default. You may configure shorter periods in your account settings or request deletion at any time.
  • Voice recordings and transcripts — retained for 6 months by default. Automatically deleted upon expiry of your configured period.
  • Billing and financial records — retained for 7 years to satisfy legal and tax obligations.
  • Security and access logs — retained for 90 days for fraud detection and incident investigation.
  • Unsubscribe and opt-out records — retained indefinitely to prevent re-contacting individuals who have opted out.

When data is deleted, it is removed from active databases within 30 days and purged from backup systems within 90 days.


8. Security

We implement robust technical and organisational measures to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher
  • All data at rest is encrypted using AES-256
  • Role-based access controls limit internal data access to authorised personnel only
  • Multi-factor authentication (MFA) is available for all customer accounts and mandatory for all internal systems
  • Regular third-party penetration testing and security audits
  • IP whitelisting, audit trail logging, and per-user access permissions
  • 24/7 infrastructure monitoring with automated anomaly detection
  • Documented incident response and breach notification procedures

No method of internet transmission or electronic storage is 100% secure. If you discover a vulnerability or suspect a breach, contact us immediately at [email protected].


9. Cookies & Tracking Technologies

We use cookies and similar technologies on our website and platform. Cookies are small text files stored on your device that help us operate the service, remember your preferences, and understand usage patterns.

Essential cookies — strictly required for the platform to function. Includes session authentication, CSRF tokens, and load balancing. Cannot be disabled.

Functional cookies — remember your preferences such as language, time zone, sidebar state, and dashboard layout to improve your experience.

Analytics cookies — help us understand how users navigate our website and platform. We use anonymised, aggregated analytics data (including Google Analytics with IP anonymisation) to improve usability and performance.

Marketing cookies — used only with your consent to track campaign effectiveness and serve relevant content. You may withdraw consent at any time through our cookie settings panel or your browser preferences.

You can manage cookie preferences at any time through the cookie consent banner on our website or through your browser settings. Disabling certain cookies may affect platform functionality.


10. Third-Party Integrations

Omnipulse connects with a wide range of third-party platforms including Shopify, HubSpot, Salesforce, Google Sheets, Stripe, Intercom, Twilio, and Zapier. When you enable an integration:

  • You explicitly authorise Omnipulse to connect to and exchange data with that platform on your behalf.
  • The third party’s own privacy policy governs how that platform collects and uses your data.
  • You remain responsible for ensuring your use of the integration complies with applicable laws, including obtaining any required consents from your customers.
  • Omnipulse is not responsible for the privacy practices, data handling, or security of any third-party platform.

We recommend reviewing the privacy policy of any service before enabling a connection to Omnipulse.


11. International Data Transfers

Omnipulse serves customers globally and your data may be processed in countries other than your own. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers from the European Economic Area, UK International Data Transfer Agreements (IDTAs) for UK transfers, and equivalent contractual protections for all other jurisdictions. All sub-processors are required to maintain the same level of data protection regardless of where they operate.


12. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honour these rights promptly and without creating unnecessary barriers:

Right to access — request a copy of the personal data we hold about you. We will respond within 30 days in a machine-readable format.

Right to rectification — request correction of inaccurate or incomplete data. Most account data can be updated directly from your dashboard.

Right to erasure — request deletion of your personal data where it is no longer necessary or where you withdraw consent. Some data may be retained where a legal obligation requires it.

Right to restrict processing — ask us to pause processing of your data in certain circumstances, such as while an accuracy dispute is being resolved.

Right to data portability — receive your personal data in a structured, commonly used, machine-readable format and transmit it to another provider where processing is based on consent or contract.

Right to object — object to processing carried out on the basis of legitimate interests, including direct marketing. We will stop direct marketing immediately upon request.

Right to withdraw consent — withdraw any consent-based data processing at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority at any time.


13. Children’s Privacy

Our Services are intended for use by businesses and are not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal data, we will delete it immediately. If you believe we may have inadvertently collected information from a child, please contact us at [email protected].


14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Update the “Last updated” date at the top of this policy
  • Send an email notification to all registered account holders
  • Display a prominent notice within the platform for at least 30 days

Your continued use of our Services after the effective date of any update constitutes your acceptance of the revised policy. If you do not agree to the updated terms, you should stop using the Services and may request deletion of your account.


15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us through any of the following:

Email: [email protected] Security issues: [email protected] Website: omnipulse.co Postal address: Omnipulse, Karachi, Pakistan

We are committed to resolving all privacy-related concerns promptly and fairly. If you are unsatisfied with our response, you have the right to escalate your complaint to the relevant data protection authority in your jurisdiction.