Privacy Policy

This Privacy Policy explains how PULSE SPORTS HOLDINGS LTD collects, uses, shares and protects personal data when you use Pulse.

Pulse is operated by PULSE SPORTS HOLDINGS LTD, a company registered in England and Wales under company number 16663219, with registered office at 71–75 Shelton Street, London, England, WC2H 9JQ.

You can contact us at hello@pulse-sport.io.

1. Introduction

Pulse is a padel platform for players and clubs. It includes the Pulse Player app, the Pulse Manager web app, our website, support services, payment-related services, communications and related platform features.

The Pulse Player app allows players to create an account, discover clubs, search by location, book courts, join matches, create or join activities, use split pay, make payments, receive notifications and reminders, use chat, view bookings, manage profile information, view club wallets or credits, view match results, and use rating, level or reliability features where available.

The Pulse Manager web app allows clubs and venues to manage courts, schedules, bookings, customers, payments, refunds, wallets, memberships, coaching, tournaments, leagues, social events, reports, settings, integrations and staff/admin users.

This Privacy Policy applies to personal data we process in connection with Pulse, including data about players, club staff, club customers, unverified or local-only club customers, website visitors, prospective clubs, support contacts, payment users, invitees, guests, coaches, organisers, match participants, activity participants and people who appear in bookings, matches, chats, waitlists, results or club records.

This policy should be read together with our Player Terms, Club Terms, Cookie Policy and any privacy notice provided by the relevant club. Clubs may have their own privacy notices explaining how they use personal data for their own club operations.

Pulse is based in the United Kingdom. Our main data protection framework is the UK GDPR and the Data Protection Act 2018. Where we operate internationally, local data protection laws may also apply, including laws in the EU/EEA, Spain, France, Poland, Brazil and India.

2. Who we are

For the purposes of this Privacy Policy, “Pulse”, “we”, “us” or “our” means:

PULSE SPORTS HOLDINGS LTD Company number: 16663219 Registered office: 71–75 Shelton Street, London, England, WC2H 9JQ Website: https://pulse-sport.io/ Email: hello@pulse-sport.io

For privacy questions, requests or complaints, contact us at hello@pulse-sport.io.

We have not appointed a Data Protection Officer unless we are required to do so by law or choose to do so in future.

Where required by applicable law, we may appoint local privacy contacts, representatives or grievance contacts for specific countries or regions. If we do so, we will update this Privacy Policy or provide a regional privacy notice.

3. Who this policy applies to

This Privacy Policy applies to personal data about:

• players who create or use a Pulse account; • people invited to bookings, matches or activities; • people added to split-pay bookings; • people who join, request to join or vote on open matches; • people who register for coaching, tournaments, leagues, social events or waitlists; • club staff and administrators who use Pulse Manager; • club customers created, managed or imported by clubs; • unverified or local-only club customers who do not have a Pulse Player account; • coaches, organisers and activity leaders where their information appears in Pulse; • website visitors and prospective clubs; • people who contact us for support or business enquiries; • people whose data appears in payments, refunds, wallets, invoices, reports, audit logs, chats, results or club records.

4. Data protection roles

Pulse may act in different data protection roles depending on the situation.

4.1 Pulse as controller

Pulse is usually a controller where we decide why and how personal data is used for our own platform purposes. This includes:

• creating and administering Pulse player accounts; • managing global player profiles and login credentials; • operating the Player app, Manager web app and website; • providing platform notifications, reminders and settings; • providing support and troubleshooting; • operating platform safety, security, fraud prevention and abuse prevention; • maintaining platform-level audit logs and technical logs; • improving Pulse through analytics and product research; • sending Pulse marketing communications where permitted; • managing Pulse commercial relationships with clubs; • administering payment status, refunds, wallets, billing, tax, accounting, disputes and legal compliance where Pulse determines the relevant purpose; • operating platform-level rating, level, reliability, eligibility, discovery, recommendation and matching features.

4.2 Clubs as controllers

A club or venue is usually a controller for its own club operations and for personal data it chooses to collect, create, import, edit, use or retain through Pulse Manager.

This may include:

• club customer records; • club-specific notes; • club categories; • club memberships and eligibility decisions; • club wallet adjustments and local club credit records; • club-created or imported customer records; • local or off-system payments recorded by the club; • club operational decisions about bookings, customer management, removals, refunds, blocks, classes, tournaments, leagues, social events and other activities; • staff/admin management within the club; • club-specific customer communications outside Pulse’s own platform communications.

If a club manually adds a person or imports customer data into Pulse Manager, the club is responsible for ensuring it has a lawful basis to do so and for providing any privacy information required by law.

Clubs may have their own privacy policies. You should contact the relevant club if your request relates to how that club uses your personal data for its own purposes.

4.3 Pulse as processor for clubs

Pulse may act as a processor where we process personal data on behalf of a club and on the club’s documented instructions. This may include certain club customer management, customer import, club CRM, club-specific booking, customer, wallet or staff-admin functions inside Pulse Manager.

Where Pulse acts as processor, the relevant club is responsible for deciding the lawful basis and responding to certain data protection requests. Pulse will support the club as required by our contract and data processing terms.

4.4 Separate controllers

In some situations, Pulse and the club may each determine separate purposes for using the same data. For example, a booking may involve the club fulfilling the booking and managing the venue, while Pulse operates the platform, payment status, notifications, support, fraud prevention, audit trail and dispute handling.

In those cases, Pulse and the club may each be independent controllers for their own purposes.

5. Personal data we collect

We may collect or process the following categories of personal data.

Account and identity data This may include your name, email address, phone number, password or authentication credentials, profile photo, gender, country, address where collected, account ID, login method and account status.

Player profile data This may include your skill level, sport preferences, favourite or saved clubs, app settings, notification preferences, profile visibility settings, language or region settings, rating/level information and reliability band where available.

Location data This may include your home location, search location, club location interactions, approximate location from IP address or device information, and GPS/device location if you grant permission.

Booking and activity data This may include court bookings, open matches, participants, invitees, join requests, votes, waitlists, coaching, tournaments, leagues, social events, memberships, extras or add-ons, cancellation/refund status, attendance/status and booking history.

Payment and financial data This may include payment method type, payment provider tokens or IDs, transaction IDs, payment status, refund status, wallet or credit balance, invoice and payout records, chargebacks, risk/fraud signals and tax/accounting records. Full card details are usually handled by payment providers and are not stored directly by Pulse.

Club and customer data This may include club customer records, verified or unverified status, category, membership status, internal notes where processed, wallet balances, booking history, transaction history, blocked status and family links where enabled.

Chat and communications data This may include chat messages, message metadata, support messages, emails, push notification tokens, SMS or WhatsApp details if used, notification logs, reminder status and communication preferences.

Result, rating and reliability data This may include scores, result submissions, confirmations, disputes, match history, rating or level information, reliability indicators, eligibility information and historical level snapshots.

Technical data This may include IP address, device ID, operating system, browser type, app version, crash logs, diagnostic logs, error logs, security logs, cookies and similar identifiers.

Usage and analytics data This may include screens viewed, features used, searches, clicks, session data, conversion events, booking flow activity and aggregate usage patterns.

Marketing and survey data This may include marketing consent, email preferences, campaign engagement, survey responses, enquiry source, club lead information and event or webinar interest.

Security and compliance data This may include fraud checks, abuse reports, account restrictions, blocked status, audit logs, support access logs, incident records, legal correspondence and dispute records.

Club admin and business data This may include club name, club location, staff names, staff emails, staff role permissions, billing contacts, company details, tax information, payout configuration and commercial correspondence.

Third-party login data If you use Google, Apple or another third-party login method, we may receive login identifiers, your email address, name and any information returned by that provider depending on your permissions.

Optional contacts data If Pulse enables contact syncing or friend-finding in future, we may process contacts from your device or address book to help you find or invite friends. This would be optional, permission-based and subject to additional notice.

6. How we collect personal data

We collect personal data in the following ways:

• directly from you when you create an account, edit your profile, book a court, join a match, register for an activity, pay, contact support, send messages or change settings; • from clubs when they create or import customer records, manage bookings, record payments, assign categories or memberships, add notes, block a customer, manage staff users or operate activities through Pulse Manager; • from other players when they invite you to a booking, add you as a partner, include you in a match, send a chat message, submit a result, vote on a join request or otherwise use Pulse features involving you; • from payment providers when payments, refunds, authorisations, chargebacks, risk checks, wallets or payout records are processed; • from authentication providers if you use third-party login; • from app stores and device platforms where needed for app distribution, push notifications, app permissions, crashes or platform services; • from analytics, support, messaging, security and infrastructure providers that help us operate Pulse; • automatically from your device, browser or app, including technical data, cookies, logs, crash reports, approximate location and usage data; • from public or business sources, such as club websites, professional networks or business directories, where we contact prospective clubs lawfully.

7. Why we use personal data

We use personal data for the purposes below.

Account creation and login We use account, identity, authentication and technical data to create accounts, verify logins, keep accounts secure and provide access to Pulse. Our lawful bases are performance of contract and legitimate interests.

Profile management We use account and profile data to let players manage their profile, preferences, settings, visibility and app experience. Our lawful bases are performance of contract and legitimate interests.

Club and customer linking We use account data, email addresses, club customer records and linking identifiers to connect Pulse player accounts with club-specific customer records where appropriate. Our lawful bases are performance of contract and legitimate interests. Where a club creates or imports data, the club is responsible for its own lawful basis.

Court bookings We use account, booking, club, location, payment and notification data to create, manage, update, cancel and fulfil court bookings. Our lawful bases are performance of contract and legitimate interests.

Open matches We use account, match, participant, level, rating, eligibility, payment, chat and notification data to let players create, join, request to join, pay for and manage open matches. Our lawful bases are performance of contract and legitimate interests.

Split-pay invitations and payment tracking We use booking, invitee, participant, payment-status and notification data to invite friends, track payment responsibility, send reminders and settle payment obligations. Our lawful bases are performance of contract and legitimate interests.

Payments, refunds, wallets and credits We use payment, wallet, transaction, refund, invoice, tax/accounting and fraud/risk data to process payments, track payment status, issue or record refunds, maintain wallet balances, handle disputes and comply with legal obligations. Our lawful bases are performance of contract, legal obligation and legitimate interests.

Coaching, tournaments, leagues, memberships and social events We use account, registration, eligibility, payment, waitlist, booking and notification data to manage activities, registrations, payments, cancellations, refunds and waitlists. Our lawful bases are performance of contract and legitimate interests.

Club customer management through Pulse Manager We process club customer data, notes, categories, wallet records, booking history and transaction history to help clubs manage their customers and operations. Depending on the context, Pulse may act as processor for the club, or as controller for Pulse platform purposes.

Club staff and admin accounts We use staff identity, role-permission and audit-log data to manage club access, permissions, security and accountability. Our lawful bases are performance of contract and legitimate interests.

Service notifications and reminders We use account, booking, activity, payment, device and notification data to send confirmations, reminders, cancellations, refund updates, match updates, waitlist alerts, chat notifications and other service communications. Our lawful bases are performance of contract and legitimate interests. Consent may apply for certain channels where required by law.

Marketing communications We use contact, preference and campaign-engagement data to send marketing communications, product updates, club information or surveys where permitted. Our lawful bases may include consent, soft opt-in rules where lawful, and legitimate interests for appropriate business-to-business communications.

Custom alerts If you create custom alerts, we use your alert preferences, saved clubs, selected times, days, level criteria and notification settings to send relevant alerts. Our lawful bases are consent or opt-in where required, performance of contract and legitimate interests.

Chat and messaging We use chat content, metadata, participant information and notification data to deliver chat, group messages, booking/activity messages and support communications. Our lawful bases are performance of contract and legitimate interests.

Support and troubleshooting We use account, booking, payment, chat, technical-log and support-message data to respond to support requests, investigate issues and improve reliability. Our lawful bases are performance of contract, legitimate interests and legal claims where relevant.

Authorised Pulse personnel access Authorised Pulse personnel may access operational, account, booking, payment, customer, chat or diagnostic data where reasonably necessary for support, troubleshooting, security, fraud prevention, compliance, billing, dispute handling, debugging or platform administration. Our lawful bases are legitimate interests, performance of contract, legal obligation and legal claims where relevant.

Safety, fraud prevention and enforcement We use account, device, payment, risk, security, report and audit data to prevent fraud, abuse, misuse, duplicate payments, account compromise and breaches of our terms. Our lawful bases are legitimate interests, legal obligation and legal claims where relevant.

Ratings, results, reliability and eligibility features We use result, rating, match history, level, reliability and eligibility data to support competitive play, match eligibility, level/range features, fairness, player history and platform integrity. Our lawful bases are performance of contract and legitimate interests.

Analytics and product improvement We use usage, technical, event and analytics data to understand how Pulse is used, improve features, fix issues and develop the product. Our lawful bases are legitimate interests and consent where required for non-essential cookies or similar technologies.

Crash reporting and diagnostics We use technical data, device data, app-version data, logs and crash reports to diagnose bugs, improve stability and maintain security. Our lawful basis is legitimate interests.

Legal compliance, accounting, tax and disputes We use payment, invoice, tax, account, support, legal and audit data to comply with legal obligations, respond to regulators, handle chargebacks, resolve complaints and protect legal rights. Our lawful bases are legal obligation, legitimate interests and legal claims.

Club onboarding, billing and commercial communications We use club admin, business, billing and sales data to onboard clubs, manage subscriptions or fees, provide support and communicate with clubs. Our lawful bases are performance of contract, legitimate interests and legal obligation.

Cookies and similar technologies We use cookies, SDKs, device identifiers and similar technologies for essential services, analytics, diagnostics, fraud prevention, preferences and marketing where enabled. Our lawful bases are consent where required and legitimate interests or performance of contract for essential technologies.

8. Our legitimate interests

Where we rely on legitimate interests, our interests may include:

• operating and improving Pulse; • helping clubs run bookings, customers, payments and activities; • keeping the platform secure; • preventing fraud, abuse, misuse, duplicate payments and payment errors; • maintaining accurate booking, payment, wallet, refund and audit records; • resolving support issues and technical problems; • sending service communications and reminders; • enforcing our terms and club rules; • protecting players, clubs, guests, staff and Pulse; • understanding how Pulse is used and improving our product; • managing commercial relationships with clubs; • handling complaints, disputes, chargebacks, legal claims and regulatory matters.

When we rely on legitimate interests, we consider whether our interests are overridden by your rights, freedoms or reasonable expectations. You may have the right to object to processing based on legitimate interests.

9. Notifications and communications

Pulse sends service, transactional, support and marketing communications.

Service and transactional communications may include:

• account and login messages; • booking confirmations; • payment confirmations and payment reminders; • split-pay invitations and reminders; • cancellation and refund messages; • open-match updates; • join-request and voting updates; • waitlist and custom alert notifications; • match result and rating-related prompts; • chat notifications; • safety, security and support messages; • important changes to Pulse or our terms or policies.

These messages are part of providing Pulse. Some critical service information may still appear in the app or on relevant detail screens even if you disable marketing or push notifications.

Marketing communications may include product updates, promotions, club onboarding messages, surveys, news or event information. You can opt out of marketing using unsubscribe links, account/app settings where available, or by contacting us.

We may communicate by in-app messages, push notifications, email, SMS or WhatsApp if enabled, support channels, website forms and business communications.

Push notifications are also controlled by your device operating system. You can disable push permissions in your device settings. Some passive status information may still appear inside the app because it is part of the service.

10. Location data

Pulse uses location information to make the platform work.

We may process:

• player home location; • search location; • device or GPS location if you give permission; • club location; • approximate location from IP address or device/browser information.

We use location data to:

• help you discover clubs and activities near you; • calculate distance to clubs; • show local times and timezones correctly; • apply region-specific payment, currency, device or compliance behaviour; • prevent fraud and misuse; • support club operations and reporting.

You can disable device location permissions through your device settings. Some location fields, such as home location or country, may require support assistance to change because they can affect region-specific compliance or payment behaviour.

11. Payments, wallets and financial data

Pulse supports payments, refunds, wallets, credits, invoices, payout records and payment-status tracking.

Payment providers, such as Stripe, Cashfree or other providers depending on country and club setup, may process payment information under their own terms and privacy notices. In many cases, full card details are handled directly by the payment provider and are not stored by Pulse.

Pulse may receive and process:

• payment method type; • payment provider tokens or IDs; • payment intent or transaction references; • payment status; • refund status; • chargeback or dispute information; • wallet or credit balances; • invoice and payout data; • fraud or risk signals; • tax and accounting information.

Pulse may charge, deduct or receive platform or service fees connected with transactions, depending on the commercial model, country, payment provider and club contract.

Wallets and credits are generally club-specific. A club wallet balance may only be usable at the relevant club and may be subject to club rules, restrictions, expiry or lock status.

Refunds may return to the original payment method, a club wallet or another permitted destination depending on the payment method, club rules, payment provider and applicable law. For off-system payments recorded by a club, Pulse may record refund status, but the club may need to process the real-world cash, POS or bank refund itself.

Payment method availability may depend on your country, the club’s country, device platform, payment provider rules, payment regulations and club settings.

12. Data shared with clubs

Clubs may see information needed to fulfil and manage bookings, activities, payments, customer relationships and safety.

This may include:

• player or customer name, email and phone number; • profile photo and relevant player profile information; • booking and activity history at that club; • payment status, refund status and wallet or credit balances at that club; • category and membership information; • waitlist status; • level, rating or reliability information where relevant to the feature; • notes and records created by the club; • chat and communications connected to club activities where relevant; • support or admin information needed to manage the club relationship.

For verified Pulse players, clubs may be restricted from editing core profile information controlled by the player. For unverified or local-only customer records created by a club, the club may manage the record as part of its own customer administration.

13. Data shared with other users

Pulse is a social and operational booking platform. Some personal data must be visible to other users for the service to work.

Players involved in the same booking, match, chat or activity may see limited information about each other, such as:

• name; • profile photo; • level, rating or reliability band where relevant; • participation status; • payment state where needed for split-pay or booking transparency; • chat messages and message metadata; • result or rating-related information; • attendance or cancellation status where relevant; • join requests, votes or eligibility information where required by the match feature.

We aim to share only what is necessary for the relevant feature.

14. Chat and messaging

Pulse may provide chat or messaging features for bookings, matches, groups, coaching, tournaments, leagues, social events, support and club communications.

Chat participants can see messages and related participant information in the relevant conversation. Club staff may access chats connected to their club where needed to run an activity, support players, respond to issues, enforce rules or manage safety.

Authorised Pulse personnel may access chat content or metadata where reasonably necessary for support, troubleshooting, security, abuse prevention, moderation, legal compliance, debugging, dispute handling or platform administration.

We may use third-party chat or messaging providers to deliver these features.

Do not share sensitive personal information in chats unless necessary. Chat content may be retained where needed for service operation, safety, disputes, legal compliance or audit purposes.

15. Data shared with third parties

We may share personal data with the following categories of recipients:

Hosting, cloud and infrastructure providers Used to host Pulse, store data, run databases, manage backups, maintain security and keep the platform available.

Payment providers Used to process payments, refunds, authorisations, payouts, fraud checks, chargebacks and payment-method services.

Fraud, risk and security providers Used to detect fraud, abuse, suspicious activity, payment risk and platform misuse.

Analytics providers Used to understand usage, improve features, measure performance and improve conversion.

Customer support tools Used to manage support tickets, user enquiries, troubleshooting and support history.

Chat and messaging providers Used to deliver chat, direct messages, group messages and related notifications.

Email, SMS and push notification providers Used to send service notifications, reminders, marketing communications and security messages.

App stores and device platforms Used for app distribution, push notifications, crash reporting, permissions and platform services.

Authentication providers Used for login and authentication services, such as Google or Apple sign-in.

Maps and location providers Used for location search, maps, directions, distance and venue discovery.

Professional advisers Used where we need accountants, auditors, lawyers, insurers, tax advisers or other professional advisers.

Regulators, courts and law enforcement Used where required by law, legal process, safety, investigation or enforcement.

Clubs and club staff Used to fulfil bookings, operate activities, manage customers and administer club services.

Other Pulse users Used where required for bookings, matches, chats, invites, results, waitlists or activities.

Affiliates or group companies Used if Pulse later operates through group companies or affiliates.

Business transfer parties Used in connection with investment, merger, acquisition, restructuring, sale of assets, financing, due diligence or similar business transactions.

We do not sell your personal data to advertisers.

16. International transfers

Pulse is based in the United Kingdom, but the platform may be used internationally. Personal data may be processed in the UK, the EU/EEA, India, Brazil and other countries depending on users, clubs, providers and infrastructure.

Where personal data is transferred internationally, we will use appropriate safeguards where required. These may include:

• UK adequacy regulations; • EU adequacy decisions; • the EU Standard Contractual Clauses; • the UK International Data Transfer Agreement; • the UK Addendum to the EU Standard Contractual Clauses; • contractual, organisational and technical safeguards; • other lawful transfer mechanisms recognised under applicable local law.

Some countries may not provide the same level of data protection as your home country. We take steps designed to protect personal data in accordance with applicable law.

Local restrictions may apply in India, Brazil or other markets. Additional regional privacy notices may explain those requirements where applicable.

17. Retention

We keep personal data for as long as reasonably necessary for the purposes described in this policy, including to provide Pulse, operate clubs and bookings, comply with law, resolve disputes, prevent fraud, maintain security and keep accurate financial records.

We consider the type of data, the user relationship, legal duties, payment requirements, tax and accounting rules, dispute risks, local law and club instructions when deciding how long to keep data.

Account data is usually kept while your account is active, and then for a reasonable period after closure for security, fraud prevention, support, legal and audit purposes.

Booking, match and activity records are kept as needed for service history, refunds, disputes, legal claims, ratings, results, club records, audit and accounting.

Payment, refund, invoice and tax records are kept for longer periods where required for accounting, tax, chargebacks, audits, anti-fraud and legal compliance.

Club customer records are retained according to the club’s instructions and lawful basis where Pulse acts as processor, subject to our own legal and contractual obligations.

Support records are kept as needed to handle support, quality, security, complaints, legal claims and recurring issues.

Chat records are kept while needed for the service, safety, moderation, support, disputes, legal compliance and audit.

Wallet and credit records are kept as needed for financial accuracy, club history, disputes, accounting and legal compliance.

Technical and security logs are kept for limited security and diagnostic periods unless needed longer for fraud, abuse, incidents or legal reasons.

Analytics data is aggregated or anonymised where possible. Identifiable analytics are kept for limited periods appropriate to the purpose.

Marketing data is kept until you opt out or withdraw consent, with suppression records retained to respect your opt-out.

Legal and compliance records are kept as needed for limitation periods, regulatory duties, legal claims and audit requirements.

When data is no longer needed, we delete, anonymise or restrict it where appropriate.

18. Account deletion and data deletion

You may request deletion of your Pulse account or personal data. You may also have statutory rights to erasure depending on your location and the context.

If you delete your Pulse Player account:

• your global player account may be deactivated or soft-deleted; • you may no longer be able to log in or use the Player app; • some club-scoped records may remain with the relevant clubs as local or unverified customer records where legally permitted or required; • historical booking, payment, refund, tax, wallet, membership, dispute, security, audit and legal records may be retained; • deletion may not immediately remove all information from backups, logs or records that must be retained; • deletion does not necessarily remove information that clubs need to retain as independent controllers.

If your request relates to data controlled by a club, we may direct you to the relevant club or support the club in responding, depending on our role.

We may refuse or limit deletion where we need to keep data for legal obligations, contract performance, fraud prevention, safety, dispute handling, accounting, tax, audit or legal claims.

19. Cookies and similar technologies

Pulse uses cookies, SDKs, pixels, local storage and similar technologies on the website, Player app and Manager web app.

These technologies may be used for:

• essential functions, such as login, security, preferences and session management; • analytics and performance measurement; • crash reporting and diagnostics; • fraud prevention and security; • marketing or advertising measurement, if enabled; • remembering preferences and improving user experience.

Some cookies or SDKs are essential. Others, such as analytics or marketing technologies, may require consent depending on the country and technology.

You can control cookies through your browser settings and, where available, our cookie consent tool. You can control app permissions through your device settings.

For more information, please see our Cookie Policy.

20. Children and junior users

Pulse Player accounts are intended for users aged 18 or over unless we introduce a specific junior account or parent-managed account flow.

Clubs may offer junior coaching, classes, courses or activities. Where juniors participate, a parent or guardian, or the relevant club, may provide limited information needed to manage the booking or activity. Clubs are responsible for ensuring they have an appropriate lawful basis and consent where they create or manage junior records as controllers.

Pulse does not knowingly allow children to create their own Player account unless a specific junior account or parent-managed flow has been enabled and appropriate safeguards are in place.

If we discover that a child has created an account without the required permission or legal basis, we may suspend or delete the account and take steps to limit further processing.

Where children’s data is processed, additional protections may apply, including age-appropriate transparency, parental or guardian consent where required, data minimisation, privacy-by-default settings, and restrictions on profiling, geolocation, marketing or behavioural tracking.

21. Automated decision-making, profiling and algorithms

Pulse uses automated rules, filters, calculations and indicators to operate the platform. These may include:

• location-based club and activity discovery; • booking availability and pricing rules; • payment, refund and wallet checks; • level, rating and reliability indicators; • level-range eligibility for matches and activities; • join-request workflows; • waitlist and notification rules; • fraud, abuse and security checks; • personalised recommendations or custom alerts, if enabled; • analytics and product improvement.

These features help provide the service, improve relevance, maintain fairness and protect the platform.

Some automated rules may affect what you see, whether a feature is available, whether a payment can proceed, whether you can directly join a match, or whether additional review is needed.

We do not intend to use solely automated processing to make decisions that have legal or similarly significant effects on you without appropriate safeguards. Where required by law, we will provide information about such processing and rights to request human review, challenge the decision or make representations.

22. Security

We use reasonable technical and organisational measures designed to protect personal data, including where appropriate:

• access controls and role-based permissions; • authentication and account security controls; • encryption in transit and/or at rest where appropriate; • audit logs and access logs; • staff access restrictions; • vendor due diligence and contractual controls; • secure development and testing practices; • monitoring, logging and incident response; • backup and recovery processes; • data minimisation and retention controls.

No system is perfectly secure. You are responsible for keeping your login credentials confidential and telling us promptly if you suspect unauthorised access to your account.

23. Authorised Pulse personnel access

Authorised Pulse personnel may access operational, account, booking, payment, customer, chat, diagnostic, support or technical data where reasonably necessary for legitimate business purposes, including:

• support and troubleshooting; • debugging technical issues; • security and fraud prevention; • abuse prevention and enforcement; • billing and payment operations; • club onboarding and platform administration; • compliance, audit and legal requirements; • investigating disputes, complaints or incidents; • maintaining the accuracy and reliability of the platform.

Access is limited to people with a legitimate need and should be logged or audited where appropriate. Pulse personnel must not use this access for unrelated personal or improper purposes.

24. Your rights

Depending on where you are located and the context in which your data is processed, you may have rights including:

• the right to access your personal data; • the right to correct inaccurate data; • the right to request deletion; • the right to restrict processing; • the right to data portability; • the right to object to processing based on legitimate interests; • the right to object to direct marketing; • the right to withdraw consent where processing is based on consent; • rights relating to automated decision-making where applicable; • the right to complain to a supervisory authority.

To exercise your rights, contact us at hello@pulse-sport.io.

We may need to verify your identity before responding. We may not always be able to fulfil a request in full, for example where we need to keep data for legal, accounting, security, fraud, dispute or contractual reasons.

If your request relates to personal data controlled by a club, we may direct you to the relevant club or work with the club to respond.

25. Complaints

If you are in the UK, you can complain to the Information Commissioner’s Office. We encourage you to contact us first so we can try to resolve your concern.

If you are in the EU/EEA, you may have the right to complain to your local data protection authority.

If Brazilian data protection law applies, you may have rights under the LGPD, including rights to confirmation of processing, access, correction, anonymisation, blocking or deletion, portability, information about sharing, withdrawal of consent and review of certain automated decisions.

If Indian data protection law applies, you may have rights under applicable Indian data protection law, including rights to access information, correction, completion, updating, erasure, grievance redressal and nomination, subject to applicable rules.

26. Marketing choices

You can opt out of marketing emails by using the unsubscribe link in the email or by contacting us at hello@pulse-sport.io.

You may also be able to control marketing and notification preferences in your account or app settings.

Opting out of marketing does not stop service communications, such as booking confirmations, payment reminders, cancellations, refunds, security messages or important account notices.

Push notifications can be controlled in your device settings. Some in-app messages, reminders or passive status screens may still appear because they are part of the service.

27. Additional information for certain countries and regions

United Kingdom Pulse is based in England. Our main data protection framework is the UK GDPR and the Data Protection Act 2018, together with applicable privacy and electronic communications laws.

EU/EEA, Spain, France and Poland If you are in the EU/EEA, EU GDPR and local Member State laws may apply. You may have additional rights and local regulator access.

Spain, France and Poland may have local privacy, consumer, language, marketing, staff, children or regulator-specific requirements. Where required, we may provide additional country-specific privacy information.

Brazil If Brazilian law applies, the Lei Geral de Proteção de Dados may apply. You may have local rights in relation to your personal data, and additional protections may apply to children’s and adolescents’ data.

India If Indian law applies, Indian digital personal data protection law may apply. Additional notice, consent, grievance, children’s data and cross-border transfer requirements may apply.

28. Changes to this policy

We may update this Privacy Policy from time to time.

If we make material changes, we will take reasonable steps to notify you, such as by email, in-app notice or website notice, depending on the nature of the change and applicable law.

The “Last updated” date at the top of this policy shows when it was last revised. You should review this policy periodically.

29. Contact us

For privacy questions, requests or complaints, contact:

PULSE SPORTS HOLDINGS LTD 71–75 Shelton Street, London, England, WC2H 9JQ Email: hello@pulse-sport.io Website: https://pulse-sport.io/

If your request relates to a club’s own use of your data, you may also need to contact the relevant club.