Pulse
Google Fit analytics
← Back to dashboard

Privacy Policy

Last updated: June 27, 2026

This Privacy Policy explains how Pulse ("Pulse", "we", "us", or "the app") collects, uses, and protects information when you use the application. Pulse is a fitness analytics dashboard that visualizes data from Google Fit. By using the app, you agree to the practices described below.

Summary

  • We only access your Google Fit data after you explicitly connect your account and grant consent.
  • We request read-only access to your fitness data.
  • Your data is used solely to display analytics back to you in your own session.
  • We do not sell your data, and we do not use it for advertising.
  • Access tokens are stored in secure, httpOnly cookies in your browser session and are never exposed to client-side JavaScript.

Information We Access

When you choose to connect your Google account, Pulse requests the following read-only Google Fitness scopes to generate your dashboard:

  • Activity — steps, active minutes, and calories.
  • Location — distance traveled during activities.
  • Body — body weight measurements.
  • Heart rate — heart rate readings.
  • Sleep — sleep duration.

If you do not connect a Google account, Pulse displays only synthetic demo data and accesses none of your personal information.

How We Use Your Information

We use the data described above exclusively to compute and display fitness analytics — such as trends, averages, goal progress, streaks, and insights — within your active session. Processing happens on the server only to fetch and aggregate the data requested by your browser.

Data Storage and Retention

Pulse does not maintain a database of your fitness data. Your Google OAuth access and refresh tokens are stored in httpOnly browser cookies so the app can retrieve data on your behalf during your session. Fitness data is fetched on demand and is not persisted by the app beyond what your browser caches for display. You can clear stored tokens at any time by clicking Disconnect, which deletes the session cookies.

Google API Services User Data Policy

Pulse's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for serving advertisements, and we do not transfer or sell this data to third parties.

Data Sharing

We do not share, sell, rent, or trade your personal data with third parties. Data is transmitted only between your browser, the Pulse server, and Google's APIs to fulfill your requests.

Security

We take reasonable measures to protect your information. OAuth client secrets are kept server-side and never sent to the browser. Access tokens are stored in httpOnly, SameSite cookies, marked secure in production. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Revoking Access

You can disconnect Pulse from within the app at any time. You may also revoke the app's access to your Google account directly from your Google Account permissions page.

Children's Privacy

Pulse is not intended for use by individuals under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page.

Contact

If you have questions about this Privacy Policy, please contact the app developer at your-email@example.com.