Privacy policy

On feed-pulse.com: when you load a page, our servers log the request URL, the day's date, and a derived country code (e.g. "US", "DE") computed from your IP in-memory only. Your IP is never written to disk or held in memory beyond that single request.

Forms you fill in: if you contact us through /contact or opt in to a tool's "email me when indexed" notification, we store the email you submitted and the form payload until you ask us to delete it.

If you embed a FeedPulse widget on your site: when a visitor to your site loads the widget, their browser sends a request to our servers. We apply the same hash-IP-to-country-then-discard flow. We do NOT receive page content, scroll position, mouse movements, or any cross-site browsing data.

We set zero analytics cookies. We set zero advertising cookies. No FeedPulse code reads or writes document.cookie for tracking purposes.

The only cookie set by feed-pulse.com is a strictly necessary, functional session cookie when an operator logs into /admin/quota. Under GDPR Art. 5(3) ePrivacy Directive, strictly-necessary cookies do not require consent banners. CCPA exempts them as well.

Why no cookie banner? Because we set no consent-requiring cookies, we are not legally required to display a banner under GDPR, ePrivacy, CCPA, or UK PECR. We chose this design intentionally — cookie banners harm UX and bury actual data flows behind ritual.

The third parties that process your data on our behalf, in real time, are:

• MongoDB Atlas (database hosting · US + EU regions · GDPR-DPA signed)
• Resend (transactional email · only when you opt in to a form · GDPR-DPA signed)
• Cloudflare (DNS + CDN · sees request IPs at the edge before they reach us · GDPR-DPA signed)
• Read-only public APIs we call to compute SEO metrics: Moz, OpenPageRank, SerpAPI, PageSpeed Insights, Open-Meteo, CoinGecko, Wikipedia, Web Archive. We send them a domain name, never a visitor IP.

You have the right to:

• Request access to any personal data we hold about you
• Request correction or deletion
• Opt out of any email communication (every email has an unsubscribe link)
• Object to processing on legitimate-interest grounds
• Lodge a complaint with your local data-protection authority (e.g. ICO in the UK, CNIL in France)

To exercise any of these rights, email privacy@feed-pulse.com or use the contact form. We respond within 30 days.

Aggregate visit counters (per-day country-coded request counts) are retained indefinitely — they are not personal data. Email addresses you submit are retained until you ask us to delete them, or until the underlying notification has been fulfilled (e.g. "email me when indexed" alerts auto-delete the email 90 days after the notification fires).

If you embed any FeedPulse widget (live traffic feed, flag counter, online visitors, weather, comments, etc.) on your own website, you are designating FeedPulse as a sub-processor under GDPR Art. 28. To stay compliant, you should:

1. Disclose FeedPulse in your own privacy policy (a one-line entry is fine: "We use FeedPulse, an embeddable widget provider, that processes visitor IPs server-side to derive country codes and immediately discards them.")
2. Have a lawful basis under Art. 6(1) — legitimate interest (6(1)(f)) is the standard one for free visitor-counter widgets.
3. If you handle special category data (health, political, sexual orientation) email us — we'll send a signed DPA.

We provide a free Data Processing Agreement (DPA) PDF on request to any EU customer. Email dpa@feed-pulse.com.

FeedPulse is not directed at children under 13 (under-16 in the EU). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, email privacy@feed-pulse.com and we'll delete it.

If we materially change this policy, we'll update the "Last updated" date at the top and announce the change on our blog. For non-material clarifications (typos, restructuring) we update silently.