Pulse Club← Back to home
Legal

Privacy Policy

Last updated: 25 May 2026 · Effective: 25 May 2026

1. Who We Are

TEST 1000 Inc. (trading as Pulse Coaching) (“Pulse Coaching”, “we”, “us”, or “our”) is a corporation organised and existing under the laws of the State of Delaware, USA, with its registered office at 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex and principal place of business at 4615 Briar Oaks, Dallas, Texas, 75287.

Pulse Coaching operates the virtual fitness platform available at https://www.pulse-coaching.com and its associated applications (together, the “Platform”). Pulse Coaching is: (a) the “data controller” for personal data processed in the United Kingdom and the European Economic Area under the UK GDPR and EU GDPR; (c) a “business” for the purposes of the California Consumer Privacy Act and equivalent US state privacy statutes; (d) an “APP entity” for the purposes of the Australian Privacy Act 1988 (Cth) where applicable; (e) an “organization” for the purposes of the Canadian Personal Information Protection and Electronic Documents Act SC 2000 c 5 (PIPEDA) and applicable provincial statutes where applicable; and (f) a “responsible party” under the South African POPIA where its territorial reach extends to processing by Pulse Coaching.

Target markets. The Platform is actively offered in the United Kingdom, Ireland, the European Union, the United States, Australia and Canada (the “Target Markets”). The Platform is accessible from other jurisdictions, but Pulse Coaching does not actively market the Platform outside the Target Markets and makes no representation that this Privacy Policy has been tailored to the data-protection laws of any jurisdiction outside the Target Markets. If you access the Platform from outside the Target Markets, the fallback in Section 13.5 applies.

Contact us at any time: aaron@pulse-coaching.com

EU and UK Representatives

In accordance with Article 27 of the UK GDPR and EU GDPR, Pulse Coaching is in the process of formally appointing representatives in the United Kingdom and the European Union. Details of the appointed representatives will be published on this page when each appointment is confirmed. Until then, all enquiries should be directed to aaron@pulse-coaching.com.

2. Scope of This Policy

This Privacy Policy describes how we collect, use, store, share and protect personal information (“Personal Information”, used in this policy as a collective term that covers “personal data” as defined in Article 4 UK/EU GDPR, “personal information” as defined in US state privacy law and the Australian Privacy Act 1988 (Cth), and “personal information” as defined in Canadian PIPEDA and POPIA) when you access or use the Platform. It applies to all visitors, registered members, coaches and corporate account holders.

This policy does not apply to third-party websites, services or applications that may be linked to from the Platform.

Plain language. This policy has been drafted in plain language. If any provision is unclear, please contact aaron@pulse-coaching.com before using the Platform.

3. Information We Collect

3.1 Information You Provide Directly

When you register, use the Platform or communicate with us, we collect:

  • Account information: first name, last name, email address, password (hashed and salted; never stored in plain text).
  • Profile information: fitness goals, fitness level, injury history, health conditions relevant to exercise programming, and any other information you choose to provide. Some of this information constitutes “special category personal data” under Article 9 UK/EU GDPR, “sensitive personal information” under the California CPRA and other US state privacy statutes, “sensitive information” under Australian Privacy Principle 3.3, and equivalent terms under Canadian PIPEDA and provincial Canadian privacy statutes. See Section 5.
  • Body metrics: weight, body fat percentage and similar measurements you voluntarily log.
  • Session notes and check-in data: responses to daily wellbeing check-ins, post-session feedback and ratings.
  • Payment information: billing name and address. We do not store full card numbers. Payment card details are processed and stored by Stripe, Inc., in accordance with PCI DSS.
  • Communications: messages sent between you and your coach through the Platform, including text, images and voice notes.
  • User-generated content: community posts, comments, reactions and any other content you create or share.
  • Corporate account information (B2B customers only): company name, billing email, employee roster and usage data.

3.2 Information Collected Automatically

  • Device and usage information: IP address, browser type and version, operating system, device identifiers, pages visited, features used and session duration.
  • Log data: server logs recording your interactions with the Platform.
  • Push notification tokens: device tokens used to deliver notifications through Apple Push Notification service and Google Firebase Cloud Messaging.
  • Analytics data: product usage events collected through Google Analytics.
  • Error and performance data: technical error reports processed through Google Cloud (Cloud Error Reporting / Cloud Logging).

3.3 Information From Third Parties

If you choose to sign in using Google or Apple, we receive from the relevant identity provider your name and email address as authorised by you at the time of sign-in.

We use Google Calendar and Google Meet to schedule sessions and generate video conferencing links. Google may process metadata related to calendar events created on your behalf.

4. How We Use Your Information

We use your Personal Information for the purposes set out below. For each purpose we identify the legal basis under the UK/EU GDPR.

4.1 To Provide and Operate the Platform

Legal basis: Article 6(1)(b) UK/EU GDPR (performance of a contract).

  • Creating and managing your account.
  • Matching you with an appropriate coach.
  • Scheduling and delivering coaching sessions via Google Meet.
  • Providing access to live group fitness classes.
  • Processing subscription payments through Stripe.
  • Storing and displaying user-generated content as part of the community features.
  • Sending transactional notifications and emails about your bookings, sessions and account.

4.2 To Provide Personalised Coaching

Legal basis: Your explicit consent (Article 9(2)(a) UK/EU GDPR). This consent is obtained on a dedicated consent screen during onboarding, separately from your acceptance of these Terms and our Privacy Policy.

  • Sharing relevant health and fitness information with your assigned coach solely for the purpose of personalising your exercise programme.
  • Generating and reviewing session notes and progress data.

4.3 To Improve the Platform

Legal basis: Article 6(1)(f) UK/EU GDPR (legitimate interests). A summary of our legitimate-interests assessment is available on request.

  • Analysing anonymised and aggregated usage data to improve product features and performance.
  • Diagnosing and resolving technical errors using Google Cloud monitoring services.

4.4 To Communicate With You

Legal basis: Article 6(1)(b) (contract) for service communications; Article 6(1)(a) (consent) for optional marketing communications.

4.5 To Comply With Legal Obligations

Legal basis: Article 6(1)(c) UK/EU GDPR. Maintaining records required by applicable tax and corporate law; responding to lawful requests from regulatory authorities or courts.

4.6 Automated Decision-Making

Pulse Coaching does not make any decisions about you that produce legal or similarly significant effects based solely on automated processing. Our coach-matching recommendation during onboarding is a suggestion; the final selection is always made by you.

5. Special Category Data — Health, Biometric and Mental-Wellbeing Data

Certain information you provide constitutes special category personal data under Article 9 of the UK/EU GDPR. This includes injury history and health conditions, mental wellbeing indicators captured in daily check-ins (mood, sleep, stress), body composition and biometric measurements, and photographs or video that may reveal physical or health information.

Legal bases for processing. We process this data on the basis of your explicit, voluntary, specific and informed consent under Article 9(2)(a) UK/EU GDPR, requested via a dedicated consent screen during onboarding.

Withdrawal of consent. You may withdraw your consent at any time via Profile → Settings → Health Data Consent, or by emailing aaron@pulse-coaching.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. On withdrawal, we will delete or de-identify the special category data within 30 days, save where retention is required by law.

Access to your health data is strictly limited to: (a) you; (b) your assigned coach; and (c) Pulse Coaching platform administrators acting in a support or compliance capacity. Your health data is never shared with other members, corporate account administrators, or third parties for marketing purposes.

6. Third-Party Data Processors

Pulse Coaching’s processing stack consists of two primary processors: Google and Stripe. Each is bound by a written contract that, in accordance with Article 28 UK/EU GDPR, requires the processor to process Personal Information only on our written instructions, implement appropriate security measures, treat the data as confidential, notify us promptly of any breach, return or destroy the data on termination, and assist us in responding to data subject requests.

  • Google LLC — Google Workspace and Drive (storage), Google Meet (video sessions), Google Calendar (scheduling), Google Sign-In, Firebase Cloud Messaging (push), Google Analytics, Google Cloud Error Reporting. Bound by the Google Cloud DPA and Workspace DPA, incorporating EU SCCs and the UK IDTA. Google is a self-certified participant in the EU-US Data Privacy Framework and UK Extension. Privacy policy: https://policies.google.com/privacy.
  • Stripe, Inc. — Payment processing. PCI DSS Level 1 certified, bound by the Stripe DPA (incorporating EU SCCs and UK IDTA Addendum), self-certified under the EU-US DPF. Privacy policy: https://stripe.com/privacy.
  • Apple Inc. — Sign in with Apple and Apple Push Notification service. Privacy policy: https://www.apple.com/legal/privacy/.

We do not sell your Personal Information. We do not share your Personal Information with advertisers. Pulse Coaching operates with no advertising on the Platform.

7. International Data Transfers

Pulse Coaching is operated from the United States. If you access the Platform from the United Kingdom, the European Economic Area, Canada, Australia or another jurisdiction outside the United States, your Personal Information will be transferred to and processed in the United States and in other Google data-centre regions globally.

UK to US: we rely on Google’s and Stripe’s self-certification under the UK Extension to the EU-US Data Privacy Framework, and the UK IDTA to the EU SCCs as a fallback safeguard.

EEA to US: we rely on Google’s and Stripe’s self-certification under the EU-US DPF (Commission Implementing Decision (EU) 2023/1795), and EU SCCs (Commission Implementing Decision (EU) 2021/914) as a fallback safeguard.

Australia: cross-border disclosure is undertaken on the basis of Australian Privacy Principle 8.1, relying on the contractual safeguards in the Google Cloud DPA and Stripe DPA.

Canada: cross-border disclosure is undertaken on the basis of PIPEDA Schedule 1 Principle 4.1.3 and equivalent provincial obligations. Quebec residents have additional rights under Quebec Law 25.

8. Data Retention

  • Account and profile data: retained for the duration of your account, plus 7 years following account closure to comply with US tax and corporate record-keeping requirements.
  • Session notes and health data: retained for the duration of your account. Deleted within 30 days of a verified erasure request, subject to overriding legal obligations.
  • Payment records: retained for 7 years in accordance with applicable US and UK tax law requirements.
  • Communications and message data: retained for 3 years following the end of your subscription.
  • Anonymous and aggregated analytics data: retained indefinitely as it cannot be used to identify you.

When your account is deleted, we delete or irreversibly anonymise your Personal Information within 30 days, except where retention is required or authorised by law.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

  • Notify the UK Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, where required by the UK GDPR.
  • Notify the relevant EU supervisory authority within 72 hours, where required by the EU GDPR.
  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable where the breach constitutes an “eligible data breach”.
  • Notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible, and the equivalent provincial regulator where applicable.
  • Notify the relevant US state attorney general and affected individuals where required by applicable US state breach-notification statutes.
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

If you become aware of any security vulnerability or suspected breach, please notify us at aaron@pulse-coaching.com.

10. Direct Marketing

Pulse Coaching does not engage in unsolicited electronic direct marketing to non-customers. If you become a customer, we may from time to time send you marketing communications about our own similar products or services, in reliance on the UK/EU “soft opt-in” rules, the consent-based regime under the Australian Spam Act 2003, the implied-consent regime under CASL, and the opt-out regime under the US CAN-SPAM Act. Each marketing communication will contain a free and easy unsubscribe mechanism. You may object to direct marketing at any time via the unsubscribe link or at aaron@pulse-coaching.com.

11. Cookies and Similar Technologies

We use technically necessary cookies and similar technologies to operate the Platform, including session tokens required for authentication and security. We also use Google Analytics cookies for product analytics. We do not use cookies to serve behavioural advertising. Where consent is required by law, we obtain it via the cookie consent banner. Disabling technically necessary cookies will affect your ability to log in and use the Platform.

12. Security

In accordance with Article 32 UK/EU GDPR, Australian Privacy Principle 11, PIPEDA Schedule 1 Principle 4.7, and equivalent obligations, we implement appropriate technical and organisational measures, including:

  • All data transmitted to and from the Platform is encrypted in transit using TLS.
  • Passwords are hashed using industry-standard algorithms before storage.
  • Access to data stored in Google Workspace and Google Drive is controlled by Google’s IAM, sharing permissions, audit logging and security monitoring.
  • Payment card data is processed exclusively by Stripe and is not stored on our servers.
  • Access to personal data is restricted to authorised personnel on a need-to-know basis.

No method of data transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any material breach affecting your data in accordance with applicable law.

13. Your Rights

13.1 Rights Under UK GDPR and EU GDPR

  • Right of access — to obtain a copy of your personal data and information about how we process it.
  • Right to rectification — to have inaccurate personal data corrected or incomplete data completed.
  • Right to erasure — subject to our legal retention obligations.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent at any time, in-app via Profile → Settings → Health Data Consent, or by emailing aaron@pulse-coaching.com.
  • Right not to be subject to solely automated decision-making with significant effects.

UK residents may complain to the ICO at https://ico.org.uk. EU residents may contact their national supervisory authority. Irish residents may contact the Data Protection Commission at https://www.dataprotection.ie.

13.2 Rights Under US State Privacy Statutes

California residents have rights under the CCPA/CPRA including the right to know, to delete, to correct, to opt-out of sale or sharing (Pulse does not sell or share as defined under CCPA/CPRA), to limit use of sensitive personal information, and to non-discrimination. Residents of Colorado, Connecticut, Texas, Virginia, Utah and other states with comprehensive privacy statutes have substantially equivalent rights.

13.3 Rights Under Australian Privacy Law

Rights of access (APP 12) and correction (APP 13), and the right to complain to the OAIC at https://www.oaic.gov.au.

13.4 Rights Under Canadian Privacy Law

Rights under PIPEDA and provincial statutes (including Quebec Law 25, BC PIPA, Alberta PIPA), including access, correction, withdrawal of consent and portability where applicable. Complaints may be made to the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.

13.5 Fallback for Non-Target-Market Users (including South Africa)

South African users: POPIA may apply on the basis of its territorial reach under section 3. You have the rights set out in section 5 of POPIA including access (s 23), correction or deletion (s 24), objection (s 11(3)), and the right not to be subject to solely automated decisions (s 71). Complaints to the Information Regulator: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001; complaints.IR@inforegulator.org.za; https://inforegulator.org.za.

13.6 Exercising Your Rights

To exercise any of your rights, contact us at aaron@pulse-coaching.com. Response times: UK/EU GDPR within 30 days (extendable by up to two months); CCPA within 45 days (extendable by a further 45 days); Australian Privacy Act typically 30 days; Canadian PIPEDA within 30 days; POPIA typically 30 days. We may require adequate proof of identity before processing your request.

14. Children’s Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect Personal Information from any person under the age of 18. If you become aware that a person under 18 has provided Personal Information to us, please contact aaron@pulse-coaching.com and we will delete it as soon as reasonably practicable.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a prominent notice on the Platform and by emailing you at least 30 days before the change takes effect. Where a change involves a new purpose of processing or a new category of recipient that requires consent, we will obtain your consent before applying the change.

16. Contact Us

Pulse Coaching (TEST 1000 Inc.)
16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex
Principal place of business: 4615 Briar Oaks, Dallas, Texas, 75287
Email: aaron@pulse-coaching.com
Website: https://www.pulse-coaching.com

See also: Terms of Service