Pulse

Terms of Service

Last updated: 18th March 2026

1. About Pulse

Pulse (“Pulse”) is a digital feedback and insight platform designed to help organisations capture real-time feedback, recognise staff, and improve service quality.

Pulse is an added-value tool and is intended to complement — not replace — existing organisational processes, including:

  • Safeguarding procedures
  • Complaints processes
  • Supervision and performance management
  • Quality assurance frameworks

2. Role of Pulse

Pulse enables:

  • Collection of real-time feedback via QR codes and digital links
  • Aggregation of feedback into insights and trends
  • Recognition and positive reinforcement of staff
  • Identification of development opportunities

Pulse does not replace:

  • Formal complaints handling
  • Safeguarding reporting
  • Managerial decision-making
  • Professional judgement

Organisations remain fully responsible for how feedback is interpreted and acted upon.

3. Safeguarding & Appropriate Use

Pulse must not be used as a substitute for raising safeguarding concerns or formal complaints.

Organisations must:

  • Maintain clear and accessible safeguarding and complaints procedures
  • Ensure users understand when to use Pulse versus formal channels
  • Implement processes to triage and escalate critical feedback appropriately

Pulse may support early visibility of issues; however, all safeguarding and risk decisions remain organisation led.

4. Data Protection & Privacy

Pulse operates in accordance with UK GDPR and applicable Data Protection legislation.

The organisation is responsible for identifying and documenting the lawful basis for processing personal data (e.g. Public Task, Legitimate Interests, or Consent, as applicable).

4.1 Data Processing

Pulse may process:

  • Feedback responses (ratings and comments)
  • Staff identifiers (where applicable)
  • Usage and interaction data

4.2 Data Roles

  • The organisation is the Data Controller
  • Thankyu (trading as Pulse) acts as the Data Processor

4.3 Access & Permissions

Access is controlled via a role-based permissions system, ensuring:

  • Only authorised users can view identifiable information
  • Sensitive data is appropriately restricted
  • Audit logs are maintained

4.4 Anonymisation

  • Data may be anonymised or aggregated for reporting
  • No identifiable personal data is shared externally without consent

4.5 Cyber Security

  • Pulse is certified to Cyber Essentials, ensuring appropriate controls for data security and infrastructure management. Further information: www.ncsc.gov.uk
  • Our ICO Security number: CSN1278605

Security measures include:

  • Encryption in transit (TLS 1.2 or higher)
  • Encryption at rest
  • Role-based access controls
  • Access logging and monitoring

4.6 DPIA

Organisations may be required to complete a Data Protection Impact Assessment (DPIA) prior to implementation. Pulse provides a template to support this process; however, responsibility for completion and approval remains with the organisation.

4.7 Data Subject Rights

Individuals have rights under UK GDPR, including the right of access, rectification, erasure, restriction, and objection to processing.

The organisation, as Data Controller, is responsible for responding to such requests.

Pulse, as Data Processor, will support the organisation in fulfilling data subject rights requests where required, in accordance with the Data Processing Agreement.

4.8 Data Retention

Data processed through Pulse is retained in line with organisation-defined retention policies.

Pulse provides functionality to support:

  • Configurable retention settings (where applicable)
  • Deletion or anonymisation of data upon request

The organisation remains responsible for defining and managing retention periods in accordance with legal and regulatory requirements.

4.9 Security Incident Management

Pulse maintains processes for the detection and management of security incidents.

In the event of a personal data breach, Pulse will notify the organisation without undue delay.

The organisation, as Data Controller, remains responsible for assessing and reporting breaches to the Information Commissioner's Office (ICO) and affected individuals where required.

4.10 Special Category Data

Pulse is not designed to actively collect special category data. However, such data may be incidentally provided through free-text feedback.

The organisation is responsible for ensuring that appropriate lawful basis and safeguards are in place where such data is processed.

5. Data Ownership & Use

5.1 Data Ownership

All data collected through Pulse remains the property of the organisation and/or individual to whom the data relates.

5.2 Use of Data

Data collected through Pulse may be used:

  • By the organisation, to support management insight and service improvement
  • By individual users, to understand and improve their own performance
  • By Pulse, for the following purposes:
    • Platform operation, support and service delivery
    • Improvement of system functionality and user experience
    • Aggregated, anonymised analysis to support sector insights and benchmarking

5.3 Anonymised Insights

Pulse may use anonymised and aggregated data:

  • To provide benchmarking insights to organisations
  • To support sector-wide improvement
  • For product development and marketing purposes

No identifiable personal data will be shared externally.

6. Use of Sub-processors

Pulse may engage trusted sub-processors (e.g. cloud hosting and infrastructure providers) to support delivery of the platform.

All sub-processors are subject to appropriate contractual obligations and data protection requirements.

A list of sub-processors is available on request.

Pulse remains responsible for the performance and compliance of its sub-processors.

Organisations will be notified of any material changes to sub-processors.

7. Confidentiality & Content Management

Organisations are responsible for:

  • Managing confidential or sensitive information
  • Ensuring appropriate internal review of feedback
  • Applying context and professional judgement

Pulse provides visibility tools but does not validate the accuracy, context or intent of feedback.

8. Moderation, Validation & Fair Use

Pulse includes features to support:

  • Pattern detection and anomaly identification
  • Mitigation of misuse or “gaming”
  • Optional validation mechanisms

However:

  • Feedback represents subjective input
  • Organisations must apply judgement before acting

9. Insights, Reporting & Benchmarking

Pulse may generate:

  • Individual and team-level insights
  • Trend analysis
  • Aggregated benchmarking data

All benchmarking data will be:

  • Non-identifiable
  • Used to support continuous improvement

10. Learning & Development (LMS Access)

Pulse may include optional access to training and development resources.

  • These features are intended to supplement, not replace, existing LMS or compliance systems
  • Organisations retain full control and may enable, restrict or disable access

11. Club Access

Pulse may include access to Club benefits and services.

  • Organisations retain full control and may enable, restrict or disable access

12. Responsibilities of the Organisation

Organisations agree to:

  • Use Pulse responsibly and ethically
  • Ensure alignment with internal policies and procedures
  • Maintain safeguarding and compliance processes
  • Control access and permissions appropriately
  • Apply professional judgement to all insights

13. Limitation of Liability

Pulse is provided as a support tool.

Pulse is not responsible for:

  • Decisions made based on feedback
  • Misinterpretation of data
  • Failure to follow safeguarding, regulatory or internal processes

14. Suspension & Misuse

Accounts may be suspended or terminated if:

  • The platform is misused
  • Data protection obligations are breached
  • Fraudulent or malicious activity is identified

15. Contact & Support

For support or queries: help@pulse-app.co.uk