Privacy Policy

This Privacy Policy explains how Pulse Axis Medical Device Consulting (“Pulse Axis”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information in connection with our website and consulting services.

1. Scope & Who We Are

Pulse Axis Medical Device Consulting provides professional services including regulatory strategy and submissions, quality system development, human factors engineering, non-clinical bench testing, and project management for medical devices. This policy applies to our public website at pulseaxismedicaldeviceconsulting.com, related microsites, and any client portals we host. It covers visitors, prospective clients, and clients. Additional terms may apply to specific engagements.

2. Information We Collect

2.1 Information you provide

  • Contact details (e.g., name, company, email, phone) when you book a consultation, download materials, or contact us.
  • Project information you choose to share to scope work (e.g., device description, intended use, regulatory questions). Avoid uploading confidential or regulated data unless requested under a signed agreement.
  • Account credentials for client portals (name, email, hashed password). We never store plaintext passwords.
  • Communications such as emails and messages sent to us.

2.2 Information collected automatically

  • Device & usage data: IP address, approximate location, browser/OS, pages viewed, referral URLs, timestamps, and similar diagnostics for security (fraud/abuse prevention), performance, and analytics.
  • Cookies & similar technologies: small files used to operate the site, remember preferences, and measure usage. See Cookies, Analytics & GPC.
  • Server logs & security events: access logs, rate-limit events, and error logs used to maintain availability and defend against attacks.
We collect IP addresses and other technical identifiers to protect our services and prevent abuse. We do not sell or share personal information for cross-context behavioral advertising.

2.3 Information from third parties

  • Lead sources (e.g., referrals, conference sign-ups).
  • Vendors we use to deliver services (e.g., secure file exchange, video meetings) may provide metadata about interactions.

3. How We Use Information

  • Provide, operate, and secure our website, client portals, and services.
  • Respond to inquiries; schedule consultations; prepare proposals and statements of work.
  • Perform our contracts with clients and manage accounts, invoicing, and support.
  • Comply with legal obligations and enforce our agreements.
  • Improve usability, quality, and reliability of our site and services.
  • Send service messages (e.g., account notices, security alerts). We send marketing messages only with appropriate consent or as permitted by law, and you can opt out at any time.

4. No “Sale” / No Cross-Context Ads

We do not sell personal information and we do not share personal information for cross-context behavioral advertising as defined by applicable US privacy laws (e.g., California, Colorado, Connecticut, Virginia, Utah). If our practices change, we will update this policy and provide required rights and controls.

  • Contract – to deliver requested services.
  • Legitimate interests – to secure and improve our services, prevent fraud, and understand site performance (balanced against your rights).
  • Consent – for optional analytics or marketing where required; you may withdraw consent at any time.
  • Legal obligation – to comply with applicable laws and respond to lawful requests.

6. Disclosures & Service Providers

We disclose personal information to:

  • Service providers/Processors under contract who act on our instructions (e.g., hosting, security, email, scheduling, video conferencing, file transfer). We require appropriate confidentiality, security, and data-processing terms.
  • Professional advisors (e.g., legal/accounting) under confidentiality.
  • Authorities when required by law or to protect rights, safety, and security.
  • Business transfers in the event of a reorganization, merger, or acquisition, consistent with this policy.

We do not permit our processors to use personal information for their own independent purposes.

7. Cookies, Analytics & Global Privacy Control (GPC)

  • Strictly necessary cookies: required for core functionality (authentication, security, load balancing). These cannot be disabled via our banner.
  • Performance/analytics cookies: help us understand visits and improve the site. These are optional and used only with your consent where required.
  • Do Not Track & GPC: where feasible, we honor the GPC signal as a request to opt out of any data sharing that could be construed as “sale” or “sharing.”

You can manage cookies via our banner (where present) and through your browser settings. Disabling some cookies may impact site functionality.

8. Security & Our IT Policies

We use administrative, technical, and physical safeguards appropriate to the nature of the data we process. Highlights from our internal IT & security policies include:

  • Access control: least-privilege access; role-based permissions; periodic access reviews; MFA for administrative systems.
  • Encryption: TLS in transit; industry-standard encryption at rest for hosted services and backups where available.
  • Secure development & change management: code review, dependency monitoring, vulnerability remediation, and documented deployment procedures.
  • Endpoint protection: hardened devices, OS patching, disk encryption, and automatic screen-lock.
  • Email & phishing protection: SPF, DKIM, DMARC; user awareness; restricted link/attachment handling.
  • Vendor management: security and privacy due diligence; DPAs and BAAs where appropriate.
  • Incident response: documented plan covering identification, containment, investigation, notification, and post-mortem improvement.
  • Backups & continuity: scheduled backups, recovery testing, and continuity procedures for critical services.
  • Acceptable use: restrictions on storing regulated or client-confidential data outside approved systems; no public repositories for client materials.
No method of transmission or storage is 100% secure. If we learn of a security incident affecting your data, we will notify you in accordance with applicable law and contractual commitments.

9. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this policy, including providing services, meeting legal/contractual obligations, resolving disputes, and enforcing agreements. When retention is no longer required, we delete or irreversibly de-identify the data.

10. PHI & HIPAA Notice

We are a professional services firm and are not a HIPAA covered entity. We act as a Business Associate only when engaged under a contract that includes a Business Associate Agreement (BAA). Do not send Protected Health Information (PHI) through our general website forms or email. If a project requires PHI, we will provide approved secure channels and a signed BAA before receiving PHI.

11. Your Privacy Rights

Depending on your location, you may have rights to:

  • Access and obtain a copy of your personal information.
  • Correct inaccurate or incomplete information.
  • Delete your personal information, subject to exceptions.
  • Portability of certain information.
  • Object or restrict certain processing (e.g., analytics or marketing).
  • Withdraw consent where processing is based on consent.
  • Appeal a decision (for certain US state laws).
  • Non-discrimination for exercising your rights.

To exercise rights, email privacy@pulseaxismedicaldeviceconsulting.com. We will verify your request and respond within the timeframe required by law. Authorized agents may submit requests where permitted.

California (CPRA) disclosures

  • No “sale” or “sharing” of personal information for cross-context behavioral advertising.
  • Sensitive personal information (if any) is processed only for permitted purposes and not for inferring characteristics.
  • We publish the categories of personal information collected in the past 12 months upon request.

12. International Transfers

We operate in the United States. If we transfer personal information internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) and implement supplementary measures as needed.

13. Children’s Privacy

Our website and services are directed to professionals and are not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child provided us information, contact us to delete it.

14. Changes to This Policy

We may update this policy to reflect operational, legal, or regulatory changes. We will post the updated version with a new “Last updated” date and, where required, provide additional notice.

15. Contact Us

Questions or requests? Contact our privacy team:

If you received an email that looks like it came from us but you did not request or expect it, please ignore the message and do not click any links. Forward suspicious emails to security@pulseaxismedicaldeviceconsulting.com.