PulsitPulsit
Logga inSkapa konto

Legal

Privacy Policy

Last updated: May 2026

1. Data controller

Pulsit is a digital service developed and provided by Hillstream AB (reg. no 556963-9304), based in Stockholm. Hillstream AB is the data controller for the processing of personal data about you as a customer/practitionerand as a visitor to pulsit.se.

When you as a practitioner use Pulsit to manage your own clients' data, you are the data controller for that processing, and Hillstream AB is your data processor. This is governed by a separate data processing agreement entered into digitally when you subscribe. As the provider of the platform, Hillstream AB is your counterparty for the processing agreement.

Contact: info@pulsit.se

2. Pulsit is not a medical records system

Pulsit is a platform for bookings, communication and invoicing — nota medical records system. Never store medical records, diagnoses, sensitive health data, national identity numbers or insurance information in Pulsit. If you need that functionality, use a dedicated medical records system that is covered by applicable patient data legislation.

3. What data we collect

  • Contact details (name, email, phone, optionally company and registration number).
  • Booking information (times, services, optional free text from the client).
  • Account and billing details when you subscribe.
  • Technical information such as IP address, browser and device type.
  • Usage data about how you interact with the service.

We never ask for national identity numbers, diagnoses or insurance details.

4. Purposes and legal basis

We process data to deliver the service (contract), to communicate with you (legitimate interest), to handle invoicing (legal obligation) and to improve the product (legitimate interest). Marketing only happens with your consent.

5. Retention and storage location

Data is stored within the EU/EEA. We retain data for as long as needed for the purpose, and thereafter in line with accounting law (seven years for accounting records). On account deletion, booking rows are anonymised so that your identity is removed while the accounting record remains.

6. Recipients and sub-processors

We use the following sub-processors:

  • Supabase (database and authentication) — storage within the EU.
  • Stripe (payments) — for subscription billing.
  • Lovable (hosting provider for the platform).
  • Resend (transactional emails).

All are bound by data processing agreements and process data within the EU/EEA where possible.

7. Your rights

You have the right of access, rectification, erasure, restriction, data portability and to object to processing. You can exercise these rights directly in Pulsit under My data & GDPR, or by emailing us. You may also lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

8. Contact

Questions about this policy? Email info@pulsit.se.