Skip to content

Privacy & Compliance

PulseID is built to help venues meet their obligations while collecting only what's needed at the door.

What's collected when someone is scanned

  • The barcode data from the ID (name, DOB, license number, issuer, expiration, address, physical description).
  • A single front-of-ID photo, compressed to a small image.
  • Scan metadata — which venue, which staff member, the timestamp, and the decision.

What is not collected

  • No facial recognition. PulseID never builds biometric face templates or face embeddings. The fake-ID check is a text comparison between the OCR-read front and the barcode — document authenticity, not biometrics.
  • No fingerprints, no data from the patron's phone, and nothing is sold or shared with advertisers or third parties.

Who can see a patron's data

Only staff at the specific venue where the patron was scanned. Flags are per-venue — a flag at one venue is never visible to another. PulseTech operators can access data to provide support or meet a legal request, and every such access is logged.

Retention & automatic deletion

Each venue sets its own retention windows in Settings:

  • Scans are deleted after the scan-retention window (default 30 days), unless the scan is tied to an active flag.
  • Flags are kept per the flag-retention window (default 1 year).

A daily job runs the cleanup automatically, removes the stored image from disk, and logs each deletion to an audit trail.

Right to delete

A patron can request deletion of their data by emailing [email protected]. PulseTech records and processes the request; an approved deletion removes the patron and all their scans and images, logged for audit.

Audit trail

PulseID logs the actions that matter for accountability: manager overrides (with reason), flag creation/edits/deletion, notice issue/revoke/delete, and retention deletions — each with who, when, and what.

Minnesota MCDPA

For Minnesota venues, PulseID supports compliance with the Minnesota Consumer Data Privacy Act (Minn. Stat. Ch. 325M): configurable retention with automatic deletion, a right-to-delete workflow, per-venue data isolation, and a public privacy policy at id.mypulsetech.com/privacy.

Note

This page describes how PulseID handles data; it is not legal advice. Consult counsel about your obligations in your jurisdiction.