Privacy Policy

Pulvian is a workplace signal aggregator that collects and analyses publicly available information about companies. It does not require user accounts, does not use cookies for tracking, and does not sell or share data with third parties.

Pulvian is operated as an independent project. The data controller for any personal data you submit (correction requests, alert subscriptions, waitlist sign-ups) is the individual operator of Pulvian. Contact details are available on the About page.

Legal basis for processing (GDPR Art. 6). Where you provide personal data voluntarily (e.g., an email address in a correction form), processing is based on your consent. Where we retain server logs for security, processing is based on our legitimate interest in protecting the service. You may withdraw consent at any time (see Your rights below).

Pulvian collects minimal data. Here is an exhaustive list of what we store:

• Data correction requests. If you submit a correction or removal request through the form on a company page, we store the message you write, the company it relates to, and optionally your email address if you provide one. Your IP address is stored as a one-way hash (SHA-256) solely for rate-limiting purposes and cannot be reversed to identify you.
• Company suggestion requests. If you suggest a company to be added, we store the information you provide in the suggestion form.
• Score-change alert subscriptions. If you subscribe to score-change alerts on a company page, we store your email address solely to send notifications when that company's score is updated. You may unsubscribe at any time by contacting us via the About page. Subscription email addresses are deleted within 30 days of an unsubscribe request.
• Pro waitlist and subscription enquiries. If you submit your email address via the Pro tier waitlist form on the Pricing page, we store that address to notify you when Pro access becomes available. You may withdraw at any time by contacting us.
• Server logs. Standard HTTP server logs (IP address, request path, timestamp) are retained for up to 30 days for security monitoring and then automatically deleted.

We do not use cookies, analytics trackers, or third-party scripts that monitor your behaviour. We do not create user profiles.

Providing an email address in a data correction request is optional. If you choose to provide one, it is used solely to notify you about the resolution of your request.

Email addresses associated with resolved or dismissed requests are automatically deleted within 90 days of resolution. You may request immediate deletion at any time (see Your rights below).

All company data displayed on Pulvian is derived from publicly available sources. We currently aggregate signals from:

• Glassdoor — publicly available employee reviews and ratings
• Layoffs.fyi — publicly tracked layoff events and headcount data
• Hacker News — community discussions via the Algolia HN Search API (public)
• GDELT — global news article metadata (headlines, tone, source)
• SEC EDGAR — public regulatory filings for US-listed companies
• Comparably — publicly available employee compensation, culture, and satisfaction ratings
• Trustpilot — publicly available customer review aggregates, used as a supplementary risk proxy signal
• Wikidata — structured company information (CC0 licensed)
• RSS newsroom feeds — company-published press releases and industry publications

No private, leaked, or paywalled data is used. No employee personal data is collected or displayed. Scores reflect aggregate patterns in public documents, not individual reviews or identifiable information.

Regardless of where you are located, you have the following rights regarding data you have submitted to Pulvian:

• Access. You may request a copy of any data we hold that is linked to your email address.
• Correction. You may request correction of inaccurate information you have submitted.
• Deletion. You may request deletion of your email address and any associated data correction requests at any time. We will process deletion requests within 30 days.
• Withdrawal. You may withdraw a pending data correction request at any time.
• Complaint. If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with your local data protection authority. If you are located in Turkey, you have the right to lodge a complaint with the Kişisel Verileri Koruma Kurumu (KVKK).

To exercise any of these rights, use the data correction form on any company page with subject "Privacy request", or contact us at the address listed on the About page.

• Data correction requests: retained while pending review. Email addresses deleted within 90 days of resolution.
• Alert subscription emails: deleted within 30 days of an unsubscribe request.
• IP hashes: used for rate-limiting only, not stored beyond the rate-limit window (1 hour).
• Server logs: retained for up to 30 days, then automatically deleted.
• Company data: public data is retained as long as the company is listed. If a company requests removal, their data is deleted from all snapshots and signals.

All traffic is served over HTTPS. The database is not publicly accessible. Administrative endpoints require authentication. We do not store passwords because there are no user accounts.

Pulvian is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has submitted data, please contact us for immediate deletion.

We may update this privacy policy from time to time. Material changes will be noted at the top of this page with a revised "Last updated" date. Continued use of Pulvian after changes constitutes acceptance.