PulseID Privacy Policy

Last updated: 2026-05-31

This policy explains what PulseID does with the information on your ID when you are scanned at a participating location, and the choices and rights you have. The location that scanned you decides why and how long your information is used (it is the "controller"); PulseTech operates the software on that location's behalf (it is the "processor").

What PulseID is

PulseID is software used by bars, clubs, restaurants, and other age-restricted businesses to scan the PDF417 barcode on the back of a driver's license or state ID at the door. It verifies your age against the location's posted door policy, helps detect forged IDs, and helps the location keep its premises safe.

What we collect when you're scanned

We do not create or store facial-recognition templates, faceprints, fingerprints, or any other biometric identifier; we do not perform facial-recognition matching; and we collect nothing from your phone or device. The photo of the front of your ID is kept only as a visual reference for door staff to compare against you in person — it is never converted into a biometric template.

Why we collect it

De-identified statistics

The location may keep aggregate, de-identified counts — for example, how many patrons fell into each age range on a given night — that cannot be linked back to you or used to single you out. These aggregate counts contain no name, date of birth, license number, or photo, and may be retained for the location's analytics even where your individual scan record is not.

Who can see your data

Only staff at the specific location where you were scanned can see your scan and that location's flag list. A location's flags are visible only to that location and to other locations under the same ownership. We do not share your scan data, flags, ban status, or trespass status with unrelated businesses, and we operate no cross-business "banned-patron" network.

PulseTech operators (the company that runs the service) can access your data to provide support or to comply with a lawful request; every such access is audit-logged.

We never sell your data, we never share it for any other company's own purposes, and we never use it for advertising or marketing. The only outside provider that ever touches your data is the network provider described below, and only while it is in transit to us.

Where your data is stored

PulseTech hosts your data on its own dedicated servers, which we operate and control directly rather than handing it to a third-party cloud or hosting company.

The only outside provider that handles your data is the network layer that carries it to us:

We do not use any advertising, analytics, or marketing processors.

How long we keep your data

Retention depends on the location and on the law of the state where the location operates. As a baseline, each location sets its own retention period (by default, 30 days for scans and 1 year for flags). Scans older than that period are deleted automatically by a daily cleanup job, including the front-of-ID image, unless the scan is tied to an active flag at that location. Deletions are audit-logged.

Where state law requires it, we apply stricter rules automatically:

Your privacy rights

Depending on the state where you live, you may have the right to know what data we hold about you and obtain a copy, to correct inaccurate data, to delete your data, and to opt out of certain automated decision-making. A growing number of states — including California, Colorado, Connecticut, Minnesota, Virginia, and others — have comprehensive consumer-privacy laws granting these rights, and several states also specifically regulate the scanning and retention of ID data. We honor verified requests to access or delete your data regardless of which state you live in.

To exercise any of these rights, email [email protected] with the location name, the approximate date/time of the scan, and (if you have it) the last four characters of the license number scanned, so we can locate your record. We will respond within the time required by your state's law (generally 45 days). Note that in zero-retention states there may be no individual record to retrieve or delete, because none was kept.

Security

We use industry-standard safeguards to protect your data, including encryption of all network traffic and access controls that limit and log who can view scan records.

Changes to this policy

We may update this policy as the product and the law evolve. The "last updated" date above reflects the current version.

Contact

Questions or requests: [email protected].