Last updated: 2026-05-31
This policy explains what PulseID does with the information on your ID when you are scanned at a participating location, and the choices and rights you have. The location that scanned you decides why and how long your information is used (it is the "controller"); PulseTech operates the software on that location's behalf (it is the "processor").
What PulseID is
PulseID is software used by bars, clubs, restaurants, and other age-restricted businesses to scan the PDF417 barcode on the back of a driver's license or state ID at the door. It verifies your age against the location's posted door policy, helps detect forged IDs, and helps the location keep its premises safe.
What we collect when you're scanned
- The data encoded in your ID's barcode — name, date of birth (and computed age), license/ID number, issuing state, expiration date, and the address and physical description encoded on the card.
- A single still photograph of the front of your ID, compressed to a small image.
- Metadata about the scan: which location, which staff member, the timestamp, and the door decision (admit / review / deny).
We do not create or store facial-recognition templates, faceprints, fingerprints, or any other biometric identifier; we do not perform facial-recognition matching; and we collect nothing from your phone or device. The photo of the front of your ID is kept only as a visual reference for door staff to compare against you in person — it is never converted into a biometric template.
Why we collect it
- To verify you meet the location's minimum entry age and minimum drinking age.
- To detect tampered or forged IDs by comparing the front of the ID to the barcode on the back.
- To detect a borrowed, duplicated, or "passed-back" ID being reused for entry (fraud prevention).
- To enforce that location's own flag list — warnings, bans, and trespass notices specific to that location.
- To produce an audit trail the location can show to law enforcement or regulators if needed.
De-identified statistics
The location may keep aggregate, de-identified counts — for example, how many patrons fell into each age range on a given night — that cannot be linked back to you or used to single you out. These aggregate counts contain no name, date of birth, license number, or photo, and may be retained for the location's analytics even where your individual scan record is not.
Who can see your data
Only staff at the specific location where you were scanned can see your scan and that location's flag list. A location's flags are visible only to that location and to other locations under the same ownership. We do not share your scan data, flags, ban status, or trespass status with unrelated businesses, and we operate no cross-business "banned-patron" network.
PulseTech operators (the company that runs the service) can access your data to provide support or to comply with a lawful request; every such access is audit-logged.
We never sell your data, we never share it for any other company's own purposes, and we never use it for advertising or marketing. The only outside provider that ever touches your data is the network provider described below, and only while it is in transit to us.
Where your data is stored
PulseTech hosts your data on its own dedicated servers, which we operate and control directly rather than handing it to a third-party cloud or hosting company.
The only outside provider that handles your data is the network layer that carries it to us:
- Cloudflare, Inc. — content-delivery and network-security provider. All traffic between the PulseID apps and our servers passes through Cloudflare's network, which terminates the encrypted (HTTPS/TLS) connection at its edge to filter malicious traffic before forwarding it to us. Cloudflare processes this data transiently under its Customer Data Processing Addendum (including the EU Standard Contractual Clauses for any international transfer) and does not retain or sell it.
We do not use any advertising, analytics, or marketing processors.
How long we keep your data
Retention depends on the location and on the law of the state where the location operates. As a baseline, each location sets its own retention period (by default, 30 days for scans and 1 year for flags). Scans older than that period are deleted automatically by a daily cleanup job, including the front-of-ID image, unless the scan is tied to an active flag at that location. Deletions are audit-logged.
Where state law requires it, we apply stricter rules automatically:
- Zero-retention states. In states whose law prohibits retaining scan-derived identity for age verification, PulseID does not store your name, date of birth, license number, or raw barcode after the door decision is made — the check runs and the identifying data is discarded. Only the de-identified aggregate counts described above are kept.
- Capped-retention states. In states that set a maximum retention period, your scan data is deleted by that statutory deadline even if the location configured a longer window.
Your privacy rights
Depending on the state where you live, you may have the right to know what data we hold about you and obtain a copy, to correct inaccurate data, to delete your data, and to opt out of certain automated decision-making. A growing number of states — including California, Colorado, Connecticut, Minnesota, Virginia, and others — have comprehensive consumer-privacy laws granting these rights, and several states also specifically regulate the scanning and retention of ID data. We honor verified requests to access or delete your data regardless of which state you live in.
To exercise any of these rights, email [email protected] with the location name, the approximate date/time of the scan, and (if you have it) the last four characters of the license number scanned, so we can locate your record. We will respond within the time required by your state's law (generally 45 days). Note that in zero-retention states there may be no individual record to retrieve or delete, because none was kept.
Security
We use industry-standard safeguards to protect your data, including encryption of all network traffic and access controls that limit and log who can view scan records.
Changes to this policy
We may update this policy as the product and the law evolve. The "last updated" date above reflects the current version.
Contact
Questions or requests: [email protected].