Last updated: May 2026
Amarkal is a macOS desktop application developed and distributed by Pulso
("we", "us", "our"). This Privacy Policy explains how we collect, use, and
protect information when you use Amarkal ("the App").
We take privacy seriously. Amarkal is designed around a local-first architecture:
your business data, credentials, and API keys never leave your device or your
own cloud accounts.
Developer: Pulso, Israel
Contact: support@pulso.tools
Website: pulso.tools
This policy applies to:
- The Amarkal macOS desktop application
- The Amarkal website at pulso.tools
- License purchase flows via Gumroad and Stripe
- All third-party service integrations facilitated through the App
To validate your license and prevent unauthorized use, we store on our
infrastructure (Supabase):
- Your email address (provided at purchase)
- A SHA-256 cryptographic hash of your machine identifier
We do NOT store your machine identifier itself — only its one-way hash.
This data is used solely for license validation and cannot be used to
reconstruct your identity beyond what you provided at purchase.
All other data is stored exclusively on your device:
- OAuth tokens and API keys: stored in the macOS Keychain using
industry-standard security
- Dashboard configuration, connection settings, and cached metrics:
stored in a local SQLite database encrypted with AES-256-GCM via
Apple CryptoKit
- Preferences and app state: stored locally in standard macOS
application storage
We never receive, transmit to, or store on our servers any of your:
- API keys or OAuth tokens
- Business metrics or dashboard data
- Connected account credentials
If you enable iCloud sync, the App uses Apple CloudKit with your personal
iCloud account. Only encrypted data is synced — Pulso has no access to
your iCloud account or the data stored within it. Apple's privacy policy
governs Apple's handling of your iCloud data (apple.com/legal/privacy).
When you purchase a license through Gumroad or Stripe, those platforms
collect and process your payment information. We receive your email address
and order confirmation from these platforms to provision your license.
Gumroad's and Stripe's own privacy policies govern their data handling.
If you contact us at support@pulso.tools, we retain your email address and
the content of our correspondence to respond to your inquiry and improve
the App. Support communications are retained for up to 2 years from the
date of last contact, or until you request deletion, whichever comes first.
4. GOOGLE API SERVICES — LIMITED USE DISCLOSURE
Amarkal integrates with Google Ads via the Google Ads API. This integration
is subject to Google's requirements for applications that access Google user
data.
IMPORTANT DISCLOSURE:
Amarkal's use and transfer to any other app of information received from
Google APIs will adhere to Google API Services User Data Policy, including
the Limited Use requirements.
Specifically:
a) We only request access to Google API data that is necessary to provide
the Amarkal dashboard features you have explicitly requested.
b) We do not use Google user data to serve advertisements.
c) We do not allow humans to read Google user data unless you have given
us explicit permission to do so, it is necessary for security purposes,
or it is required by law.
d) We do not use or transfer Google user data for any purpose other than
providing and improving the Amarkal features you use, as described in
this Privacy Policy.
e) We do not sell Google user data.
f) Google data accessed through the API is processed locally on your
device and is not transmitted to Pulso's servers.
Google API Services User Data Policy:
https://developers.google.com/terms/api-services-user-data-policy
Amarkal integrates with Meta's Marketing API to display advertising data
from Facebook and Instagram Ads. Our use of Meta platform data complies
with Meta's Platform Terms and Developer Policies.
a) We only access Meta data that you have explicitly authorized through
the OAuth consent flow.
b) Meta advertising data is retrieved and stored locally on your device.
It is not shared with third parties or used for any purpose beyond
displaying your own data within Amarkal.
c) We do not use Meta data to build user profiles, target advertisements,
or engage in any activity prohibited by Meta's Platform Terms.
d) You may revoke Amarkal's access to your Meta account at any time
through your Facebook App Settings.
Amarkal integrates with TikTok Ads Manager via the TikTok Marketing API.
In compliance with TikTok's Developer Terms and stricter data requirements:
a) TikTok advertising data accessed through the API is stored exclusively
on your local device and is not transmitted to Pulso's servers or any
third parties.
b) We only request the minimum permissions necessary to display your
TikTok Ads data within the App.
c) TikTok user data is used solely for the purpose of displaying your
own advertising metrics within Amarkal.
d) We do not store, aggregate, or analyze TikTok data for any purpose
other than the service you requested.
e) You may disconnect your TikTok account at any time from within the
App, which removes locally stored tokens immediately.
Amarkal integrates with the Reddit Ads API (subject to API approval). Our
use complies with Reddit's Developer Terms:
a) We only access data that is necessary to display your Reddit Ads
metrics within Amarkal.
b) We do not scrape, store, or redistribute Reddit content or user data
beyond the advertising account data you have authorized us to access.
c) Reddit data is stored locally on your device and not transmitted to
our servers.
The following services may be connected to Amarkal. In each case, you
authorize the connection through OAuth or by entering an API key directly.
All credentials and data fetched from these services are stored locally
on your device.
Advertising & Marketing:
- LinkedIn Ads (LinkedIn Marketing API)
- Snapchat Ads (Snap Marketing API)
- Apple Search Ads (Apple Search Ads API)
- Twitter/X Ads (X Ads API)
Revenue & E-commerce:
- Stripe (Stripe API — read-only access to your account metrics)
- Shopify (Shopify Admin API)
- Klaviyo (Klaviyo API)
Developer Infrastructure:
- Vercel (Vercel API)
- Railway (Railway API)
No-Code & CMS:
- Webflow (Webflow API)
- Memberstack (Memberstack API)
Email & Newsletter:
- Beehiiv (Beehiiv API)
- Kit / ConvertKit (ConvertKit API)
Monitoring:
- Healthchecks.io (Healthchecks.io API)
- Cronitor (Cronitor API)
AI Services:
- Anthropic Claude (your own API key — stored in macOS Keychain)
Notifications:
- Slack (webhook URLs — stored locally)
- Discord (webhook URLs — stored locally)
Email Monitoring:
- IMAP (credentials stored in macOS Keychain; email content never
transmitted to Pulso servers)
For each integration, Amarkal acts solely as a local display layer for
your own account data. We do not aggregate, sell, or share data fetched
from these services. Each third-party service's own privacy policy governs
their handling of your data within their platforms.
Amarkal uses the Sparkle framework (sparkle-project.org) to check for and
deliver software updates. When Amarkal checks for updates, Sparkle sends
an HTTP request to our update server (pulso.tools/amarkal/appcast.xml).
This request may include:
- Your current Amarkal version number
- Your macOS version
- Your CPU architecture (e.g., Apple Silicon or Intel)
- Your system locale
No personal information, license data, or business data is transmitted in
update checks. You can disable automatic update checks in the App's
Settings. Sparkle's privacy documentation: https://sparkle-project.org/
We use the limited information we collect for the following purposes:
a) License validation: to verify that you have a valid Amarkal license
and to activate the App on your authorized devices.
b) Customer support: to respond to your questions and resolve issues
you report.
c) Product improvement: aggregated, non-identifiable usage patterns
may be used to prioritize features. We do not collect in-app
behavioural telemetry. Update checks via Sparkle send anonymous
version and system information as described in Section 8.A above.
d) Legal compliance: to comply with applicable law, regulation, or
valid legal process.
We apply data minimization principles throughout:
- We request only the OAuth scopes necessary to retrieve the specific
metrics displayed in Amarkal.
- We do not request write permissions to connected accounts unless a
specific feature requires it, and we disclose such requirements in
the App.
- License validation requires only an email address and machine hash —
no additional personal data.
- We do not build profiles, track behavior across sessions, or use
data for advertising.
We do not sell your personal information.
We do not share your personal information with third parties except:
a) Service providers: Supabase (license validation database hosting).
Supabase processes data on our behalf under a data processing
agreement and does not use your data for their own purposes.
b) Payment processors: Gumroad and Stripe process payments. We do not
receive or store your full payment card details.
c) Legal requirements: We may disclose information if required by
applicable law, court order, or governmental authority, or to protect
the rights, property, or safety of Pulso, our users, or others.
d) Business transfers: If Pulso is acquired or merged with another
entity, your information may be transferred as part of that
transaction. We will notify you via the email address associated
with your license.
12. GDPR — RIGHTS OF EU/EEA USERS
If you are located in the European Union or European Economic Area, the
General Data Protection Regulation (GDPR) applies to our processing of
your personal data.
- License validation: Contractual necessity (performance of the license
agreement you entered into with us).
- Support communications: Legitimate interests (responding to your
requests and improving the App).
You have the following rights regarding your personal data:
Right of Access: You may request a copy of the personal data we hold
about you.
Right to Rectification: You may request correction of inaccurate data.
Right to Erasure: You may request deletion of your personal data. Note
that deleting your license record will deactivate your license.
Right to Restriction: You may request that we restrict processing of
your data in certain circumstances.
Right to Data Portability: You may request your data in a
machine-readable format.
Right to Object: You may object to processing based on legitimate
interests.
Right to Withdraw Consent: Where processing is based on consent, you
may withdraw consent at any time without affecting the lawfulness of
prior processing.
To exercise any of these rights, contact us at support@pulso.tools.
We will respond within 30 days. You also have the right to lodge a
complaint with your local data protection authority.
We retain your email address and machine hash for as long as your license
is active plus 12 months, or until you request deletion.
Our license validation infrastructure (Supabase) may process data in the
United States. When transferring data from the EEA, we rely on Standard
Contractual Clauses or other lawful transfer mechanisms.
13. CCPA — RIGHTS OF CALIFORNIA RESIDENTS
If you are a California resident, the California Consumer Privacy Act
(CCPA) and California Privacy Rights Act (CPRA) provide you with specific
rights regarding your personal information.
In the past 12 months, we have collected the following categories:
- Identifiers: email address, machine ID hash
- Commercial information: license tier and purchase date
- We do NOT collect: sensitive personal information, biometric data,
geolocation data, or browsing/search history
We do not sell your personal information. We do not share your personal
information with third parties for cross-context behavioral advertising.
Right to Know: You have the right to know what personal information we
collect, use, disclose, and sell about you.
Right to Delete: You have the right to request deletion of personal
information we have collected.
Right to Correct: You have the right to request correction of inaccurate
personal information.
Right to Non-Discrimination: We will not discriminate against you for
exercising your privacy rights.
To exercise your rights, contact us at support@pulso.tools.
We will respond within 45 days.
We implement appropriate technical and organizational measures to protect
your personal data:
- License data: stored in Supabase with encryption at rest and in
transit (TLS 1.2+)
- Credentials in the App: AES-256-GCM encryption via Apple CryptoKit
for local SQLite storage; macOS Keychain for OAuth tokens and API keys
- Machine ID: only a one-way SHA-256 hash is ever stored on our servers
- iCloud sync: only encrypted data is transmitted; we never hold
decryption keys for your CloudKit data
No security system is perfect. In the event of a data breach involving
your personal data held by us, we will notify you in accordance with
applicable law.
Amarkal is not directed at children under the age of 16, and we do not
knowingly collect personal information from children under 16. If you
believe we have inadvertently collected such information, please contact
us at support@pulso.tools and we will delete it promptly.
We may update this Privacy Policy from time to time. When we make
material changes, we will notify you by posting the updated policy at
pulso.tools/amarkal/privacy and, where we have your email address, by
sending you a notification. Your continued use of Amarkal after the
effective date of the updated policy constitutes acceptance of the changes.
For any privacy-related questions, requests, or complaints:
Pulso
Email: support@pulso.tools
Website: pulso.tools
For EU/EEA residents who wish to escalate a complaint after contacting us,
you may contact your national data protection authority.