Privacy Policy
Last Updated: February 2026
Overview
Pulse Endpoint is a client-side macOS application that monitors system performance metrics locally on your device. We are committed to collecting the minimum amount of data necessary to operate the software and enforce licensing. This policy explains exactly what data Pulse Endpoint collects, what it does not collect, and how we handle the limited data we do receive.
1. What Pulse Endpoint Collects Locally
Pulse Endpoint collects the following system performance metrics on each device where it is installed:
- CPU usage, load averages, and thermal state
- Memory utilization, pressure levels, and swap usage
- Disk read/write operations and utilization
- Network traffic (bytes and packets in/out)
- GPU utilization
- Battery level, power source, and charging status
- Running process names, process IDs, parent process IDs, and associated usernames
- System information including hostname, macOS version, hardware model, and uptime
This data is stored locally on your device in JSONL format at ~/Library/Application Support/Pulse Endpoint/metrics/ and is subject to configurable retention and size limits. Pulse Endpoint does not transmit this data to Qlab Software. It is only sent to destinations you explicitly configure (e.g., a Splunk HEC endpoint), over HTTPS.
2. What Qlab Software Receives
After a valid license key is activated, Pulse Endpoint sends a lightweight heartbeat to our licensing server (licensing.pulseformac.dev) once every 24 hours over HTTPS. This heartbeat is used solely for device visibility, fleet management, and license seat counting.
The heartbeat contains only the following:
| Field | Purpose |
|---|---|
| License email | Identify the licensed organization |
| Hashed device ID | HMAC-SHA256 of hardware UUID — the raw UUID is never transmitted. Used for seat counting. |
| App version | Support and update tracking |
| License type | Tier identification (e.g., Trial, Pulse 250) |
The heartbeat is fire-and-forget and never blocks the application. If the licensing server is unreachable, all monitoring functionality continues to operate normally. A non-blocking informational banner appears after 30 days of no connectivity.
3. What We Do NOT Collect
Qlab Software does not collect, receive, store, or have access to:
- Performance metrics (CPU, memory, disk, network, GPU, power data)
- Process lists or running application data
- User activity, keystrokes, screenshots, or browsing data
- IP addresses
- Device serial numbers or hostnames
- Files, documents, or personal content
- Analytics, telemetry, or usage tracking of any kind
Heartbeat data and metrics data are entirely separate. No performance metrics, process information, or system telemetry is included in heartbeat transmissions.
4. License Validation
License validation is performed entirely offline on your device using RSA cryptographic signature verification. Your license key is never sent to a server for validation. The key is stored locally in macOS UserDefaults, protected by file system permissions and FileVault disk encryption when enabled.
5. Data Security
In Transit
All heartbeat communications use HTTPS with TLS 1.2 or higher. macOS App Transport Security enforces certificate validation and prevents plaintext fallback.
At Rest
Heartbeat data stored on Qlab Software's servers is encrypted at rest using AES-256 encryption. Local metrics data is protected by macOS file system permissions and FileVault disk encryption when enabled.
6. Data Retention
Heartbeat data is retained for as long as your license is active plus 90 days after expiration, after which it is automatically deleted. Local metrics data retention is configurable within the application and subject to the limits you set.
7. Third-Party Services
Pulse Endpoint does not embed any third-party analytics, advertising, or tracking SDKs. The only external communication is the heartbeat described in Section 2, and any upload destinations you explicitly configure (e.g., Splunk HEC endpoints).
8. Your Rights
You may request deletion of your heartbeat data by contacting us at support@pulseformac.com. Upon receiving your request, we will delete all heartbeat records associated with your license email within 30 days.
If you are located in the European Economic Area (EEA) or California, you may have additional rights under GDPR or CCPA, including the right to access, correct, or delete your personal data. Contact us to exercise these rights.
9. Children's Privacy
Pulse Endpoint is enterprise software designed for organizational use. It is not directed at individuals under the age of 16, and we do not knowingly collect data from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy periodically. Continued use of the Software after changes constitutes acceptance of the revised policy.
11. Contact
For questions about this Privacy Policy or to exercise your data rights, contact:
Qlab Software
Email: support@pulseformac.com
Website: pulseformac.com
Copyright 2026 Qlab Software. All rights reserved.