Security & Privacy Overview

How CrowdPulse AI handles your data, your audience's responses, and your Google account.

Last updated: April 20, 2026 · Contact: support@crowdpulseai.com

    Quick reference for buyers: CrowdPulse AI is a real-time audience response platform. Audience data is stored in Google Firebase (US), processed by Anthropic's Claude API for analysis, and retained under your control — there is no automatic deletion. We do not sell data, do not share audience responses with third parties, and do not use your data or your audience's responses to train AI models. A Data Processing Agreement (DPA) is available on request.
  

1. At a Glance

Topic	Summary
Where data is stored	Google Firebase (Firestore + Cloud Storage), US region, operated by Google Cloud.
Who processes data	F&F, LLC (CrowdPulse AI) plus the sub-processors listed in §6.
AI provider	Anthropic, via the Claude API (model: Claude Haiku 4.5).
Model training	Anthropic does not train its models on API inputs or outputs by default. We do not send data to any other AI provider.
Encryption	TLS 1.2+ in transit; Google-managed AES-256 encryption at rest.
Audience identity	Audience members participate anonymously by default. A per-session random device ID is assigned. No name or email is collected unless the presenter explicitly enables the optional Contact Capture field.
Retention	Presenter-controlled. Sessions, responses, and debrief PDFs remain in the account until the presenter archives or deletes them. No automatic deletion.
DPA	Available on request to support@crowdpulseai.com.
Certifications	CrowdPulse AI does not currently hold SOC 2, ISO 27001, or HIPAA certifications. Underlying infrastructure (Google Cloud, Stripe, Anthropic) holds its own industry certifications; see §6.

2. How Audience Data Flows

A live CrowdPulse AI session has three participants: the presenter, the audience member's device, and the CrowdPulse AI backend.

The presenter opens a question, which publishes it to a session document in Firestore.
Audience members submit responses from their browser directly to Firestore over HTTPS. Each response is stored as a document in the presenter's session.
A Cloud Function trigger reads batched responses and sends them to the Claude API for synthesis. The result is written back to Firestore and displayed to the presenter and on the projector.
When the presenter closes the session and generates a debrief, a Cloud Function produces a PDF, stores it in Firebase Storage, and exposes it to the presenter via a signed URL.

Responses flow from the audience's browser → Google Cloud (Firestore) → Anthropic (for synthesis only) → Google Cloud (Firestore) → the presenter's browser. No component of CrowdPulse AI stores audience data outside Google Cloud.

3. What We Collect from Audiences

By default, audience participation is anonymous. The audience join page does not ask for a name or email. Each participating device is assigned a random identifier that exists only for the duration of the session and is not linked to any account.

Each audience response document contains:

The response content (free text, a poll selection, or a numeric rating)
A per-session random device identifier
A server-side timestamp
The session and question identifiers

Optional Contact Capture. A presenter may enable a "contact capture" question that explicitly asks for name, email, and — optionally — organization, position, or discipline. This field is clearly labeled for the audience and requires explicit submission. Contact data is stored separately from responses and is subject to the privacy model described in §4.

4. Privacy Model for Contact Capture

When a presenter enables contact capture and asks for an AI overview of the submitted fields, we apply three structural privacy protections:

Minimum sample size. The AI overview will not run until at least 5 participants have submitted. Below that floor, no summary is produced.
Independent aggregate lists. The AI receives three separate aggregate arrays — organizations, positions, and disciplines — with counts. These lists are not joined together. The AI cannot reconstruct a single participant's full profile (e.g., "the Director at Acme in Accounting").
No-attribution prompt rules. The AI is explicitly instructed never to single out individuals, even when a category has only one occurrence. Name and email are never read by the overview function.

These protections are implemented server-side in the Cloud Function and cannot be bypassed by the presenter.

5. AI Processing

CrowdPulse AI uses Anthropic's Claude API for four purposes:

Live synthesis of open-ended audience responses (summary, themes, interpretation)
Real-time coaching prompts for the presenter
Session debrief generation (cross-question synthesis into a PDF report)
Audience overview for contact-capture questions (aggregate-only, see §4)

Model: Claude Haiku 4.5 (claude-haiku-4-5-20251001).

Training: Per Anthropic's Commercial Terms and data usage policy, inputs to and outputs from the Claude API are not used to train Anthropic's models by default. CrowdPulse AI has not opted in to any training program.

Retention at Anthropic: API inputs and outputs are retained by Anthropic for up to 30 days for trust and safety monitoring, after which they are deleted. See Anthropic's Privacy Policy for current terms.

What we send to Anthropic: audience response text, the question text, and — for the debrief — speaker notes and session metadata. We do not send audience names, email addresses, or device identifiers to the Claude API.

6. Sub-Processors

The following service providers process CrowdPulse AI data on our behalf:

Provider	Purpose & Relevant Certifications
Google Cloud / Firebase	Application hosting, database (Firestore), file storage, authentication, serverless functions. SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, PCI DSS, HIPAA-eligible services. Details.
Anthropic	AI analysis, synthesis, coaching, and debrief generation via the Claude API. SOC 2 Type II. Trust Center.
Stripe	Subscription billing and payment processing. PCI DSS Level 1. CrowdPulse AI never stores full payment card numbers. Privacy.
Google Workspace (Gmail SMTP)	Outbound email (debrief sharing, account notifications) sent from noreply@crowdpulseai.com. Same Google Cloud compliance posture as above.
Cloudflare	DNS for the crowdpulseai.com domain. No audience or session data passes through Cloudflare.
Google Analytics 4	Anonymous product usage analytics on the marketing site and in-app events (e.g., "session_created"). No audience response content is sent to Google Analytics.

We will provide advance notice of any material change to this sub-processor list to customers who have requested notification. Email support@crowdpulseai.com to be added to the list.

7. Encryption

In transit: All traffic between browsers, the CrowdPulse AI backend, and our sub-processors is encrypted with TLS 1.2 or higher. The crowdpulseai.com certificate is issued by a publicly trusted certificate authority and renewed automatically.

At rest: Data in Firestore and Firebase Storage is encrypted at rest with Google-managed AES-256 keys. OAuth tokens used by the desktop application are additionally encrypted at rest on the local device using the operating system's secure storage (macOS Keychain, Windows DPAPI, or Linux libsecret).

8. Access Controls

Row-level security. Firebase Security Rules enforce that a user can only read and write data belonging to their own account. No database query can return another user's sessions, responses, or debriefs.
Authentication. Presenter accounts sign in via Apple Sign-In or Google Sign-In. CrowdPulse AI does not manage passwords.
Staff access. The founder of F&F, LLC is the sole operator with administrative access to the CrowdPulse AI infrastructure. Administrative actions on production infrastructure are authenticated through Google Cloud IAM and logged by Google Cloud Audit Logs.
Audience access. Audience members can only read public session metadata (the question being asked) and write their own response document. They cannot read other responses or any account data.

9. Retention & Deletion

Retention is presenter-controlled. Sessions, responses, and debrief PDFs remain in your account until you choose to archive or delete them. There is no automatic deletion timer. This policy gives corporate customers full control over data lifecycle and aligns with the records-retention requirements that many organizations impose on training and engagement data.

On request to support@crowdpulseai.com, we will:

Permanently delete specific sessions, responses, or debriefs you identify
Permanently delete your entire account and all associated data
Provide a copy of the data associated with your account in a standard format

When audience response data is sent to Anthropic for synthesis, Anthropic retains it for up to 30 days for trust and safety monitoring before deletion, independent of CrowdPulse AI's retention setting.

Temporary artifacts. PowerPoint files uploaded for slide conversion are deleted from our servers within approximately 60 seconds of conversion. OAuth tokens are stored on the user's device only and are not transmitted to CrowdPulse AI servers.

10. Incident Response

In the event of a security incident affecting customer data, we will notify affected customers by email at the address associated with their account without undue delay once the scope of the incident is understood. Where required by applicable law (including GDPR Art. 33 and U.S. state breach-notification statutes), notification will occur within the legally required timeframe.

Customers can report suspected security issues to support@crowdpulseai.com.

11. Google Account Integration (Desktop App)

The optional CrowdPulse AI desktop application can connect to Google Drive and Google Slides to let presenters open their existing presentations. When authorized:

We request the minimum scopes required: drive.readonly, drive.file, and Slides read access.
OAuth tokens are stored only on the user's local device, encrypted at rest.
Slide content accessed via these APIs is used solely to render the presentation in the CrowdPulse AI viewer and, for PPTX imports, to convert the file format.
Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
Presenters can revoke access at any time at myaccount.google.com/permissions.

12. Data Processing Agreement (DPA)

A Data Processing Agreement — suitable for corporate procurement review and GDPR Art. 28 compliance — is available on request. Email support@crowdpulseai.com with "DPA request" in the subject line and we will return a signed copy.

13. Compliance Posture

CrowdPulse AI is a small, focused product operated by F&F, LLC. We believe in stating our compliance posture plainly rather than implying more than we can deliver:

We do not currently hold SOC 2, ISO 27001, or HIPAA certifications for the CrowdPulse AI application itself. We rely on Google Cloud (which holds all of the above) for the underlying infrastructure.
We are not FedRAMP-authorized and CrowdPulse AI should not be used with data subject to FedRAMP controls.
We do not knowingly process Protected Health Information (PHI), payment card data, or other regulated data categories. Customers should not submit such data into audience responses or contact capture fields.

For corporate buyers whose procurement process requires vendor certifications beyond Google Cloud's inherited posture, we are happy to discuss alternatives — including an on-premises workshop engagement or a phased adoption that begins with non-regulated use cases.

14. Contact

For security questions, DPA requests, vendor questionnaires, or to report a suspected issue:

F&F, LLC (CrowdPulse AI)
Email: support@crowdpulseai.com
Website: crowdpulseai.com
Privacy Policy: crowdpulseai.com/privacy
Terms of Service: crowdpulseai.com/terms

This document describes CrowdPulse AI's security and privacy posture as of the "Last updated" date at the top of the page. It is intended as an overview for corporate and institutional buyers and supplements (but does not replace) our Privacy Policy and Terms of Service.