Privacy Notice
MACHINEPULSE PTE. LTD.
Effective Date: 9 March 2026
Summary
Personal Data may be processed to provide Karpo, operate group interactions, provide location dependent features, process Social Media features, maintain safety and security, display advertisements, measure performance, and improve the Services (including developing and improving models where described in this Notice).
Social Media features may process (i) information provided through the Services and (ii) publicly available information retrieved from public sources when the feature is enabled.
Requests to exercise privacy rights can be submitted by email to legal@machinepulse.ai, and verification may be required.
Details for European users are set out in the European Users Notice (Section 15), which is reserved for publication.
1. Scope
1.1 This Notice applies to Personal Data processed in connection with Karpo and related consumer services, applications, websites, and features (collectively, the "Services").
1.2 This Notice does not apply to third party services not controlled by MachinePulse, even if linked or referenced in the Services.
1.3 The Services may involve automated processing to generate Outputs, detect abuse or fraud, and improve reliability and safety.
2. Definitions
2.1 Personal Data means information relating to an identified or identifiable individual.
2.2 Content means messages, prompts, inputs, conversation history, attachments, links, Social Media Information, and other materials submitted to the Services, and related metadata.
2.3 Outputs means responses, recommendations, summaries, location based outputs, or other results generated by the Services based on Content.
2.4 Precise Location Data means location information that can identify an individual's precise geographic position.
2.5 Social Media Information means information about social media accounts, profiles, posts, comments, interactions, or links provided through the Services.
2.6 Public Social Media Data means information retrieved from publicly accessible sources (for example, public profile information and public posts) when Social Media features are enabled. "Public" refers to accessibility on the source service at the time of retrieval and does not imply ownership or licensing.
2.7 Group interaction means a multi participant conversation context where Content from multiple participants may be visible in the same thread.
2.8 Third Party Services means third party websites, applications, content, products, or services not owned or controlled by MachinePulse.
3. Personal Data processed
Depending on how the Services are used, Personal Data processed may include:
3.1 Account, identity, and authentication data
Phone number or account identifiers, verification codes and timestamps, authentication status, account settings and preferences where supported.
3.2 Content and communications data
Message text, conversation history, attachments, links, Content metadata (timestamps, routing identifiers, thread identifiers), customer support communications and diagnostic information provided during troubleshooting.
3.3 Group interaction data
Messages and attachments exchanged in a group interaction where the Services are present, and limited participant related data and group metadata to the extent made available and necessary to operate group functionality and maintain safety and security.
3.4 Location data
(a) Precise Location Data when enabled and used, such as coordinates or a location pin and related timestamps; and
(b) approximate location inferred from IP address where needed for security, fraud prevention, and regional compliance.
3.5 Device, network, advertising, and log data
IP address and network attributes, device type, operating system, browser version, language, time zone, crash logs, performance metrics, security logs, and where applicable advertising identifiers and SDK or cookie identifiers used for measurement and ad delivery.
3.6 Social media data
(a) Social Media Information provided through the Services; and
(b) Public Social Media Data retrieved from publicly accessible sources when Social Media features are enabled.
3.7 Inferences and derived data
Preference signals, feature usage patterns, safety signals for fraud and abuse prevention, and content classification labels for moderation, safety, and quality assurance.
3.8 Payment and billing data (where applicable)
Subscription status, billing history, invoices/receipts, and limited payment-related data necessary for billing and accounting. Payment card details are typically processed by payment processors and are not stored in full by MachinePulse unless necessary and permitted by law.
4. Sources of Personal Data
Personal Data may be obtained from:
4.1 the individual providing Content or creating an account;
4.2 devices, browsers, and apps used to access the Services;
4.3 Third Party Services connected or enabled through the Services (subject to those services' terms); and
4.4 publicly accessible sources when Social Media features are enabled and retrieval of Public Social Media Data is requested.
5. Purposes of processing
Personal Data may be processed for the following purposes:
5.1 Provide and operate the Services
Receive, process, and respond to Content, generate Outputs, maintain functionality and continuity, and provide user requested features.
5.2 Safety, security, and integrity
Prevent, detect, and respond to abuse, fraud, and security incidents, enforce service limits and acceptable use rules, and maintain audit and security logs.
5.3 Location dependent functionality
Provide location based features and Outputs, including maps or nearby results where offered, and enable location sharing features where enabled.
5.4 Social Media functionality
Process Social Media Information and retrieve Public Social Media Data when the feature is enabled, for example to summarise, extract context, generate recommendations, or support requested personalisation.
5.5 Advertising, analytics, and measurement
Display advertisements, measure reach and performance, manage frequency, detect ad fraud, and improve measurement quality.
5.6 Improve and develop the Services
Debug, test, and improve reliability, safety, and user experience, and develop and improve models and systems, including by using Content and related data where permitted by law and subject to choices described in this Notice and applicable settings.
5.7 Compliance and legal obligations
Comply with applicable law and lawful requests, protect rights, safety, and security, and investigate and address disputes or claims.
6. Location features
6.1 Core location requirement. Certain core features require location access. If location access is disabled, those core features may not operate or may be materially limited.
6.2 Foreground location. When the Services are used actively, location may be processed to provide requested functionality.
6.3 Background or continuous location. If background or continuous tracking is offered, it is enabled only when the relevant feature is activated and may be disabled through the Services and device settings.
7. Social Media features
7.1 Two inputs. Social Media features may process:
(a) Social Media Information provided through the Services; and
(b) Public Social Media Data retrieved from publicly accessible sources when the feature is enabled.
7.2 Third party platform practices. Social media platforms process data under their own policies. MachinePulse does not control those platform practices.
7.3 Non-user data. Public Social Media Data may include information about other individuals appearing in public posts. Processing is limited to what is necessary for the enabled feature and is not intended to create profiles for those individuals for unrelated purposes.
8. Advertising, cookies, SDKs, and measurement
8.1 The Services may display advertisements provided by MachinePulse and/or third party advertising partners.
8.2 Advertising and measurement may involve processing advertising identifiers, cookie identifiers, SDK event identifiers, IP address, and related event signals to deliver ads, measure performance and attribution, detect fraud, and manage frequency.
8.3 Where required by law, consent mechanisms are used for non-essential cookies, SDKs, or similar technologies. This includes the requirement under the ePrivacy Directive for storing or accessing information on a device, unless an exemption applies.
8.4 Where required by law, non-essential cookies/SDKs may be refused or withdrawn through the relevant mechanism; some measurement and personalisation functions may be reduced as a result.
9. Group interactions and non-interacting participants
9.1 No default account attribution. Group interaction content is processed in the group context by default and is not automatically stored under an individual account profile solely because a participant is present in the group interaction.
9.2 Non-interacting participants. We do not intend to process personal information for non-interacting participants. Where an individual is present in a group interaction but does not interact with the Services directly, the Services are designed to:
(a) avoid creating an account profile for that individual;
(b) avoid linking group messages to an account; and
(c) avoid writing group content into any long term memory feature for that individual.
Limited transient processing may still occur for message delivery, abuse prevention, and security.
10. Sharing
Personal Data may be shared with the following categories of recipients:
10.1 Service providers and processors providing hosting, storage, messaging integration, model inference infrastructure, analytics, customer support tooling, and security and fraud prevention.
10.2 Advertising partners providing ad delivery, measurement, and fraud prevention services.
10.3 Affiliates where necessary to operate the Services, subject to appropriate safeguards.
10.4 Legal and safety disclosures to comply with law, lawful requests, and to protect rights, safety, and security.
10.5 Corporate transactions in connection with a merger, acquisition, financing, reorganisation, bankruptcy, or sale of assets, subject to applicable law and appropriate protections.
11. Data retention
11.1 Personal Data is retained only as long as necessary for the purposes described in this Notice, including providing the Services, maintaining safety and security, advertising measurement and fraud prevention, complying with legal obligations, and resolving disputes.
11.2 Retention periods vary by data type and purpose. Security logs and fraud prevention records may be retained longer to investigate and prevent repeat abuse. Advertising and measurement data may be retained as necessary for reporting and fraud prevention, subject to applicable law and partner requirements.
11.3 Where deletion is requested, certain records may be retained where legally required or necessary for fraud prevention, security investigations, or legal claims.
12. Controls and requests
12.1 Social Media Information control. A product control may be provided to manage Social Media features, including disabling retrieval and processing of Public Social Media Data associated with the enabled feature, and limiting retention of Social Media Information for subsequent use where supported.
12.2 Requests. Requests to exercise privacy rights may be submitted to legal@machinepulse.ai. Verification may be required.
12.3 Advertising related choices. Where applicable law requires opt out choices for certain advertising activities, mechanisms may be provided through the Services, through device settings, or via other reasonable means.
12.4 Model improvement controls. Where supported, controls may be provided to limit use of Content for service improvement, including model improvement. Requests to object to or restrict such processing may be submitted to legal@machinepulse.ai. Where an opt-out, restriction, or objection applies, MachinePulse will stop using the relevant Content for that purpose, subject to legally required exceptions (for example, security and fraud prevention).
13. International transfers
13.1 MachinePulse operates globally and Personal Data may be processed in Singapore and other countries.
13.2 Where European data transfer rules apply, appropriate safeguards are used, such as Standard Contractual Clauses and the UK International Data Transfer Addendum where applicable, together with supplementary technical and organisational measures where appropriate.
14. Security
14.1 MachinePulse maintains technical and organisational measures designed to protect Personal Data against unauthorised access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure.
15. European Users Notice (EEA, UK)
| Processing activity | Typical Personal Data | Data subjects | Lawful basis and GDPR article reference |
|---|---|---|---|
| A. Core service delivery, including location dependent core features used during active use | Content, account identifiers, location during active use, basic delivery logs | Users | Performance of a contract, Art. 6(1)(b) |
| B. Account creation and authentication | phone number or account identifier, verification codes, timestamps, account settings | Users | Performance of a contract, Art. 6(1)(b) |
| C. Group interactions | group messages and attachments, limited participant and group metadata, routing and security signals | Users and non interacting participants | Users: Art. 6(1)(b). Non interacting participants: limited transient processing for delivery and security under legitimate interests, Art. 6(1)(f) |
| D. Public Social Media Data retrieval after feature enablement | handles, profile links, public profile information, public posts and related metadata | Users, and other individuals appearing in public posts | User requested feature delivery: Art. 6(1)(b) where objectively necessary for the enabled feature. Optional ongoing retrieval or enrichment: Art. 6(1)(a) consent. For other individuals in public posts: limited processing under Art. 6(1)(f) with transparency under Art. 14 where applicable |
| E. Social Media Information provided through the Services | Social Media Information, screenshots, copied text, links | Users | Performance of a contract, Art. 6(1)(b) |
| F. Background or continuous location tracking, if offered | Precise Location Data, timestamps, related feature events | Users | Consent, Art. 6(1)(a), withdrawal under Art. 7(3) |
| G. Advertising delivery, frequency capping, measurement, anti fraud | advertising identifiers, cookie or SDK identifiers, IP address, event signals | Users | Legitimate interests, Art. 6(1)(f) for contextual ads and fraud prevention. Consent, Art. 6(1)(a) where required for non essential tracking, including under ePrivacy Art. 5(3) |
| H. Security, fraud prevention, abuse detection, enforcement of Terms | security logs, device and network data, risk signals, content classification labels | Users and non interacting participants (limited) | Legitimate interests, Art. 6(1)(f), and legal obligation, Art. 6(1)(c) where applicable |
| I. Customer support and dispute handling | support tickets, emails, chat transcripts, diagnostic info | Users | Performance of a contract, Art. 6(1)(b), and or legitimate interests, Art. 6(1)(f) |
| J. Service improvement, including model evaluation and training where used | Content, Outputs, feedback, aggregated usage metrics | Users | Legitimate interests, Art. 6(1)(f), and or consent, Art. 6(1)(a) where required for specific uses. Right to object applies when relying on legitimate interests |
| K. Legal compliance and lawful requests | account data, logs, content as necessary | Users and others where relevant | Legal obligation, Art. 6(1)(c), and or legitimate interests, Art. 6(1)(f) |
16. U.S. Users Notice
16.1 Where U.S. state privacy laws apply (including California and certain other states), disclosures of identifiers and online activity data to advertising and measurement partners for ad delivery, attribution, and fraud prevention may be treated as a "sale" or "sharing" of personal information and/or "targeted advertising" under applicable statutory definitions.
16.2 Where required, requests to opt out of sale/sharing/targeted advertising, and requests to access, delete, or correct personal information, may be submitted to legal@machinepulse.ai, and verification may be required.
16.3 Where applicable and required by law, browser or device based universal opt out signals may be honoured, and exercising opt out rights may affect availability of advertising supported features and certain personalisation.
17. Children
17.1 The Services are not intended for children under the age required by applicable law to consent to data processing.
18. Changes
18.1 MachinePulse may update this Notice from time to time. The Effective Date will be revised. Material changes may be notified through the Services or other appropriate means.
19. Contact
Privacy questions, requests, or complaints: legal@machinepulse.ai