Privacy & Security Policy

DoraPulse collects only one category of personal data: the work email address you voluntarily enter when downloading a Triage Audit Record PDF. This email address is used solely for the purposes described in Section 2 below.

We do not use tracking pixels, third-party analytics cookies, or session-recording tools. We do not collect IP addresses beyond those captured in standard server access logs (which are retained for a maximum of 30 days and are not linked to individual user profiles).

We do not collect, process, or store any incident data you input into the calculator. This data is processed exclusively within your browser and discarded when you close the page.

Your email address is collected for the following purposes:

• To send you product announcements, feature updates, and regulatory guidance from DoraPulse.
• To notify you of material changes to the DORA classification thresholds or reporting requirements that may affect your compliance posture.
• For internal business analytics regarding product usage (e.g., how many MAJOR vs. MINOR classifications are generated).

Your email address is never sold to, shared with, or transferred to third parties for their own marketing purposes.

The processing of your email address is based on your consent as defined under Article 6(1)(a) of the General Data Protection Regulation (EU) 2016/679 (GDPR). By entering your email address and clicking "Download Audit Record PDF," you consent to receiving commercial communications from DoraPulse.

You have the right to withdraw this consent at any time by clicking the unsubscribe link in any email we send, or by contacting us directly at the address in Section 7.

DoraPulse operates in compliance with French Law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, as amended (the "Informatique et Libertés" law), and the guidelines of the Commission Nationale de l'Informatique et des Libertés (CNIL).

In accordance with CNIL guidelines, we do not deploy tracking pixels or behavioral analytics cookies without explicit, prior consent. We do not process any special categories of personal data as defined under GDPR Article 9.

You may exercise your rights of access, rectification, erasure, portability, and restriction of processing by contacting us using the details in Section 7. You also have the right to lodge a complaint with the CNIL (cnil.fr).

Email addresses collected via the PDF download form are stored securely using industry-standard encryption at rest and in transit. We use reputable form and data processing services that are contractually bound to process data only on our behalf and in accordance with GDPR requirements.

We retain email addresses for a maximum of 3 years from the date of collection, or until you request erasure, whichever comes first.

No incident classification data, operational metrics, or financial entity information is stored on our infrastructure at any time, as all such processing occurs client-side.

Your email address may be processed by our service providers within the European Economic Area (EEA) or in countries that the European Commission has recognised as providing adequate data protection. Any transfer outside these jurisdictions is governed by Standard Contractual Clauses (SCCs) as approved by the European Commission.

DoraPulse is operated as an independent software product. For all data protection enquiries, requests to exercise your rights, or to opt out of communications, please contact us at:

We may update this policy to reflect changes in our practices, legal requirements, or product features. We will notify you of material changes via email (if we hold your address) and by updating the "Last updated" date at the top of this page. Continued use of DoraPulse after a change constitutes acceptance of the updated policy.