Skip to main content
Homer Pulse

← Home

Plain-language policy

Privacy

Last updated July 4, 2026

Homer Pulse is built by Homer locals for Homer locals and visitors. We collect as little as we can get away with. Everything below is what v2 actually does — when the site changes, this page changes.

What we collect

Things you choose to send us

When you submit a business, an event, a correction, or feedback via the Submit page, we store what you type. You can include your name and contact info, but they're optional — leave them blank and the submission is anonymous. We use contact info only to follow up about your specific submission, never for marketing or outreach.

Submissions live in a Supabase database we control. They aren't readable by other site visitors — only by site administrators reviewing the queue.

Your account (optional)

Accounts are optional — the site works without one. If you sign up (email + password, a magic link, or Google/Apple sign-in), we store your email address and standard sign-in records with Supabase, our database and authentication provider. Google/Apple sign-in gives us your email address; we don't receive your contacts, photos, or anything else from those accounts.

Things you save while signed in are stored with your account so they work across devices: hearted businesses and events, saved lists, trip plans, notification settings, and the trip preferences you set (party size, kids' ages, interests, dietary needs, budget). Preferences exist to personalize the AI features — see the next section.

We send account email only about things you did or asked for: a one-time welcome note when you sign up, status updates when an admin reviews your submission, reminders for events you saved, closure alerts for businesses you saved, and occasional product updates. Every recurring kind has its own on/off switch at /account/notifications. No marketing lists, no newsletters you didn't ask for.

Ask Pulse chat + Trip Planner (AI)

When you use the chat or the trip planner, your message — plus the relevant slice of our business/events catalog and, if you're signed in, your saved trip preferences — is sent to xAI, the company whose Grok model generates the reply. That's the one third party that processes your AI messages, and it does so to answer you, not to advertise to you.

What we keep on our servers: a usage record per message (token counts, timestamp, model, a conversation ID) for cost control and abuse prevention, plus the first ~120 characters of your message so your past-conversations page can show what each chat was about. Full transcripts stay in your browser's local storage on your device — with one exception: if you thumbs-up or thumbs-down a reply, we store that reply, the prompt that led to it, and your vote, so a human can review quality. Trip plans you generate are saved to your account until you delete them.

Chatting without an account

You can ask Pulse a few questions each day without signing up. Two things happen behind the scenes that you should know about. First, to keep bots from burning our AI budget, each anonymous message runs a quick verification by Cloudflare Turnstile in your browser — usually invisible, occasionally a checkbox. Cloudflare processes standard connection data to make that call; their Turnstile privacy notice covers the details. Second, to count your free questions, we compute a one-way scrambled code from your connection details (IP address + browser type). We store only that code — never your raw IP — and use it for exactly one thing: knowing when today's free questions are used up. Anonymous questions keep the same server records as signed-in ones (the usage record and the ~120-character snippet), and those snippets may be read by a human to improve the site's canned answers.

Affiliate links

Some partner businesses' Website buttons route through an affiliate link, meaning Homer Pulse may earn a commission if you book — at no extra cost to you. Those buttons are labeled "affiliate" right on the card, and we log the click (which business, which page it came from) so partners can see their traffic. Affiliate status never changes where a business ranks or whether it's recommended — accuracy first, always.

Partner uploads

Business owners who claim their listing can upload a logo and photos. Those are stored in our hosting and shown publicly on the listing — that's their whole purpose.

Things your browser saves locally

We use your browser's localStorage for a few preferences that should survive a refresh:

  • Whether you've chosen light or dark mode
  • Which NWS weather alerts you've dismissed
  • Your sign-in session token, if you have an account
  • Your current Ask Pulse conversation (the transcript lives on your device, not our servers)
  • If you chat without an account: a simple count of today's free questions (display only — the real limit is enforced server-side)
  • Recent searches, and a small cache of what you've hearted so pages load fast

Local storage stays on your device. We can't read it; only your browser can. Clearing your browser's site data removes it.

Things our hosting provider sees

Cloudflare Pages serves the site and sees standard request metadata — IP address, user agent, referring URL, the page you loaded. This is normal web hosting; we don't have access to these logs ourselves beyond aggregate analytics.

We use Cloudflare Web Analytics, which is cookie-free and privacy-respecting. It doesn't track you across sites, doesn't fingerprint your device, and doesn't require a consent banner. See Cloudflare's own description for the technical details.

If a page breaks, your browser sends us an error report — the error message, the page it happened on, and your browser's user-agent string — so we can fix it. Our servers keep a similar log when a request fails on our side (which endpoint, the error text). Neither kind is tied to your account, and neither contains anything you typed.

Things we fetch on your behalf

To show live conditions on the homepage, your browser calls public APIs for tide data (NOAA), weather (Open-Meteo), and active weather alerts (NWS, via a proxy we run). None of these receive any personally identifying information from us.

The map page loads Google Maps. Google sees that you visited the map page; their privacy policy covers what they do with that. If you're privacy-conscious, you can skip the map and still use the rest of the site.

Facebook data handling

When a partner business connects their Facebook Page through Homer Pulse, we receive a Page Access Token that lets us read public posts and basic page details (page ID, page name, post text, and post timestamps) from that page. We store that token encrypted, and we use this data for exactly one thing: detecting and showing operational status updates — temporary closures, schedule changes, weather closings — on that business's Homer Pulse listing.

We never share Facebook-sourced data with anyone, never use it for advertising, and never build profiles from it. Posts that aren't an operational status update are discarded and never stored. For a detected update we keep only the change itself — its type (for example, "closed today"), the dates it applies, and a link back to your original post — never the post's text.

Retention: a detected status update is kept until its end date passes, plus 90 days for audit purposes, after which it's purged automatically. A partner can disconnect their Facebook Page at any time from their business dashboard, which immediately deletes the stored access token — ending our access — and removes all Facebook-sourced data tied to that connection.

Data deletion: anyone can request immediate removal of their Facebook-sourced data by visiting /data-deletion or emailing hello@homerpulse.com. We respond within 24 hours.

What we don't do

  • We don't sell data. Ever. There's nothing to sell.
  • We don't use ad networks or trackers.
  • We don't fingerprint your device for tracking or ads. The one narrow, honest exception: anonymous chat computes a scrambled code from your connection to count your free daily questions. It can't identify you, follows you to no other site or page, and is used for nothing else.
  • We don't send marketing email. Account email is limited to things you did or asked for (submission status, event reminders, closure alerts, product updates) — each with its own off switch at /account/notifications.
  • We don't share your contact info with the businesses you submit reports about.
  • We don't let AI providers use your messages for advertising, and we don't build advertising profiles from them ourselves.

Your control

Email hello@homerpulse.com if you want to:

  • See what we've stored about you — signed-in users can also use the "Download my data" button on /account for an instant export
  • Delete your account and everything tied to it (one email; self-serve deletion is on the roadmap)
  • Delete a submission you made
  • Remove your contact info from a submission
  • Ask anything else about your data

Changes

If we change what we collect, we update this page and the date at the top. Material changes get a note on the homepage for a week.