Security at Pulsepath

At Pulsepath, security isn't an afterthought — it's baked into our architecture, our processes, and our culture. We understand that you're trusting us with sensitive customer data, and we take that responsibility seriously.

Data Encryption

In transit: All data transmitted between your systems and Pulsepath is encrypted using TLS 1.2 or higher. We enforce HTTPS on all endpoints and use HSTS headers to prevent downgrade attacks.

At rest: All stored data is encrypted using AES-256 encryption. Database backups and log files are also encrypted at rest.

Infrastructure

Pulsepath is hosted on Railway, which runs on AWS infrastructure. Our infrastructure benefits from AWS's world-class physical security, network security, and compliance certifications. Key infrastructure practices include:

• Isolated application environments with strict network boundaries
• Automated deployments with zero-downtime rolling updates
• Regular infrastructure patching and vulnerability scanning
• Automated backups with point-in-time recovery

Access Controls

We follow the principle of least privilege across our organization:

• Multi-factor authentication required for all team members
• Role-based access controls for internal systems
• Regular access reviews and audit logging
• No customer data access without explicit authorization and audit trail

Data Retention

We retain customer conversation data only as long as necessary to provide the Service and generate insights. You can request deletion of your data at any time. When data is deleted, it is permanently removed from our active systems within 30 days and from backups within 90 days.

Incident Response

We maintain a documented incident response plan that includes:

• 24-hour monitoring and alerting for security events
• Defined escalation procedures and response timelines
• Post-incident review and remediation processes
• Notification of affected customers within 72 hours of a confirmed breach

Responsible Disclosure

We welcome responsible security research. If you discover a potential vulnerability in our systems, please report it to security@pulsepath.ai. We ask that you:

• Give us reasonable time to investigate and address the issue before public disclosure
• Avoid accessing or modifying other users' data
• Act in good faith to avoid disruption to our services

We will acknowledge your report within 48 hours and work with you to understand and resolve the issue.

Questions?

If you have questions about our security practices, please reach out to security@pulsepath.ai.