Security Commitment

Pulse API is built with security at its core. We implement industry-leading security practices to protect your sensitive documents and data throughout the entire processing lifecycle.

Compliance

ISO 27001

Information security management certification

GDPR Compliant

Full compliance with EU data protection regulations

SOC 2 Type II

Audited controls for security, availability, and confidentiality

HIPAA Compliant

Safeguards for protected health information (PHI)
For detailed compliance and security information, view our security page here.

Data Protection

Encryption

Data Retention

Data TypeRetention PeriodNotes
Uploaded files48 hoursAutomatic deletion
Extraction results48 hoursUnless saved by user
API logs30 daysFor debugging only
Audit logs1 yearCompliance requirement
Enterprise customers can configure custom retention policies to meet their compliance requirements.

Infrastructure Security

AWS Architecture

Security Features

  • DDoS Protection: AWS Shield Standard + CloudFront
  • Web Application Firewall: AWS WAF with custom rules
  • Network Isolation: VPC with private subnets
  • Access Control: IAM roles with least privilege
  • Monitoring: CloudWatch + GuardDuty threat detection

Access Control

API Authentication

  • API Keys: Unique per organization
  • Key Rotation: Supported and recommended
  • IP Allowlisting: Available for enterprise
  • Rate Limiting: Automatic abuse prevention

Administrative Access

  • Multi-Factor Authentication: Required for all staff
  • Role-Based Access Control: Principle of least privilege
  • Audit Logging: All administrative actions logged
  • Background Checks: All employees screened

Data Privacy

Our Commitments

No Training

Your data is never used to train our models

No Sharing

Data is never shared with third parties

No Persistence

Automatic deletion after processing

No Access

Staff cannot access your documents

GDPR Compliance

  • Right to Access: Export all your data
  • Right to Deletion: Immediate purge available
  • Data Portability: Standard formats
  • Privacy by Design: Built-in from day one

Security Monitoring

Real-Time Protection

  • Threat Detection: AWS GuardDuty + custom rules
  • Anomaly Detection: ML-based pattern analysis
  • Security Scanning: Continuous vulnerability assessment
  • Incident Response: 24/7 security team for enterprise

Audit Trail

All API operations are logged with:
  • Timestamp
  • API key identifier (hashed)
  • Operation performed
  • Response status
  • IP address (hashed)
Logs are retained for 30 days and are available for security investigations only.

Vulnerability Management

Security Practices

1

Code Review

All code peer-reviewed before deployment
2

Dependency Scanning

Automated scanning for vulnerable packages
3

Penetration Testing

Annual third-party security assessments
4

Bug Bounty

Responsible disclosure program (coming soon)

Update Policy

  • Critical Patches: Applied within 24 hours
  • Security Updates: Applied within 7 days
  • Regular Updates: Monthly maintenance window
  • Zero Downtime: Rolling deployments

Incident Response

Response Plan

  1. Detection: Automated monitoring + manual review
  2. Assessment: Severity classification within 1 hour
  3. Containment: Immediate isolation of affected systems
  4. Notification: Customer notification per SLA
  5. Remediation: Fix deployment and verification
  6. Post-Mortem: Published within 5 business days

Customer Notification

Enterprise customers receive:
  • Immediate notification of incidents
  • Regular status updates
  • Post-incident report
  • Remediation recommendations

Best Practices for Users

Additional Security Information

For comprehensive security details and compliance documentation, please visit our security page.

Report Security Issues

Found a security vulnerability? Please report it responsibly:
Do NOT post security issues publicly. Email us directly for coordinated disclosure.
Email: security@trypulse.ai PGP Key: Available upon request We respond to all security reports within 24 hours and work with researchers to ensure issues are properly addressed.

Next Steps