Skip to main content
Pulse is built for production document workflows where source files may contain sensitive commercial, financial, legal, healthcare, or personal data. This page collects the security and compliance topics that should be visible before a team goes live.

Security Page

Review current compliance, security, and trust materials.

Trust Center

Access Pulse trust, security, and compliance documentation.

Custom Storage

Store extraction artifacts in your own cloud storage bucket.

Platform Security

AreaPulse behavior
AuthenticationPlatform users authenticate through the Pulse app. API calls use API keys created from the Platform.
API keysKeys should be stored server-side and rotated when they are no longer needed.
TransportAPI traffic should be sent over HTTPS to https://api.runpulse.com.
Data useCustomer documents are not used to train models.
RetentionExtraction artifacts are retained for a limited period unless your organization uses custom storage or a contracted retention policy.
Access controlPlatform access is scoped by organization and user role.

Compliance

Pulse maintains security and compliance controls for enterprise document processing. The introduction should stay focused on product onboarding; compliance belongs here and in formal trust materials.

SOC 2

Audited controls for security operations.

ISO 27001

Information security management controls.

HIPAA

Healthcare data workflows when covered by the right agreement.

GDPR

Privacy controls for EU personal data workflows.
Compliance commitments depend on your agreement and enabled product configuration. Use the public security page or contact Pulse for the latest formal documentation.

API Key Handling

Use API keys from server-side code only. 
export PULSE_API_KEY="..."

import os
from pulse import Pulse

client = Pulse(api_key=os.environ["PULSE_API_KEY"])
Do not embed API keys in browser code, mobile apps, public notebooks, or client-side demos. For browser-facing applications, call your own backend and have the backend call Pulse.

Storage Options

Pulse supports two common storage patterns:
PatternUse when
Pulse-managed storageYou want the simplest setup and standard retention behavior.
Bring Your Own StorageYou need artifacts written to your AWS, GCP, or Azure storage environment.
See Custom Storage Overview for BYOS setup details.

Production Checklist

  • Store API keys in a secret manager.
  • Use separate keys for development and production.
  • Keep storage enabled for chained workflows.
  • Use BYOS if your team requires direct ownership of extraction artifacts.
  • Use async processing and webhooks for long-running jobs.
  • Log job_id, extraction_id, schema_id, and split_id for traceability.
  • Avoid storing source documents longer than your policy requires.
  • Build retry handling around documented API errors.

Authentication

Create and use API keys safely.

Error Handling

Build resilient production integrations.

Webhooks

Receive async job notifications securely.

Bring Your Own Storage

Configure custom artifact storage.