Security Statement

PULSS runs on Vercel (edge and serverless functions) and Supabase (PostgreSQL database and authentication), both of which operate enterprise-grade, SOC 2-compliant infrastructure.

All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256.

User authentication is handled via Supabase Auth with secure, hashed password storage.

Access within the platform is controlled by a role-based permission system. Each user can only see and act on data within their permitted scope.

Organisation data is strictly isolated — no user can access another organisation's workspace.

We follow secure development practices including input validation, parameterised queries, and protection against common web vulnerabilities (XSS, CSRF, SQL injection).

Row-level security policies in the database enforce access controls at the data layer, independent of application logic.

File uploads are scanned and size-limited. Uploaded photos are stored in isolated, access-controlled storage buckets.

In the event of a security incident affecting your data, we will notify affected customers without undue delay and in accordance with our legal obligations under UK GDPR.

We maintain an internal incident response process to investigate, contain, and remediate security events.

If you discover a potential security vulnerability in PULSS, please report it responsibly to info@pulss.cloud before disclosing it publicly.

We will acknowledge reports within 5 working days, investigate promptly, and work with you to remediate confirmed issues.

You should: keep your login credentials secure and not share them; remove access for team members who no longer need it; use strong passwords; and report suspicious activity to us promptly.

Contact info@pulss.cloud with any security concerns.