Security

Hardened by default. Audit-ready by design.

Operations data is some of the most sensitive a business holds. PULSE was built to look after it, every layer, every request, every change.

Schema-per-tenant isolation

Every workspace lives in its own database schema, set per request via Postgres search_path. Cross-tenant access is impossible by construction, not by convention.

Mandatory 2FA

Two-factor authentication is required for every user, with trusted-device support, account lockout, password expiry, and self-service password reset.

Separated control plane

Platform staff sign in to a fully separate control plane with its own auth, session cookie, RBAC, and step-up authentication. Support access is time-boxed and fully audited.

Append-only audit

Every privileged action is logged to an append-only table, enforced at the database layer with a trigger, not just permissions. Correlation IDs let us trace a request end to end.

Daily snapshots, real retention

Per-schema snapshots stream to encrypted object storage every day, retained on a 14‑daily / 8‑weekly / 6‑monthly schedule, with tested restore tooling and a documented runbook.

AI safety layer

Every model call is metered, quota-bounded per workspace, and routed through per-tenant vector stores. Porter answers respect role-based access; AI output paths cannot perform privileged actions.

Operational guarantees

What we do today, in plain language.

Controls in place

  • TLS 1.2+ in transit; per-tenant encryption for sensitive integration secrets at rest
  • Mandatory 2FA, trusted devices, account lockout, password expiry
  • Step-up auth for sensitive admin actions, typed confirmation for destructive ones
  • Append-only audit enforced at the database trigger layer
  • Daily per-schema snapshots to object storage (14d / 8w / 6m retention)
  • Configurable authentication policies and SSO (SAML / OIDC) on Enterprise
  • Centralised event logging with correlation IDs and a health dashboard
  • Dependency CVE sweeps via pip-audit with an explicit accepted-risks register

What we tell you

  • Every change you or our staff make is auditable
  • Where your data is hosted (region selectable at sign-up)
  • Which integrations have access to what data
  • How to export everything in standard formats if you ever leave
  • Who on our side accessed your workspace, and why
  • A documented restore runbook with verifiable snapshot checksums

We don't claim certifications we haven't earned. If you need ISO 27001 or SOC 2 attestation, ask us where we're up to and we'll be straight with you.

Frequently asked

Questions, answered straight

Is PULSE multi-tenant safe?

Yes. Every workspace lives in its own database schema with request-time scoping. Cross-tenant access is impossible by construction, not by convention.

Where is data hosted?

In the region you select at sign-up. Backups are encrypted at rest and retained per your plan.

Is two-factor authentication required?

Yes, mandatory for every user. Step-up auth is required for sensitive admin actions and typed confirmation is required for destructive ones.

Do you have an audit trail?

Yes. Every privileged action is logged to an append-only table, enforced at the database layer with a trigger, not just permissions.

Can platform staff see our data?

Only with time-boxed, fully audited support access. The control plane is fully separated from your tenant workspace.

Want the security pack?

We'll send you the deeper details, architecture, controls, and our incident-response playbook.

Get in touch