Encryption
AES-256 protects data at rest; TLS 1.3 protects credentials, survey responses, and analytics in transit. Encryption is baseline infrastructure, not a marketing checkbox.
Trust Center
Your Data,
Protected by Design
AES-256, TLS, department rollups, and RBAC guard ESS, DailyMood, pulse data, and confidential feedback.
Security principles
Defense in depth you can explain to your board
We use strong cryptography, clear product boundaries, and sound operations. The four pillars below are how we explain those controls to customers, auditors, and stewards of people data.
Anonymity
Department rollups show Employee Satisfaction Score (ESS) and mood trends without singling anyone out. Standard pulse reporting hides individual identities from managers and supports honest input.
Access control
Role-based access limits administration, configuration, and sensitive exports. Single sign-on (SSO) uses your identity provider as source of truth; audit logs trace privileged changes.
Data residency
Pulsewise runs on enterprise cloud with redundancy, monitoring, and strong vendor security programs. For region or residency needs, we can walk through options for your contract tier.
Privacy by design
How we handle anonymity, confidentiality, and aggregation
Safety is designed in so retaliation fears drop. Pulses and mood power ESS and team trends, not individuals; confidential feedback keeps forensic dimensions off line-manager ID in normal use.
Aggregation and minimum group sizes
Department and group rollups keep charts meaningful without exposing individuals. Admins tune suppression, bucketing, and thresholds at rollout for culture and works council or union expectations.
Feedback and AI analysis
Intent-weighted scoring and multi-dimensional tagging highlight patterns for action, not surveillance. Policy-based raw-text access differs from default manager views; audit logs support governance.
Retention and your instructions
Engagement, goals, kudos, and reviews need not keep data forever. Put retention, export, and deletion in your order form, privacy policy, and DPA, and align procurement so legal and IT match.
Compliance
Compliance and certifications
We align with common frameworks and regional law: some attestations are live, others are committed roadmap milestones. We state status clearly so vendor risk reviews match what is true today.
GDPR alignment
In practiceWe process personal data under GDPR as controller or processor per your agreement. We provide subprocessor documentation, transfer clauses when needed, and admin workflows for rights requests.
SOC 2 Type II
RoadmapSOC 2 Type II is on our roadmap for independent assurance of security, availability, and confidentiality. Ask for our latest timeline and interim control summaries under NDA if you need something now.
ISO 27001
RoadmapISO 27001 is planned as our ISMS matures. We follow aligned risk, access, secure development, and incident practices, and post milestones on this page as they land.
FAQ
Security questions we hear often
How does Pulsewise protect survey and pulse data?
Data is encrypted with AES-256 at rest and TLS 1.3 in transit. Pulse and engagement responses are aggregated at the department level so managers see trends, not individual identities. Administrative access is role-based and logged for accountability.
Can managers see who submitted anonymous feedback?
No. Anonymous and confidential feedback workflows are designed so line managers cannot map comments to named individuals. Authorized administrators may have broader visibility according to your configuration and policy, and we document those boundaries during onboarding.
Where is Pulsewise data hosted?
We use enterprise-grade cloud infrastructure with strong physical and network controls. Regions and residency options can be discussed with our team for eligible plans so your organization can align with internal policy.
How do I request a data processing agreement or security review?
Email [email protected] with Security or DPA in the subject. Include your company name, approximate seat count, and any questionnaire or vendor form you need completed. We route enterprise security requests to the right owner and respond in order of urgency.
What happens if there is a security incident?
We maintain incident response procedures aligned with common practice: containment, investigation, remediation, and notification where required by law or contract. Customers with active agreements receive contact paths for reporting concerns and coordinating response.
See Pulsewise with your security team
Book a demo to walk through architecture, anonymity defaults, and how ESS, feedback, goals, and reviews stay connected without sacrificing trust. We welcome IT and legal on the call.