Security
The short version of how we protect your data. The full version is in our Privacy Policy.
Data in transit
All connections use TLS 1.2 or higher.
Data at rest
OAuth access and refresh tokens and other sensitive credentials are encrypted at rest using AES-256-GCM. The encryption key lives only in the runtime environment and never in the database.
Infrastructure
CorePulse is hosted on Vercel (compute) and Neon (database). Sub-processor details are listed in the Privacy Policy.
Billing
Payment card data is handled entirely by Stripe. CorePulse never stores card numbers or bank details.
SOC 2
Not yet certified. Target: Type II audit in 2027.
Data Processing Agreements
Available on request. Email hello@corepulse.dev.
Responsible disclosure
Found a security issue? Email hello@corepulse.dev with details and we’ll respond within 48 hours. Please don’t publicly disclose the issue until we’ve had a chance to investigate and ship a fix.