Security
Last updated: March 14, 2026
Our Security Commitment
At Core Pulse, security is our top priority. We are committed to protecting your data and maintaining the confidentiality, integrity, and availability of our services. We implement industry-leading security practices and continuously monitor and improve our security posture.
1. Data Encryption
In Transit
All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This ensures that your data cannot be intercepted or read by unauthorized parties during transmission.
At Rest
Sensitive data stored in our databases is encrypted using AES-256 encryption. This ensures that even if our servers are compromised, your data remains protected.
2. Authentication & Authorization
OAuth 2.0
We use OAuth 2.0 for secure user authentication. This eliminates the need to store passwords and reduces the risk of credential theft.
Session Management
User sessions are managed securely with HTTP-only cookies that cannot be accessed by JavaScript. Sessions expire automatically after a period of inactivity.
Role-Based Access Control
We implement role-based access control (RBAC) to ensure users can only access resources and perform actions appropriate to their role.
3. Infrastructure Security
Secure Hosting
Core Pulse is hosted on secure, redundant infrastructure with DDoS protection, firewalls, and intrusion detection systems.
Database Security
Our databases are protected with strong access controls, encryption, and regular backups. Database connections use SSL/TLS encryption.
Network Security
We use firewalls, VPNs, and network segmentation to protect our infrastructure from unauthorized access and attacks.
4. Application Security
Secure Development
We follow secure coding practices and conduct regular code reviews to identify and fix security vulnerabilities before they reach production.
Input Validation
All user input is validated and sanitized to prevent injection attacks, XSS, and other common web vulnerabilities.
CSRF Protection
We implement CSRF tokens to protect against cross-site request forgery attacks.
Security Headers
We implement security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options to prevent various attacks.
5. Payment Security
Payment processing is handled securely through Stripe, a PCI DSS Level 1 compliant payment processor. We never store full credit card information on our servers.
- PCI DSS Compliance through Stripe
- Tokenization of payment methods
- Secure webhook verification
- Encrypted transaction logging
6. Monitoring & Incident Response
24/7 Monitoring
We continuously monitor our systems for suspicious activity, anomalies, and potential security threats.
Incident Response Plan
We have a documented incident response plan in place to quickly identify, contain, and remediate security incidents.
Security Audits
We conduct regular security audits and penetration testing to identify and address vulnerabilities.
7. Compliance & Standards
Core Pulse complies with industry standards and regulations:
- GDPR - General Data Protection Regulation
- CCPA - California Consumer Privacy Act
- PCI DSS - Payment Card Industry Data Security Standard
- ISO 27001 - Information Security Management
- SOC 2 - Service Organization Control
8. User Security Best Practices
While we implement strong security measures, you can also take steps to protect your account:
Use Strong Passwords
Use unique, complex passwords for your Core Pulse account.
Enable Two-Factor Authentication
Use two-factor authentication when available to add an extra layer of security.
Keep Software Updated
Keep your browser and operating system updated with the latest security patches.
Verify URLs
Always verify that you're visiting the correct Core Pulse domain before entering credentials.
Report Suspicious Activity
Report any suspicious activity or security concerns immediately.
9. Reporting Security Vulnerabilities
If you discover a security vulnerability in Core Pulse, please report it responsibly to our security team. Do not disclose the vulnerability publicly until we have had time to address it.
Security Contact
Email: [email protected]
Please include details about the vulnerability and steps to reproduce it. We will acknowledge your report within 48 hours and work with you to resolve the issue.
10. Data Breach Notification
In the unlikely event of a data breach, we will notify affected users as quickly as possible, in accordance with applicable laws and regulations. We will provide information about the breach, the data affected, and steps we are taking to address the issue.
11. Third-Party Security
We carefully vet our third-party service providers and require them to maintain appropriate security measures:
- Stripe: PCI DSS Level 1 compliant payment processor
- Cloud Infrastructure: Enterprise-grade hosting with security certifications
12. Contact Us
If you have questions about our security practices, please contact us at: