Enterprise-Grade Security

Your Data Security is Our Priority

We take security seriously. Here's everything you need to know about how we protect your employee feedback data.

SOC 2 Type II
Certified
256-bit AES
Encryption
GDPR
Compliant
99.9%
Uptime SLA

How We Protect Your Data

Encryption Everywhere

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your employee feedback is protected from the moment it's submitted.

  • AES-256 encryption at rest
  • TLS 1.3 in transit
  • Encrypted database backups

True Anonymity

When anonymous mode is enabled, we cryptographically strip all identifying information before storage. Not even we can trace responses back to individuals.

  • Cryptographic anonymization
  • No IP logging for anonymous feedback
  • Minimum response thresholds

Infrastructure Security

We host on AWS with SOC 2 compliant infrastructure. Regular security audits and penetration testing ensure our defenses stay strong.

  • AWS hosting (US-based by default)
  • EU data residency available
  • Annual penetration testing

Access Controls

Role-based access control ensures only authorized users can view sensitive data. Full audit logging tracks every action.

  • Role-based permissions
  • SSO/SAML support
  • Complete audit logging

Compliance & Certifications

SOC 2
Type II Certified

Independently audited controls for security, availability, and confidentiality.

GDPR
Compliant

Full compliance with EU data protection regulations. DPA available.

CCPA
Compliant

California Consumer Privacy Act compliance for US customers.

Our Data Practices

Where is my data stored?

All data is stored in AWS data centers in the United States by default. Enterprise customers can choose EU data residency (Frankfurt) for GDPR compliance.

Do you sell our data?

Never. Your data is yours. We make money from subscriptions, not from selling or monetizing your employee feedback data. This is a core company principle.

How long do you retain data?

We retain your data for as long as your account is active. Upon account deletion, all data is permanently removed within 30 days. You can export your data anytime.

Who can access our data?

Only authorized PulseFeedback employees with a business need can access customer data, and all access is logged. We use the principle of least privilege.

How do you handle security incidents?

We have a documented incident response plan. In the unlikely event of a breach, we commit to notifying affected customers within 72 hours.

Can we get a security questionnaire completed?

Yes. We're happy to complete security questionnaires and provide additional documentation. Contact garrett@pulsefb.com.

Enterprise Security Features

SSO/SAML

Okta, Azure AD, Google, OneLogin

SCIM Provisioning

Automatic user management

IP Allowlisting

Restrict access by network

Custom Data Retention

Define your own policies

Audit Logs

Complete activity history

Custom DPA

Tailored agreements

Dedicated Support

Named security contact

Penetration Testing

Share our reports

Contact us for enterprise security requirements →

Questions About Security?

Our security team is happy to answer any questions or complete security questionnaires.

Email Security TeamStart Free Trial