Access control
Pulsit uses contextual permissions. What someone can do depends on the actor, the context and the role — not on a loose global user type or a hidden UI menu.
Security & Trust
Trust is not a badge. It is how the platform is built and operated.
Pulsit is being built with clear access control, GDPR-aware product design, supplier transparency and a realistic path toward ISO 27001-aligned controls. We do not claim certification we do not have.
Data protection
Pulsit is designed for ordinary business and customer data. GDPR rights, data export, deletion handling and supplier transparency are part of the v1 security and privacy track.
Clear boundaries
Pulsit is not a medical records system and should not be used for diagnoses, journals, sensitive health records or other data that requires a dedicated regulated system.
Current control direction
Practical controls before empty claims.
Pulsit is still early. The responsible path is to document the controls we have, build the missing ones in order and stay clear about what is not certified yet.
- Context-based access control: Actor + Context + Role = Permission.
- Server-side permission checks for sensitive operations.
- Row Level Security and privileged server functions where needed.
- Audit logging for selected administrative and security-relevant actions.
- EU/EES-first data hosting strategy and documented supplier chain.
- GDPR rights handled through account privacy flows and support requests.
ISO 27001 direction
Built toward a real control framework.
Pulsit is not ISO 27001 certified today. The platform is being developed with ISO 27001-inspired control thinking: risk awareness, access control, incident handling, supplier transparency, audit logging, backup routines and continuous improvement.
External review, penetration testing and formal certification may be pursued when the product, customer base and risk profile justify it.
What Pulsit does not claim
- Pulsit is not ISO 27001 certified today.
- Pulsit is not a medical records system.
- Pulsit is not designed for storing diagnoses, medical journals or sensitive health records.
- AI in Pulsit is assistive. It should not approve critical changes alone.
Questions about security or data protection?
We would rather explain the current state clearly than hide behind vague promises.