Trust & Security
Trust, security & compliance
How we protect your data and your customers' data. Below is exactly which standards iPulse meets today, and what's on the roadmap.
Web & email security
Encrypted traffic and authenticated email, measured on the live domain.
HTTPS / TLS
All traffic runs over a valid TLS certificate. Unencrypted connections are rejected.
HSTS Preload
Strict-Transport-Security with includeSubDomains and preload (2 years) forces HTTPS in every browser.
SPF, DKIM & DMARC
Email authentication against spoofing and phishing. DMARC is set to quarantine with strict alignment.
Security headers
X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy guard against clickjacking and data leakage.
Content Security Policy
A strict CSP restricts which scripts and resources may load, mitigating cross-site scripting (XSS).
DNSSEC
Our DNS records are cryptographically signed so they can't be tampered with in transit.
Cloudflare WAF & DDoS
A Web Application Firewall and DDoS mitigation filter malicious traffic before it reaches our platform.
Identity & access
Modern, phishing-resistant authentication for every account.
Multi-factor authentication
Protect accounts with a second factor on top of the password.
Passkeys / WebAuthn
Passwordless, phishing-resistant sign-in with biometrics or a hardware key.
OAuth 2.0 & OpenID Connect
Standards-based single sign-on with a public OpenID configuration and JWKS endpoint.
Bot protection
Cloudflare Turnstile blocks automated abuse without intrusive captchas.
Privacy & GDPR
Data protection under the European GDPR, by design.
GDPR compliant
Processing under the General Data Protection Regulation (EU) 2016/679 and the Dutch implementation act.
EU hosting
Data is stored and processed within the European Union (Netherlands).
Data Processing Agreement
A Data Processing Agreement (DPA) is available for business customers.
Right to access & erasure
Export or delete your data on request, in line with your rights under the GDPR.
Certifications
Independent audits we're pursuing. Honestly: these are not finished yet.
PCI DSS
Card payments are handled entirely by Stripe, a PCI DSS Level 1 certified provider. We never store card data ourselves.
ISO 27001
We're shaping our processes around the ISO 27001 information security standard, with certification as the goal.
SOC 2 Type II
A SOC 2 engagement covering security, availability and confidentiality is planned.
Have a security question or found a vulnerability?
We value responsible disclosure. Reach out to our security team and we'll respond quickly.
Email [email protected]