Built for the people who have to say yes.

PulseMD is not an EHR and does not require access to your EHR or structured personal and health information to operate. Signals are minimized, de-identified and aggregated. We execute a Data Processing Agreement with every customer, handle any incidental personal and health information under full the Privacy Act 1988 and the Australian Privacy Principles safeguards, and never use personal and health information to train models.

We state our true current posture, for example, “ISO 27001 (report available under NDA)”, and never display a certification we don’t hold. Additional attestations are on the roadmap as each market requires.

Encryption in transit and at rest, Australian data residency, defined retention, and role-based access control with SSO. The specifics are documented in the evidence pack and confirmed before publication.

Models support leadership pattern-spotting with a human in the loop on any action. No personal and health information is used to train models, and AI-specific terms are covered in a Data Processing Agreement.

Individual signals are minimized, de-identified and aggregated into unit- and theme-level patterns. PulseMD never identifies, tracks or scores an individual, with re-identification safeguards by design.

A current sub-processor list is maintained for procurement review. Because PulseMD doesn’t need the EHR or structured personal and health information to do its job, the data it touches, and the risk it carries, is deliberately small.