Built for the people who have to say yes.

PulseMD is not an EHR and does not require access to your EHR or structured health information to operate. Signals are minimized, de-identified and aggregated. We execute a Data Processing Agreement with every customer, handle any incidental health information under full the Privacy Act 2020 and the Health Information Privacy Code safeguards, and never use health information to train models.

We state our true current posture, for example, “ISO 27001 (report available under NDA)”, and never display a certification we don’t hold. Additional attestations are on the roadmap as each market requires.

Encryption in transit and at rest, New Zealand data residency, defined retention, and role-based access control with SSO. The specifics are documented in the evidence pack and confirmed before publication.

Models support leadership pattern-spotting with a human in the loop on any action. No health information is used to train models, and AI-specific terms are covered in a Data Processing Agreement.

Individual signals are minimized, de-identified and aggregated into unit- and theme-level patterns. PulseMD never identifies, tracks or scores an individual, with re-identification safeguards by design.

A current sub-processor list is maintained for procurement review. Because PulseMD doesn’t need the EHR or structured health information to do its job, the data it touches, and the risk it carries, is deliberately small.