PulseMDPulseMD
Trust Center

Built for the people who have to say yes.

Your IT, security and informatics teams can self-serve our posture, architecture, sub-processors and AI governance, and request the full evidence pack under NDA in one click.

Request documents under NDAHow signals are protected
SOC 2 (report under NDA)HIPAA-alignedBAA with every customerUS data residencyEncryption in transit & at restSSO / role-based access
What you can self-serve

The procurement gate, answered in plain language.

Most of a standard security review is answered here in plain language. The rest is one NDA-gated click away.

01

Posture overview

PulseMD is not an EHR and does not require access to your EHR or structured PHI to operate. Signals are minimized, de-identified and aggregated. We execute a Business Associate Agreement (BAA) with every customer, handle any incidental PHI under full HIPAA safeguards, and never use PHI to train models.

02

Compliance & certifications

We state our true current posture, for example, “SOC 2 Type II (report available under NDA)”, and never display a certification we don’t hold. Additional attestations are on the roadmap as each market requires.

03

Data handling, residency & encryption

Encryption in transit and at rest, US data residency, defined retention, and role-based access control with SSO. The specifics are documented in the evidence pack and confirmed before publication.

04

AI governance

Models support leadership pattern-spotting with a human in the loop on any action. No PHI is used to train models, and AI-specific terms are covered in a Business Associate Agreement (BAA).

05

De-identification & aggregation

Individual signals are minimized, de-identified and aggregated into unit- and theme-level patterns. PulseMD never identifies, tracks or scores an individual, with re-identification safeguards by design.

06

Sub-processors & data minimization

A current sub-processor list is maintained for procurement review. Because PulseMD doesn’t need the EHR or structured PHI to do its job, the data it touches, and the risk it carries, is deliberately small.

Every concrete claim above is confirmed with engineering and compliance before it’s published. We never overclaim in front of a CISO.

Send us to your security team.

Request the full evidence pack under NDA, posture summary, architecture, sub-processors and AI governance. Instant internal routing; a senior response the same business day.

Start a pilotSee PulseMD in 15 minutes

No overclaims, no badges we haven’t earned. · Explore the Trust Center