No patient data, by design

Security & Privacy

Pulse schedules clinicians — it never needs patient data. Because no PHI enters the system, your compliance scope collapses and your security team can clear a pilot in a security review, not a months-long audit. Here is exactly how it's built and operated.

No patient data, by design

Pulse is staff scheduling and operations only. PHI is never required, and a built-in guard blocks patient identifiers (MRN, SSN, DOB, account #) from inputs and the AI before anything is stored.

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest.

Access control

SSO (Microsoft Entra, Okta, Google) + MFA, role-based least-privilege across admin, scheduler, medical-staff, and provider, with automatic logoff.

Append-only audit ledger

Every schedule change, swap, verify, and pay action is written to a hash-chained, tamper-evident ledger with 5-year retention and point-in-time signed attestations.

Resilience

Encrypted backups, tested restore (5-minute RPO), monitoring, and a documented incident-response and breach-notification process.

What Pulse stores

Provider names, departments, roles, contact methods
Shifts, on-call assignments, swaps, time-off
Scheduling rules, fairness & pay metadata (staff)
Audit log of operational actions

What Pulse never stores

Patient names or identifiers
MRN / medical record numbers
Diagnoses, clinical notes, or treatment data
Any Protected Health Information (PHI)

Subprocessors

Vendor	Use
Azure / Vercel	Application hosting
Neon / Azure Postgres	Database (Postgres)
Google Vertex / Anthropic	AI features
Resend	Transactional email
Twilio	SMS notifications

No patient data — staff scheduling onlyHosted on Azure / VercelSOC 2 — in progressThird-party pen testEncryption in transit + at rest

Need the security overview?

We'll send the security overview and subprocessor list for your review.

Request overview

Pulse — the AI scheduling brain for hospitals. Staff & operations only · no patient data.

Pulse Back

No patient data, by design

Security & Privacy

No patient data, by design

Pulse is staff scheduling and operations only. PHI is never required, and a built-in guard blocks patient identifiers (MRN, SSN, DOB, account #) from inputs and the AI before anything is stored.

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest.

Access control

SSO (Microsoft Entra, Okta, Google) + MFA, role-based least-privilege across admin, scheduler, medical-staff, and provider, with automatic logoff.

Append-only audit ledger

Every schedule change, swap, verify, and pay action is written to a hash-chained, tamper-evident ledger with 5-year retention and point-in-time signed attestations.

Resilience

Encrypted backups, tested restore (5-minute RPO), monitoring, and a documented incident-response and breach-notification process.

What Pulse stores

Provider names, departments, roles, contact methods
Shifts, on-call assignments, swaps, time-off
Scheduling rules, fairness & pay metadata (staff)
Audit log of operational actions

What Pulse never stores

Patient names or identifiers
MRN / medical record numbers
Diagnoses, clinical notes, or treatment data
Any Protected Health Information (PHI)

Subprocessors

Vendor	Use
Azure / Vercel	Application hosting
Neon / Azure Postgres	Database (Postgres)
Google Vertex / Anthropic	AI features
Resend	Transactional email
Twilio	SMS notifications

No patient data — staff scheduling onlyHosted on Azure / VercelSOC 2 — in progressThird-party pen testEncryption in transit + at rest

Need the security overview?

We'll send the security overview and subprocessor list for your review.

Request overview

Pulse — the AI scheduling brain for hospitals. Staff & operations only · no patient data.