Start free

Trust & safety

Security Overview

Last updated: April 20, 2026

This page summarizes how PULSE thinks about security for athlete and coach data. It is a high-level overview—not an exhaustive contract, certification report, or guarantee. For contractual commitments, refer to your order form, data processing agreement, and enterprise security addenda where applicable.

Our commitment

Training data is sensitive. We design PULSE with least-privilege access, encryption in transit for internet-facing connections, and strong authentication options for accounts that hold coaching or administrative permissions.

Security is a process, not a checkbox. We run periodic reviews of access patterns, dependency risk, and incident response playbooks.

Reporting vulnerabilities

If you believe you have found a security vulnerability in PULSE, please report it to the security contact listed on our Contact page. Include enough detail for us to reproduce the issue without exploiting live users.

Please do not perform testing that could degrade service for others (for example large-scale automated scanning against production without prior agreement). We appreciate responsible disclosure and will work with you to understand and remediate credible issues.

Practices we emphasize

Our engineering and operations practices emphasize secure development lifecycle basics: code review for sensitive changes, secrets management, centralized logging for security-relevant events, and separation between production and non-production environments.

  • Access to production systems is limited to trained staff and tied to role-based need.
  • We rely on reputable cloud infrastructure providers and configure their security features as part of our baseline.
  • We maintain business continuity planning so we can recover from regional outages without losing coach-athlete continuity where technically feasible.

Incidents and notifications

If we become aware of a breach of personal data that requires notification under applicable law, we will notify affected customers and regulators as required. Notification timelines depend on the nature of the incident and legal requirements in your jurisdiction.

Your role in security

Security is shared. Use unique passwords, enable multi-factor authentication where offered, and limit coach/admin accounts to people who need them. On shared gym devices, sign out after sessions and avoid saving passwords in public browsers.

Changes

We may update this overview as our architecture and threat landscape evolve. The “Last updated” date reflects the latest published version.