AirPulse

    Security & Trust

    How AirPulse protects your brand, prompt, and customer data — and the controls our customers can verify.

    Last reviewed: 2026-05-12

    SOC 2

    SOC 2 Type II

    AirPulse is SOC 2 Type II compliant. Our report is available under NDA to customers, prospects under evaluation, and security partners. Request a copy at security@airpulse.ai.

    Request the SOC 2 report

    Encryption

    • In transit: all traffic between customers and AirPulse is encrypted with TLS 1.2 or higher, with HSTS enabled on all customer-facing domains.
    • At rest: all customer data is encrypted at rest using AES-256 on managed cloud storage.
    • Secrets: API keys, OAuth tokens, and service credentials are stored in a managed secrets store with rotation policies and access audit logs.

    Authentication

    • Per-user authentication with hardened password policy and rate-limited login.
    • SSO (SAML 2.0) available on Enterprise plans.
    • Role-based access control inside each workspace.
    • Session timeouts and revocable session tokens.

    Data residency & retention

    AirPulse runs in managed cloud regions in the United States. For specific residency requirements (EU, India, other regions), contact security@airpulse.ai.

    Customer data is retained for the duration of the subscription plus a defined wind-down period; full export and deletion are available on request and on offboarding.

    Subprocessors

    AirPulse engages a limited set of subprocessors to deliver the service. The current list is published below and is also available to customers as a PDF on request. Material changes are communicated at least 30 days in advance.

    Audited subprocessor list available on request — email security@airpulse.ai.

    Privacy regulations

    • GDPR: AirPulse offers a Data Processing Addendum (DPA) on request. See our Privacy Policy for detail on data subject rights, lawful bases, and contact paths.
    • DPDP (India): AirPulse processes personal data consistent with the Digital Personal Data Protection Act, 2023.
    • CCPA / CPRA: California residents may exercise rights to access and delete personal information through the requests described in the Privacy Policy.

    Vulnerability disclosure

    If you believe you have discovered a security vulnerability in AirPulse, please report it to security@airpulse.ai. We acknowledge reports within two business days and aim to triage within five.

    Please act in good faith: avoid privacy violations, data destruction, service disruption, and interaction with accounts that are not yours. We will not pursue legal action against good-faith researchers who follow this policy.

    Incident response

    AirPulse maintains a documented incident response plan with defined roles, severity classification, and customer notification timelines. Confirmed material incidents affecting your data are communicated to designated security contacts consistent with our customer agreements.

    Talk to security

    Security questionnaires, DPA requests, audit reports, or architectural deep-dives: security@airpulse.ai.