Privacy and Security

We provide leaders with the answers they need while maintaining a safe, private work environment for everyone.

Anonymized and aggregated.

Least-privilege: Our data access policies work on the principles of least privilege. All processes and person(s) can only access data that is required to perform his/her/it’s functions.

• Credentials are not stored: Our customer-facing applications are secured with enterprise-level SSO (Single Sign-On). User credentials are not stored in our systems, and authentication is handled by your organization's own identity provider.

• Application Data is Segregated: Our application data is segregated into separate workspaces by the organization. Therefore, your Holmetrics data is not accessible by anyone outside of your organization without your permission.

• End to end encryption: While we do not store sensitive data of any kind, we will still ensure all data is encrypted both in transit and at rest. Our front-end web application and API endpoints are https enforced.

SOC2 and ISO 27001 compliant.

Compliance with SOC 2 and ISO27001 requirements indicates that we maintain a high level of information security. Strict compliance requirements can help ensure sensitive information is handled responsibly, and be more resistant to data breaches which may curse unnecessary costs financially and reputationally.

GDPR compliant.

Compliance with SOC 2 and ISO27001 requirements indicates that we maintain a high level of information security. Strict compliance requirements can help ensure sensitive information is handled responsibly, and be more resistant to data breaches which may curse unnecessary costs financially and reputationally.

Opt-out anytime.

Customers can request the contract to be terminated at any time for any reason. As per the signed agreement, they are required to send the request formally in advance, so we can ensure all necessary actions can be completed. If an individual or a small group of people from one of our client companies want to opt-out, they need to send the request to the admin role of Pulse, and our client company notify us. It should be our client companies' responsibility to inform their employees how the opt-out requests are sent and how long the actions will take.

Right to be forgotten.

We must stop collecting and using customer's personal data and erase it when they withdraw their consent. The data should be erased within one calendar month.

Generally, people have the right to request an organization to remove the date they are specifying, and we should respect that once we are informed about the requests. But there are no rules for time limits. We should treat customers equally, so ideally, if we have the procedures for EU citizens, then it applies to all of our clients.

Our full privacy policy.

Please check out our full Privacy Policy here.

Safety and Privacy for Everyone.