TRUST
Anonymity is engineered, not promised.
Pulse is built around a simple principle: managers need to know how their teams are doing, but nobody needs to know who said what. Here is exactly how we keep that promise.
Anonymity by design
Individual check-in responses are never directly readable by anyone — including Pulse staff. Managers see only aggregated averages, and only once a team has submitted at least five responses.
Encryption in transit and at rest
All data is encrypted with TLS 1.3 in transit and AES-256 at rest. Database connections are authenticated and scoped to the requesting organisation.
UK & EU data residency
Pulse is built for UK small businesses. Your data is hosted in the European Union and processed in accordance with UK GDPR and the Data Protection Act 2018.
Role-based access control
Admins see org-wide summaries. Managers see their own teams only. Employees see their own check-in link and the wellbeing hub — nothing else.
AI with boundaries
Period insights are generated by a large language model via a secure gateway. Free-text feedback is anonymised and batched before processing. No individual responses are ever sent to an AI model.
Crisis-aware, not crisis-intervention
If aggregated scores suggest a team may be under severe strain, we surface gentle signposting to crisis resources. We do not diagnose, intervene, or alert employers to individual risk.
How anonymity works in practice
When someone submits a check-in, their device generates a salted hash from the period ID and a browser fingerprint. This hash — not a name, email, or ID — is stored as the respondent identifier.
This lets us enforce one response per person per period without ever knowing who that person is. Even if someone submitted the same device fingerprint across periods, the salt changes each time, making cross-period linkage impossible.
The underlying scores and free-text feedback are stored in a table with no SELECT, UPDATE, or DELETE permissions for any role. Aggregates are computed by security-definer database functions that enforce the five-response minimum before returning averages.
Where your data lives
Pulse uses a managed cloud database hosted in the European Union. All primary data — organisations, teams, check-in periods, and responses — resides there.
Backups are encrypted, point-in-time, and retained for 30 days. We do not move primary data outside the EU for processing, storage, or analytics.
If you delete your organisation, we permanently remove all associated check-in data, responses, and insights within 30 days. Billing records required for tax compliance may be retained longer in accordance with UK law.
Who can access what
Employees (users) can see their team name, current check-in status, and the wellbeing hub. They cannot see team averages, other people's responses, or any management view.
Managers can see aggregated scores and AI-generated insights for the teams they manage. They cannot see individual responses, and scores are suppressed below the five-response threshold.
Admins can see org-wide headline metrics and manage teams, members, and invites. They cannot see individual check-in responses or circumvent the anonymity threshold.
Pulse staff do not have routine access to customer databases. When support access is required for debugging, it is granted on a time-limited, audited basis with customer notification.
AI and data handling
Period insights are generated by passing anonymised, aggregated feedback to a large language model through a secure AI gateway. The prompt contains only the text of feedback comments — no names, roles, or identifiers.
AI-generated outputs (summaries, themes, suggested actions) are cached so the same dataset is not re-processed unnecessarily. This reduces cost and avoids repeated exposure of feedback text.
We do not use customer data to train models. Your feedback is not retained by the model provider or used to improve their systems.
Compliance and certifications
Pulse is designed to align with UK GDPR and the Data Protection Act 2018. We act as a data controller for account information and a processor for anonymised check-in responses.
We maintain a Record of Processing Activities and conduct regular access reviews. Our privacy policy (linked below) sets out the legal basis for each category of data we handle.
We are registered with the Information Commissioner's Office (ICO). Our registration number will be published here once confirmed.
Report a security issue
If you believe you have found a vulnerability in Pulse, please email us at security@pulse-hr.co.uk. We respond to all reports within 48 hours and operate a no-blame disclosure policy.
GET STARTED
Start free. Stay anonymous.
No credit card. No annual contract. Full anonymity from the first check-in.