Security Overview

Security Overview

Draft / pending legal review. This page is provided for transparency while PulseMark prepares final legal documentation. Final terms may change before public launch.

Draft status date: June 2026

This draft security overview describes, at a high level, how PulseMark Field Diagnostic approaches authentication, role-based access, evidence handling, payment handling, and operational monitoring. It is grounded in how the product actually works today.

This is original PulseMark draft copy prepared for transparency. It describes practices rather than guarantees and remains subject to legal review before public launch.

1. Authentication and access controls

Access to PulseMark Field Diagnostic requires authentication. Users sign in to reach their organization’s workspace, and access is tied to the account and role that an organization grants. PulseMark uses access controls intended to keep each organization’s workspace limited to its authorized users.

2. Role-based access and organization scoping

The Service uses role-based access and organization scoping. A user’s role determines what they can see and do, and data is scoped to the organization it belongs to. These controls are intended to keep one organization’s projects and evidence separate from another organization’s.

3. Access boundaries by role

At a high level, different roles have different access:

  • Company Admin manages users, roles, and organization settings.
  • Supervisor oversees diagnostic projects and review within the organization.
  • Technician works on assigned projects and evidence within the organization.
  • Outside providers connected through Provider Bridge receive scoped, revocable access to specific projects and are not OEM user seats.

4. Evidence upload handling

Evidence uploaded to a project is stored and processed to support the diagnostic workflow. Supported evidence uploads include images, PDF, TXT, XML, CSV, and XLSX files; video and audio uploads are not supported as diagnostic evidence. Evidence is associated with the project and organization it belongs to, and access follows the same role and organization scoping as the rest of the Service.

5. Payment handling

Payments are handled by Stripe through Stripe-hosted checkout and Stripe’s billing systems. Payment card details are entered into Stripe-hosted checkout, and PulseMark does not collect or store full payment card numbers outside of Stripe’s systems. This keeps sensitive card handling with a dedicated payment processor.

6. Operational logging and monitoring

PulseMark uses operational logging and monitoring to help operate the Service reliably and to detect and investigate issues. Logs capture operational and security-relevant activity, and PulseMark aims to keep operational logs free of sensitive evidence content. How log and operational data is handled is also described on the privacy page.

7. Security limitations and customer responsibilities

No system can be made completely secure, and PulseMark does not promise that the Service is immune from all risk. Security is a shared responsibility, and your organization plays an important part. You are responsible for:

  • keeping account credentials secure and not sharing them;
  • assigning appropriate roles and removing access when it is no longer needed;
  • limiting Provider Bridge access to the projects an outside provider needs; and
  • not submitting sensitive evidence through public contact forms.

8. Reporting a security concern

If you believe you have found a security issue or have a security concern about the Service, please contact PulseMark through the contact page so the team can review it. PulseMark intends to look into reported security concerns and respond as appropriate.

9. No unsupported compliance claims

This draft describes security practices, not certifications. PulseMark does not, on this page, claim any formal security or compliance certification, and nothing here should be read as a certification or a promise that the Service is free from all risk. Any future formal certification would be stated separately once achieved and approved.

Questions about this draft policy can be directed to PulseMark through the contact page. This page is a draft prepared for transparency and remains subject to legal review before public launch.

Security | PulseMark Field Diagnostic