Pulley

This article is meant to answer some of the most frequent questions from investors invited into Pulley pertaining to our data usage and security. 

For an overview of our security protocols, check out Pulley's<a href="https://pulley.com/security" rel="nofollow noopener noreferrer" target="_blank"> security page.</a>

Q: What kinds of data does Pulley store for customers? A: Pulley stores data entered by customers, or provided and approved by them during the onboarding process. We also keep data related to software usage.

Q: How does Pulley ensure data segregation between the Stakeholder and other customers?

A: Segregation is ensured by application-level multi-tenacity. 

Q: How is Pulley data stored and encrypted?

A: All user data is stored in Google Cloud SQL and Google Cloud Storage with limited access. Data is encrypted at rest in all storage locations at the infrastructure layer and security critical pieces of information may be encrypted at the application layer for additional protection.

Q: What are Pulley's infrastructure security protocols?

A: Industry standard access controls, auditing, and logging are in place to ensure your data stays safe. All network traffic to and from Pulley is encrypted end-to-end with TLS using the latest secure standard (TLS v1.3) with known good TLS encryption algorithms. Connections with third parties and integrations are always done using TLS. Use of unencrypted connections to Pulley are used purely for redirecting to encrypted URLs.

Q: What is Pulley's procedure in case of a data breach? 1. Lock down system to ensure no further leaks 2. Identify what data has been breached 3. Notify affected parties 4. Identify how the data was breached 5. Fix vulnerabilities or otherwise close the attack vector 6. Restore the system

Q: In case of a security incident, how will the Stakeholder be notified? A: Company Administrators will be notified by email.

Q: Has Pulley ever had a security incident? A: At the date of this article's last update, we have never had a security breach.

1. Q: What kinds of data does Pulley store for customers? A: Pulley stores data entered by customers, or provided and approved by them during the onboarding process. We also keep data related to software usage. 
 
2. Q: How does Pulley ensure data segregation between the Stakeholder and other customers? 
 A: Segregation is ensured by application-level multi-tenacity. 
 
3. Q: How is Pulley data stored and encrypted? 
 A: All user data is stored in Google Cloud SQL and Google Cloud Storage with limited access. Data is encrypted at rest in all storage locations at the infrastructure layer and security critical pieces of information may be encrypted at the application layer for additional protection.
 
4. Q: What are Pulley's infrastructure security protocols? 
 A: Industry standard access controls, auditing, and logging are in place to ensure your data stays safe. All network traffic to and from Pulley is encrypted end-to-end with TLS using the latest secure standard (TLS v1.3) with known good TLS encryption algorithms. Connections with third parties and integrations are always done using TLS. Use of unencrypted connections to Pulley are used purely for redirecting to encrypted URLs.
 
5. Q: What is Pulley's procedure in case of a data breach? 1. Lock down system to ensure no further leaks 2. Identify what data has been breached 3. Notify affected parties 4. Identify how the data was breached 5. Fix vulnerabilities or otherwise close the attack vector 6. Restore the system 
 
6. Q: In case of a security incident, how will the Stakeholder be notified? A: Company Administrators will be notified by email. 
 
7. Q: Has Pulley ever had a security incident? A: At the date of this article's last update, we have never had a security breach.

If what you were looking for is not covered by the above, please reach out to <a href="mailto:support@pulley.com" rel="nofollow noopener noreferrer" target="_blank">support@pulley.com</a> and we'll gladly help with any remaining questions!