Built so you never lose a deal over a security questionnaire
PulseCargo.ai™ is security-first by design. Per-tenant database isolation, native MFA, audit logs on every action, and leading compliance frameworks tracked from day one — without the enterprise complexity.
AES-256 Encryption
All data encrypted at rest using SQL Server TDE and Azure Blob Storage encryption. TLS 1.3 enforced for all data in transit.
Per-Tenant Database Isolation
Each tenant gets their own SQL Server database. Not a row-level filter. Not a query parameter. A separate database per tenant, resolved at the middleware layer. Compliance auditors notice immediately.
Native MFA + SSO
Native TOTP authenticator with QR enrollment. SMS factor via Twilio. SSO federation via Microsoft 365 and Google Workspace at portal and tenant scope. MFA can be enforced per role tier.
SOC 2 Type II Path
Architecture designed from day one to meet SOC 2 Trust Services Criteria. 23 control templates loaded across CC1–CC9; integration probes ingest evidence from M365, GitHub, Okta, CrowdStrike, Sentinel, Splunk, Datadog, Cloudflare, and more.
GDPR & CCPA Subject Rights
Self-service privacy endpoints live today: data access requests, deletion requests, data export, and opt-out. Admin-initiated export available for tenant admins. GDPR Art. 5 / 32 / 33 and CCPA § 1798.100 / .105 / .150 controls mapped.
Immutable Audit Trails
Inbound API calls, CargoWise webhooks, and user actions logged per request with timestamp, user, tenant, and action. Outbound integration audit (Stripe, TMS providers) being expanded for full SOC 2 CC4.1 / CC7.2 coverage.
Tenant Isolation Audit
61 controllers and ~140 endpoints reviewed for cross-tenant data exposure. Zero CRITICAL findings. The audit report is shareable with your security team on request.
Software Escrow
NCC Group, Iron Mountain, and EscrowTech integrations. ZIP deposits include source code, per-tenant plugins, SQL backup, and a SHA-256 manifest. Rehydration tested end-to-end — never dry-run only.
RBAC Permissions
Portal admin, tenant admin, tenant user, and per-client-association roles. Granular permission sets control what each user sees. Tenant impersonation logged separately for support workflows.
Azure-Hosted
Hosted on Azure App Service in centralus with App Service, SQL, Blob, Key Vault, SignalR, and Front Door + WAF. Bicep-modeled infrastructure across networking, data, and application tiers.
Multi-Framework Compliance
Tracks leading industry frameworks — SOC 2, ISO 27001, GDPR / CCPA, OWASP, NIST, and additional standards. SOC 2, ISO 27001, GDPR, CCPA, and CTPAT have populated control libraries today; additional frameworks tracked with templates being authored. Full framework list available on request.
Penetration Testing
Annual third-party penetration testing planned with published remediation timelines. Continuous dependency scanning and patch management today.
Security questions procurement teams ask first.
How does PulseCargo isolate customer data between tenants?
PulseCargo uses three-layer isolation: a dedicated SQL Server database per tenant (not a row-level filter or query parameter), EF Core query filters plus Azure SQL Row-Level Security as defense in depth, and per-tenant Azure Blob storage containers. 61 controllers and ~140 endpoints have been reviewed for cross-tenant data exposure with zero CRITICAL findings.
Is PulseCargo SOC 2 compliant?
PulseCargo’s architecture is designed from day one to meet SOC 2 Trust Services Criteria. 23 control templates are loaded across CC1–CC9. Integration probes ingest evidence from Microsoft 365, GitHub, Okta, CrowdStrike, Sentinel, Splunk, Datadog, and Cloudflare. SOC 2 Type II report timing is shared with prospective customers under NDA.
Does PulseCargo support MFA and SSO?
Yes. Native TOTP authenticator with QR enrollment is included on every tier. SMS factor via Twilio is available. SSO federation via Microsoft 365 and Google Workspace is available at portal and tenant scope on Enterprise and above. MFA can be enforced per role tier.
How does PulseCargo handle GDPR and CCPA requests?
Self-service privacy endpoints are live: data access requests, deletion requests, data export, and opt-out. Admin-initiated export is available for tenant admins. GDPR Articles 5, 32, and 33 and CCPA sections 1798.100, .105, and .150 controls are mapped in the compliance framework platform.
Does PulseCargo offer software escrow?
Yes. PulseCargo integrates with NCC Group, Iron Mountain, and EscrowTech. Deposit ZIPs include source code, per-tenant plugins, SQL backup, and a SHA-256 manifest. Rehydration is tested end-to-end, not dry-run only. Software escrow is included with Enterprise+ and available as an add-on on Enterprise.
Where is PulseCargo hosted?
Azure App Service in the centralus region. Infrastructure includes App Service, SQL, Blob, Key Vault, SignalR, and Front Door with WAF. Bicep-modeled across networking, data, and application tiers. Enterprise+ supports dedicated Azure infrastructure and multi-region deployment.
Pass every security review.
Your customers' procurement teams will love what they see.
Request Security Documentation →