Skip to content
FluxPulse
Get started

Security

How we protect your infrastructure

Security is built into every layer of FluxPulse. We use industry best practices and defense-in-depth strategies to protect your infrastructure data from unauthorized access, modification, or disclosure.

Encryption

In Transit

All communication between agents, your dashboard, and our platform uses TLS 1.2 or higher with strong cipher suites. No data is transmitted in plain text.

At Rest

All data stored in our databases is encrypted using AES-256 encryption. Encryption keys are managed securely, rotated regularly, and never exposed to application code.

Authentication & Authorization

FluxPulse uses multiple authentication mechanisms to protect your account:

  • JWT tokens with 15-minute expiry for web sessions
  • API keys with scoped permissions for programmatic access
  • SAML SSO for enterprise single sign-on
  • Role-based access control (Owner, Operator, Viewer) for granular permissions

Multi-Tenant Isolation

Every FluxPulse tenant's data is logically isolated at the database layer using partition keys. We use database-level access controls to ensure that one tenant can never access another tenant's data, regardless of privilege level.

Agent Security

Agents are installed using one-time, scoped installation tokens:

  • Each installation generates a unique token (single-use)
  • Tokens expire after 24 hours if not used
  • After registration, agents authenticate using per-tenant API keys with minimal permissions
  • Agent credentials can be revoked immediately from the dashboard

Agents collect only infrastructure metrics and do not collect application logs, database contents, user credentials, or sensitive files.

Infrastructure & Compliance

FluxPulse is hosted on Microsoft Azure with:

  • Redundancy across multiple availability zones
  • Automated failover and disaster recovery
  • DDoS protection and WAF rules
  • Regular security patches and updates
  • Automated backups with encryption

Audit Logging

Every action in FluxPulse is logged: who performed the action, what changed, when, and from where. Audit logs are immutable and retained for compliance purposes.

Compliance & Standards

FluxPulse is designed to meet industry security and compliance standards:

  • GDPR compliant data handling and privacy controls
  • HIPAA-eligible infrastructure for healthcare use cases
  • SOC 2 audit in progress

What We Don't Collect

FluxPulse agents explicitly do NOT collect:

  • Application logs or traces
  • Database query contents
  • User authentication data or credentials
  • Private files, configuration files, or source code

Vulnerability Disclosure

If you discover a security vulnerability, please email security@fluxpulse.app with details and proof of concept. We will respond within 24 hours and work with you to address the issue responsibly. Please do not publicly disclose vulnerabilities until we've had time to patch.

Questions?

For security inquiries or concerns, contact security@fluxpulse.app.

Ready to put your servers on autopilot?

Install the agent in under a minute. No credit card to start.

Get started Talk to us