Security

Our Commitment to Security

Security is built into every layer of FluxPulse. We use industry best practices to protect your infrastructure data from unauthorized access, modification, or disclosure.

Data Encryption

In Transit

All communication between agents, dashboards, and our platform uses TLS 1.2+ with strong ciphers. No data is ever sent in plain text.

At Rest

Data stored in our database is encrypted using AES-256 encryption. Keys are managed securely and rotated regularly.

Multi-Tenant Isolation

Every tenant's data is logically isolated at the database level using partition keys. Cross-tenant access is impossible by design.

Authentication & Authorization

• JWT tokens (15-minute expiry) for user sessions
• API keys with scoped permissions for programmatic access
• SAML SSO for enterprise single sign-on
• Role-based access control (Owner, Operator, Viewer)

Audit Logging

Every action in FluxPulse is logged: who did what, when, and from where. Audit logs are immutable and retained for compliance.

Infrastructure Security

• Hosted on Azure with redundancy and failover
• Regular security updates and patches
• DDoS protection and WAF rules
• Automated backups with encryption

Compliance

FluxPulse meets industry security standards:

• SOC 2 audit pending
• GDPR compliant data handling
• HIPAA-eligible infrastructure

Agent Security

Agents are installed with one-time scoped tokens that:

• Are generated per-install (single-use)
• Expire after 24 hours if not used
• Can be revoked from the dashboard
• Use per-tenant API keys after registration

What We Don't Collect

Agents explicitly do NOT collect:

• Application logs or traces
• Database query contents
• User authentication data
• Private files or configuration

Vulnerability Disclosure

If you discover a security vulnerability, please email security@fluxpulse.app with details. We'll respond within 24 hours and work with you to address the issue responsibly.

Questions?

For security inquiries, contact security@fluxpulse.app