Trust & Compliance

Security is the product.
Compliance is the proof.

PulseADT is built to the standards we expect every customer to enforce. This page shows exactly where we stand on every framework - no marketing, no hedging.

Frameworks tracked

AES-256

Encryption at rest

72 hrs

Max breach notification window

TLS 1.3

Encryption in transit

Compliance Status

Where we are.
Where we are going.

Every framework below is tracked openly. Status reflects the current programme stage - not where we want to be, but where we actually are. We update this page as progress is made.

Programme Stages

Compliant

Platform built and operating to the full standard. Controls evidenced and maintained.

Registered

Organisation and product registered with the relevant authority or body.

Controls Built - BAA Framework Ready

All required technical safeguards implemented. Business Associate Agreement framework prepared for customer sign-off.

Formal Assessment Pending

Internal controls complete and evidenced. Awaiting formal regulatory assessment engagement.

QSA Engagement Pending

Technical controls fully implemented and validated. Qualified Security Assessor engagement to be initiated.

Certification Body Engagement

Controls implemented and internally validated. Certification body selected and engagement in progress.

Audit Ready - Awaiting Engagement

All technical and procedural controls in place and evidenced. Formal audit engagement pending.

SOC 2 Type II

Global

Service Organisation Control 2 - security, availability, processing integrity, confidentiality, and privacy trust service criteria.

Audit Ready - Awaiting Engagement80%

In Progress

ISO 27001

Global

International standard for information security management systems covering risk treatment, controls, and continuous improvement.

Certification Body Engagement82%

In Progress

NDPR

Nigeria

Nigeria Data Protection Regulation - lawful processing, data subject rights, breach notification, and third-party processor obligations.

Compliant100%

Compliant

PCI-DSS v4.0

Global

Payment Card Industry Data Security Standard - requirements for handling cardholder data, encryption, access controls, and monitoring.

QSA Engagement Pending74%

In Progress

GDPR

EU / UK

General Data Protection Regulation - lawful basis for processing, data minimisation, subject rights, DPO appointment, and cross-border transfers.

Compliant100%

Compliant

CBN IT Standards

Nigeria

Central Bank of Nigeria IT and Cybersecurity Standards for financial institutions - risk frameworks, incident response, and data governance.

Formal Assessment Pending74%

In Progress

HIPAA

United States

Health Insurance Portability and Accountability Act - safeguards for protected health information, BAA requirements, and breach notification.

Controls Built - BAA Framework Ready68%

In Progress

NCC Cybersecurity Guidelines

Nigeria

Nigerian Communications Commission cybersecurity guidelines for licensed telecom operators covering network security, data protection, and incident response.

Compliant100%

Compliant

NITDA Circular

Nigeria

National IT Development Agency directives on data governance, audit obligations, and breach notification for technology companies operating in Nigeria.

Registered100%

Compliant

How We Secure the Platform

What we do to
protect your data.

Encryption at Rest & in Transit

All customer data is encrypted at rest using AES-256. All data in transit is protected via TLS 1.3. Key management uses envelope encryption with separate data encryption keys per customer tenant.

Data Residency

Customers can select their storage region. Data is not replicated outside the selected region without explicit opt-in. Replication logs are cryptographically signed and available on request.

Access Controls

Internal access to production systems requires hardware MFA and is granted via just-in-time approval workflows. All access is logged, attributed, and reviewed on a rolling 30-day basis.

Penetration Testing

External penetration testing is conducted annually by an independent third party. Internal red team exercises run quarterly. Findings are publicly summarised after remediation is complete.

Vulnerability Disclosure

PulseADT operates a responsible disclosure programme. Security researchers can report vulnerabilities via security@glemad.com. We acknowledge receipt within 24 hours and resolve critical findings within 14 days.

Incident Response

A documented incident response playbook is maintained and tested every quarter. Breach notification obligations are tracked to the strictest applicable regulation. Customers are notified within 72 hours of confirmed incidents affecting their data.

Sub-Processors & Data Partners

Third parties
we trust with your data.

We contractually bind all sub-processors to the same data protection standards we apply internally. This list covers infrastructure, communications, and operational tooling where customer data may be processed.

Amazon Web Services

Cloud infrastructure - compute, storage, database, networking

Customer-selected region

Cloudflare

CDN, DDoS protection, edge networking, and DNS

Global edge

Kimpa

Transactional email delivery for account and alert notifications

EU / US

Stripe

Payment processing for subscription billing

EU / US

For a complete and current sub-processor list or data processing agreement, contact privacy@glemad.com.

Security Contact

Questions about
our security posture?

Enterprise customers can request our security questionnaire responses, penetration test executive summaries, and data processing agreements. Contact our security team directly.

security@glemad.com Talk to sales

Security questionnairesAvailable on request (enterprise)

Penetration test summariesAvailable on request (enterprise)

Data Processing AgreementAvailable on request

Responsible disclosuresecurity@glemad.com

Privacy requestsprivacy@glemad.com

Trust & Compliance

Security is the product.
Compliance is the proof.

PulseADT is built to the standards we expect every customer to enforce. This page shows exactly where we stand on every framework - no marketing, no hedging.

Frameworks tracked

AES-256

Encryption at rest

72 hrs

Max breach notification window

TLS 1.3

Encryption in transit

Compliance Status

Where we are.
Where we are going.

Every framework below is tracked openly. Status reflects the current programme stage - not where we want to be, but where we actually are. We update this page as progress is made.

Programme Stages

Compliant

Platform built and operating to the full standard. Controls evidenced and maintained.

Registered

Organisation and product registered with the relevant authority or body.

Controls Built - BAA Framework Ready

All required technical safeguards implemented. Business Associate Agreement framework prepared for customer sign-off.

Formal Assessment Pending

Internal controls complete and evidenced. Awaiting formal regulatory assessment engagement.

QSA Engagement Pending

Technical controls fully implemented and validated. Qualified Security Assessor engagement to be initiated.

Certification Body Engagement

Controls implemented and internally validated. Certification body selected and engagement in progress.

Audit Ready - Awaiting Engagement

All technical and procedural controls in place and evidenced. Formal audit engagement pending.

SOC 2 Type II

Global

Service Organisation Control 2 - security, availability, processing integrity, confidentiality, and privacy trust service criteria.

Audit Ready - Awaiting Engagement80%

In Progress

ISO 27001

Global

International standard for information security management systems covering risk treatment, controls, and continuous improvement.

Certification Body Engagement82%

In Progress

NDPR

Nigeria

Nigeria Data Protection Regulation - lawful processing, data subject rights, breach notification, and third-party processor obligations.

Compliant100%

Compliant

PCI-DSS v4.0

Global

Payment Card Industry Data Security Standard - requirements for handling cardholder data, encryption, access controls, and monitoring.

QSA Engagement Pending74%

In Progress

GDPR

EU / UK

General Data Protection Regulation - lawful basis for processing, data minimisation, subject rights, DPO appointment, and cross-border transfers.

Compliant100%

Compliant

CBN IT Standards

Nigeria

Central Bank of Nigeria IT and Cybersecurity Standards for financial institutions - risk frameworks, incident response, and data governance.

Formal Assessment Pending74%

In Progress

HIPAA

United States

Health Insurance Portability and Accountability Act - safeguards for protected health information, BAA requirements, and breach notification.

Controls Built - BAA Framework Ready68%

In Progress

NCC Cybersecurity Guidelines

Nigeria

Nigerian Communications Commission cybersecurity guidelines for licensed telecom operators covering network security, data protection, and incident response.

Compliant100%

Compliant

NITDA Circular

Nigeria

National IT Development Agency directives on data governance, audit obligations, and breach notification for technology companies operating in Nigeria.

Registered100%

Compliant

How We Secure the Platform

What we do to
protect your data.

Encryption at Rest & in Transit

All customer data is encrypted at rest using AES-256. All data in transit is protected via TLS 1.3. Key management uses envelope encryption with separate data encryption keys per customer tenant.

Data Residency

Customers can select their storage region. Data is not replicated outside the selected region without explicit opt-in. Replication logs are cryptographically signed and available on request.

Access Controls

Internal access to production systems requires hardware MFA and is granted via just-in-time approval workflows. All access is logged, attributed, and reviewed on a rolling 30-day basis.

Penetration Testing

External penetration testing is conducted annually by an independent third party. Internal red team exercises run quarterly. Findings are publicly summarised after remediation is complete.

Vulnerability Disclosure

Incident Response

Sub-Processors & Data Partners

Third parties
we trust with your data.

Amazon Web Services

Cloud infrastructure - compute, storage, database, networking

Customer-selected region

Cloudflare

CDN, DDoS protection, edge networking, and DNS

Global edge

Kimpa

Transactional email delivery for account and alert notifications

EU / US

Stripe

Payment processing for subscription billing

EU / US

For a complete and current sub-processor list or data processing agreement, contact privacy@glemad.com.

Security Contact

Questions about
our security posture?

Enterprise customers can request our security questionnaire responses, penetration test executive summaries, and data processing agreements. Contact our security team directly.

security@glemad.com Talk to sales

Security questionnairesAvailable on request (enterprise)

Penetration test summariesAvailable on request (enterprise)

Data Processing AgreementAvailable on request

Responsible disclosuresecurity@glemad.com

Privacy requestsprivacy@glemad.com

Security is the product.Compliance is the proof.

Where we are.Where we are going.

What we do toprotect your data.

Encryption at Rest & in Transit

Data Residency

Access Controls

Penetration Testing

Vulnerability Disclosure

Incident Response

Third partieswe trust with your data.

Questions aboutour security posture?

Security is the product.Compliance is the proof.

Where we are.Where we are going.

What we do toprotect your data.

Encryption at Rest & in Transit

Data Residency

Access Controls

Penetration Testing

Vulnerability Disclosure

Incident Response

Third partieswe trust with your data.

Questions aboutour security posture?

Security is the product.
Compliance is the proof.

Where we are.
Where we are going.

What we do to
protect your data.

Third parties
we trust with your data.

Questions about
our security posture?

Security is the product.
Compliance is the proof.

Where we are.
Where we are going.

What we do to
protect your data.

Third parties
we trust with your data.

Questions about
our security posture?