MissionPulse is built for federal contractors who handle CUI, ITAR, and competition-sensitive data every day. Here is exactly how we protect your information.
Every AI provider we use (Anthropic, RunPod) has contractual commitments that customer data is never used for model training. Your proposals, pricing, and strategy documents stay yours.
Each company gets a fully isolated workspace. Your data cannot be accessed by other tenants. Row-level security is enforced at the database layer — not just the application layer.
Sensitive modules (Pricing, Strategy, Black Hat) require multi-factor authentication and display sensitivity reminders. You control what your team sees with role-based access — partners and subcontractors see only what you share.
TLS 1.3 in transit. AES-256 at rest. Database connections use SSL. API keys are encrypted and never stored in plaintext. Session tokens use httpOnly secure cookies.
12 granular roles across 14 modules. Partners and subcontractors see only what you share. Executives see everything. Analysts see opportunities but not pricing. You control exactly who sees what.
Every action is logged — who accessed what, when, and from where. Audit logs cannot be modified or deleted. Configurable retention from 90 days to 7 years per your compliance requirements.
| Database | Supabase (PostgreSQL) | SOC 2 Type II certified. Row-level security. Encrypted at rest. |
| Hosting | Netlify Edge | Global CDN. Automatic SSL. DDoS protection. |
| AI Processing | Anthropic Claude + RunPod | Zero data retention policy. No training on customer data. |
| Authentication | Supabase Auth | bcrypt password hashing. TOTP MFA. JWT with httpOnly cookies. |
| Payments | Stripe | PCI DSS Level 1. No card data touches our servers. |
| Error Tracking | Sentry | Errors are scrubbed of PII before transmission. |
| Analytics | Plausible | Privacy-first. No cookies. No personal data collected. |
Access control, change management, audit logging, encryption, and incident response controls follow SOC 2 Type II principles. Bank-grade security posture appropriate for commercial GovCon BD work.
MissionPulse helps your BD/capture/proposal team prepare for federal opportunities. Our security controls are appropriate for CMMC 2.0 Level 1 BD workflows. We do not store or process CUI on behalf of federal agencies.
TLS 1.3 in transit, AES-256 at rest. Per-tenant row-level security on every table. Service role keys server-only. Quarterly secret rotation. Zero data retention with our AI providers.
All data is stored in US-based data centers. Database hosted on AWS us-east-1 via Supabase. No data leaves the United States.
Use your data to train AI models — ever
Share your data with other customers or third parties
Store credit card numbers on our servers
Access your workspace without your explicit permission
Retain deleted data beyond the configured retention period
Send unencrypted data over the network
Allow unauthenticated access to any customer data
We are happy to walk through our security architecture, provide additional documentation, or complete your vendor security questionnaire.
Contact Security Team