Reference

Security

PullPush is built with security as a foundational requirement, not an afterthought. This page covers how we protect your data and credentials.

Credential encryption

All connection credentials are envelope-encrypted with per-tenant keys:

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key hierarchy: Master key → per-tenant DEK (data encryption key) → credential ciphertext
  • Storage: Only encrypted credentials exist in the database; plaintext credentials are never persisted
  • Access: Decryption happens in-memory only when needed for API calls

This means even database-level access cannot reveal your API keys, OAuth tokens, or webhook secrets.

Data in transit

  • All API traffic is encrypted with TLS 1.2+
  • Webhook signatures are verified using HMAC (SHA-256 by default) to prevent tampering
  • Internal service communication uses encrypted channels

Data at rest

  • PostgreSQL database with encrypted storage
  • Redis data is ephemeral (job queues, caching) and does not persist credentials
  • Nightly backups with tested restore procedures

Multi-tenancy isolation

PullPush is multi-tenant by design. Each tenant has:

  • Isolated data encryption keys
  • Row-level data isolation in the database
  • Independent rate limits and circuit breakers
  • Separate audit logs

One tenant's data or credentials can never leak to another tenant.

Audit logging

All significant actions are recorded in the audit log:

  • Connection creation, modification, and deletion
  • Credential rotation events
  • Sync flow changes (shadow → live, pause, resume)
  • Admin actions

Audit logs are immutable and retained according to your plan's retention policy.

GDPR compliance

  • Plausible Analytics — privacy-friendly, cookie-free website analytics
  • No data selling — we never sell, share, or monetize your data
  • Data minimization — PullPush only processes data needed for synchronization
  • Right to erasure — contact privacy@pullpush.ai for data deletion requests

Compliance roadmap

PullPush is on an active compliance path:

  • SOC 2 Type II — in progress
  • ISO 27001 — planned
  • GDPR — compliant by design

Responsible disclosure

Found a security vulnerability? Contact us at security@pullpush.ai. See our security.txt for PGP key and disclosure policy.

PreviousConnector AuthoringNextArchitecture