Security & Compliance

This page explains how PulseDesk AI handles customer trust, security, and compliance for the MVP version.

Backend

• Authentication: Google Sign-In through Firebase Authentication.
• Database: Firebase Cloud Firestore.
• Company data path: companies/<COMPANY_CODE>.
• Employee feedback path: companies/<COMPANY_CODE>/feedback.

Access model

• Admin dashboard data is shown only after Google login.
• The dashboard checks that the company document adminUid matches the signed-in Firebase user UID.
• Recommended Firestore rules restrict feedback reads to the verified company admin.
• Employees can submit feedback without login, but cannot read dashboard data.

What is stored

• Company profile: company code, company name, admin UID, admin email, plan, created/updated timestamps.
• Feedback: rating, optional comment, anonymous flag, source page, created timestamp.
• Suggestions: category, message, anonymous flag, created timestamp.

What is not stored by this website

• No screen recording.
• No keystroke tracking.
• No browsing history tracking.
• No employee email on the public feedback page.

Data retention

Recommended default retention for MVP testing is 180 days. Paid customers should be given a written retention choice such as 30, 90, 180, or 365 days before production launch.

Data residency

Firebase project location and Google Cloud region settings must be confirmed in Firebase/Google Cloud before onboarding regulated customers. Do not claim India-only or EU-only hosting unless the project is configured that way.