VP
VERVE Pulse

Trust & Security

Your data is safe with us.

VERVE Pulse is built on enterprise-grade infrastructure. We take security seriously — because your gym’s member data, financial records, and business information deserve nothing less.

256-bit AES EncryptionTLS 1.3AWS ap-southeast-2 (Sydney)SOC 2 Type II InfrastructureAustralian Privacy Act Compliant

Data Encryption

Encryption at rest: All data is encrypted using AES-256. This includes member records, payment data, session history, and all business information stored in your account.
Encryption in transit: All data transmitted between your browser and our servers is protected by TLS 1.3 — the strongest version of the transport security protocol.
Database-level security: Row-level security (RLS) is enforced at the database layer, ensuring your gym’s data is completely isolated from other tenants on the platform.

Infrastructure & Hosting

VERVE Pulse is hosted on infrastructure operated by AWS and Vercel — the same platforms used by companies including Airbnb, Twilio, and thousands of enterprise SaaS products.

Data residency: Your data is stored in AWS ap-southeast-2 (Sydney, Australia) by default — keeping Australian gym data onshore and compliant with local regulations.
Uptime SLA: We target 99.9% uptime. You can monitor live service status at status.vervepulse.io.
Automated backups: Your data is backed up daily. Point-in-time recovery is available, allowing data restoration to any second in the last 7 days.
Redundancy: Our database infrastructure uses multi-zone replication, meaning a failure in a single availability zone does not take your system offline.

Authentication & Access Control

Multi-factor authentication (MFA): MFA is available for all staff accounts and is strongly recommended for owner and admin roles.
Session management: Sessions are automatically invalidated after periods of inactivity. Staff can be deprovisioned instantly from the Settings panel.
Role-based permissions: Access is scoped by role — Owner, Manager, Coach, and Front Desk — ensuring staff only see what they need to do their job.
Secure password handling: Passwords are never stored in plaintext. We use bcrypt hashing with salting — industry standard for credential storage.

Payment Security

VERVE Pulse does not store credit card numbers, CVVs, or raw payment data on our servers. All payment processing is handled by Stripe.

Stripe: Stripe is a PCI DSS Level 1 certified payment processor — the highest level of certification available in the payments industry. Card data never touches our servers.
Payment data scope: We store only tokenised references to payment methods, which are meaningless without Stripe’s private keys.

Data Ownership

Your gym’s data belongs to you. Always.

You own your member data — names, contact info, health notes, attendance records. We process it on your behalf; we do not sell it, mine it, or share it with third parties for commercial purposes.
Data export: You can export a full copy of your gym’s data at any time from Settings → Data Export.
Data deletion: Upon account cancellation, your data is permanently deleted within 30 days. We do not retain residual copies for marketing or analytics.

Vulnerability Disclosure

If you discover a security vulnerability in VERVE Pulse, we ask that you report it to us responsibly before making it public. We take all reports seriously and aim to respond within 48 hours.

Security contact: security@vervepulse.io

Please include: a description of the vulnerability, steps to reproduce, and your contact details. We will acknowledge receipt within 48 hours and provide a timeline for remediation.

Questions?

If you have security questions or need a security summary for your IT team or procurement process, contact us.

Contact security team →

Last updated: March 2026. VERVE Pulse Pty Ltd, 4 Dalton St, Upper Coomera, QLD 4209, Australia.