Trust center
Operational trust links, security posture, key handling, and launch support contacts.
Status page link
Product and release notes
Launch notes live in the Pulse-Proxy changelog and release audit. Public feature availability is tracked on Feature status.
Subprocessors
Pulse uses Cloudflare for edge execution, a managed auth/database provider for identity and storage, Vercel for the dashboard, Stripe for billing, Resend for optional email delivery, GitHub Container Registry for private self-host images, and customer-configured observability or webhook destinations when enabled.
Data retention and deletion
Retention is plan-based: request metadata and traces are kept for the active plan window, payload storage is off or redacted by default unless explicitly configured, and deletion requests can be sent to contact@orionslock.com.
Key handling
Pulse keys authenticate traffic to the gateway. Upstream provider keys can be passed from your server for a single request or stored as encrypted virtual keys. Plaintext virtual-key secrets are not returned to the browser after creation.
Legal pages
Privacy Policy and Terms of Service describe launch data practices, acceptable use, deletion, and support contact paths.
Security contact
Report security concerns to security@orionslock.com. General support goes to contact@orionslock.com.
Responsible disclosure
Send suspected vulnerabilities to security@orionslock.com with affected endpoint, reproduction steps, impact, and relevant request IDs. Do not access other tenants, perform destructive testing, or exfiltrate data. We will acknowledge reports and coordinate remediation in good faith.
Incident response posture
Pulse treats gateway security, spend bypass, tenant isolation, export leakage, and key handling issues as high-priority incidents.