How SmartPulse protects your business and your customers
This page is maintained by SmartPulse to answer common security, privacy and compliance questions. It describes the controls and practices we currently have in place. It is not a third-party certification.
GDPR (EU / Finland)
SmartPulse is built and operated for European service businesses. Customer phone numbers and SMS content are processed only to recover the missed call and notify the business owner. We honour access and deletion requests; contact privacy@smartpulse.fi.
Tenant isolation
Every record — calls, conversations, messages, leads, notifications — is tagged with a business_id and protected by row-level security in the database. A business can only ever read or write its own rows.
Role-based access
Three roles only: super_admin (SmartPulse platform owner, internal use), business_admin (owner of one business account), and user (staff inside that business). Roles are stored in a dedicated table; there is no client-side role flag and no fallback that grants elevated access.
Twilio SMS handling
Outbound and inbound SMS are sent via Twilio. We store only the phone number, message content, and timestamps needed to operate the conversation. Numbers are never sold, shared between businesses, or used for marketing by SmartPulse.
AI is advisory only
The AI layer classifies a customer's reply (emergency, callback, quote, appointment, general) and writes a short summary. It never takes autonomous business actions, never books jobs on your behalf, and never contacts customers outside the missed-call recovery thread.
No data sharing between businesses
Conversations, leads and customer phone numbers from one business are never visible to another business. Cross-tenant access attempts are logged and blocked.
Security questions, data requests, or incident reports: privacy@smartpulse.fi.