All Pulley infrastructure and data resides in Google Cloud which is a highly trusted cloud service provider with an excellent security record. More information about Google Cloud's security certifications is available here: https://cloud.google.com/security
All network traffic to and from Pulley is encrypted end-to-end with TLS using the latest secure standard (TLS v1.3) with known good TLS encryption algorithms. Connections with third parties and integrations are always done using TLS. Use of unencrypted connections to Pulley are used purely for redirecting to encrypted URLs.
All user data is stored in Google Cloud SQL and Google Cloud Storage with limited access. Industry standard access controls, auditing, and logging are in place to ensure your data stays safe. Data is encrypted at rest in all storage locations at the infrastructure layer and security critical pieces of information may be encrypted at the application layer for additional protection.
Access to Pulley for users is restricted to authenticated users which in addition to passwords created & stored with security best practices can enable industry standard multi-factor authentication for further protection. Internally at Pulley we use multi-factor authentication on accounts to access the service for support or software maintenance.
Availability & Fault Tolerance
Pulley's infrastructure is fully redundant, replicated across multiple availability zones to protect against outages. Our uptime is at least 99.9% and software upgrades are performed with zero-downtime.
Our team follows industry best practices with regards to building a secure application. This includes code reviews, penetration testing, and automated security vulnerability notifications and alerting.