Security audit — bundled in every scan
Every VitaPulse audit checks security headers, TLS certificate, and detected software versions. The findings travel with the report.
TLS and password storage
All traffic between your browser and VitaPulse uses TLS. Passwords are stored as bcrypt hashes — never in plain text. Session cookies are HTTP-only and SameSite, which blocks cross-site request forgery.
What we store and why
Your data lives in MongoDB databases hosted in Europe. We store the minimum needed: your email, hashed password, and scan results. Scan data is yours. We never use it for advertising or share it with third parties.
Access control
Every API endpoint is protected by authentication middleware. You can only access your own projects and scans. Associate access is limited to explicitly shared projects, with settings remaining read-only. Rate limiting covers every endpoint category.
Security headers on the product itself
VitaPulse serves its own responses with CSP, HSTS, and X-Frame-Options via Helmet. All inputs are validated and HTML-escaped. CORS is restricted to authorized domains. The same practices VitaPulse detects on your site, it applies to itself.
No advertising, no tracking
We do not sell your data. We do not use advertising cookies. No third-party analytics scripts run on VitaPulse pages. Your scan results, project data, and account information are not shared. Read the Privacy Policy for the full picture.