Is Free really free forever?

Yes. The local desktop app is MIT-licensed open source. Revenue comes from cloud sync, team dashboards, and enterprise services — not from selling binaries.

Why do you charge for Pro if everything is open-source?

You're paying for the cloud infrastructure (encrypted sync server, mobile PWA hosting, friend leaderboard ranking, AI assistant API). You can self-host the cloud server from the same repo for free.

Can I cancel any time?

Yes. Pro is month-to-month. Team has a 14-day money-back guarantee. Enterprise contracts are annual with 30-day exit clauses.

When does Pro launch?

Q3 2026. Waitlist signups get 1 month free + early access to friend leaderboard invite codes.

Security

Pulse handles sensitive personal-finance data: subscription costs, AI API spending, app activity. This page lays out our threat model, what's implemented today, what's designed but not yet shipped, and what's on the roadmap.

Last updated · 2026-05-15

Status legend. Each section below is tagged with one of: Implemented · local mode Designed for Pro Planned for Team Enterprise roadmap Not certified yet. Pulse v1.0 today is a local Streamlit app. The cloud server, mobile PWA, SSO, SOC 2, on-prem, and SLA features described below are designed and partially scaffolded in code, but no cloud service is in production and no certification has been issued.

Threat model

Our threat model assumes:

The user's machine is trusted. We are not a malware sandbox.
The user's master password is the root of trust. Lost password = lost cloud data (intentional — we cannot decrypt without it). Applies once Pro cloud sync ships.
The cloud service may be compromised. All synced data is designed to be encrypted with user-derived keys before leaving the device. Cloud sync is not yet live.
Network attackers are active. Any future cloud traffic will require TLS 1.3+.

Encryption

At rest, local: SQLite database is stored unencrypted in data/tracker.db. Users on shared machines should encrypt their disk (BitLocker, FileVault). Implemented · local mode
At rest, cloud: Per-row AES-256-GCM with 12-byte random nonce per row. Server stores only ciphertext + HMAC-SHA256 searchable indexes. Designed for Pro · not yet shipped
Key derivation: Argon2id(password, salt=account_id, m=64MB, t=3, p=1). The master key never leaves the device. Designed for Pro · not yet shipped
In transit: Local app's only outbound call is to frankfurter.dev over HTTPS. Future cloud sync will use TLS 1.3 to Supabase + Stripe. Designed for Pro · not yet shipped

See cloud/crypto.py for the implementation scaffold. The cloud server itself is not yet deployed.

Authentication

Local app: No account required, no sign-in, no telemetry by default. Implemented · local mode
Cloud accounts (Pro): Magic-link sign-in via Supabase Auth planned. No passwords stored. Designed for Pro · not yet shipped
JWT refresh: tokens auto-rotate every 60 minutes; refresh tokens last 30 days. Designed for Pro · not yet shipped
API keys: scoped to user's own data only. Generated in Settings → Developer. Revocable. Logged in audit table. Designed for Pro · not yet shipped
SSO: SAML 2.0 + OIDC via Supabase Pro / Auth0. Configurable per organization with domain allowlists. Enterprise roadmap

Privacy

Local-only mode requires zero account, zero telemetry. Implemented · local mode
Cloud mode: opt-in only. Each synced data category (subscriptions, AI usage, activity) toggleable separately. Designed for Pro · not yet shipped
Leaderboard: opt-in only with three visibility levels (off / friends / public). Aggregate metrics only — raw token data never leaves the device. Designed for Pro · not yet shipped
No analytics, no fingerprinting, no third-party trackers in the local app today. Implemented · local mode

See Privacy for the full privacy policy.

Audit logging

Pulse maintains a local audit log (audit_log table) of: Implemented · local mode

Sign in / sign out events
API key creation / revocation
Team membership changes
Settings changes (currency, plan, alerts)
Export operations
Sync events (counts only, never content)

Cloud-side audit mirror with 90d (Pro) / 1yr (Team) / 7yr (Enterprise) retention is Planned for Team — not yet running in production.

Reporting vulnerabilities

If you discover a security issue, please do not file a public issue. Implemented · local mode

Email: security@mintforai.com or DM @walight999 on GitHub.

We aim to:

Acknowledge within 24 hours
Fix critical issues within 7 days
Coordinate disclosure with the reporter
Credit reporters publicly (if they wish)

Bug bounty

Once pulse Pro launches with paying customers, we will offer a bug bounty program. Planned for TeamEstimated tiers (subject to change):

Critical (RCE, auth bypass, mass data leak): $500–2000
High (auth flaw, IDOR): $200–500
Medium (XSS, CSRF, broken access): $50–200

Compliance roadmap

Pulse holds no security certifications today. The local v1.0 app is MIT-licensed open source and does not require certification to run. The targets below are planned milestones, not commitments.

v1.0 (current): MIT-licensed local app, no compliance certifications needed. Implemented · local mode
v2.0 (Cloud / Pro): GDPR-compliant data handling, EU data residency option. Designed for Pro · not yet shipped
v2.5 (Team): SOC 2 Type I audit (Drata + reputable auditor). Planned for Team Not certified yet
v3.0 (Enterprise): SOC 2 Type II, ISO 27001, HIPAA-ready architecture. Enterprise roadmap Not certified yet

Service-level claims

There is no production cloud service today and therefore no SLA is offered. The "99.9% SLA" figure referenced on the pricing page is a planned commitment for Enterprise contracts once the cloud service is live and stable. Enterprise roadmap

Dependencies

We minimize third-party dependencies. Key ones for security:

cryptography (PyCA) — for AES-GCM, audited
argon2-cffi — for password hashing, audited
supabase — backend (planned); Supabase is SOC 2 Type II
stripe — billing (planned); PCI-DSS compliant
fastapi — API server (scaffolded); widely-used, secure-by-default

We do not vendor or fork security-sensitive libraries.

← pulse home

Privacy Terms Security Changelog