PulseNode

Security

Last updated: June 6, 2026.

Data Sensitivity

PulseNode handles infrastructure data such as open ports, Docker container names/images, server labels, and performance metrics. This data can reveal topology and should be treated as sensitive.

Agent Tokens

Agent bearer tokens are shown once. The dashboard stores token hashes, not raw tokens. Keep agent config files private and rotate tokens if a server is compromised.

Transport

Production deployments must use HTTPS. Agents warn when configured with plain HTTP because tokens and operational data would be sent unencrypted.

External uptime and SSL checks run from the dashboard host against public HTTP(S) URLs you configure. Private, loopback, link-local, and non-HTTP targets are blocked.

Access Control

Subscription users are scoped to their own servers, metrics, alerts, preferences, notification settings, and live event streams. Operator/admin access is reserved for self-hosted or internal support use.

Backups And Retention

The service uses SQLite with operational backups. Metric retention follows plan and service configuration. Deletion requests can be sent to support.

Reporting

Report security issues to support@pulsenode.space. Include enough detail to reproduce the issue and avoid accessing data that is not yours.