The Vault

Compliance run for you, not by you.

KYC, OFAC/sanctions screening, PCI DSS controls, and an immutable audit trail — operated by Pulse on every sub-merchant so adding payments never creates a compliance burden for your platform.

Become a partnerSee the live demo

Compliance vault · Acme Coffee Co.

Compliant

PCI DSS · SAQ-A

self-assessment

verified

Filed Sep 12 · valid 12 mo

SOC 2 · Type II

audit · in progress

pending

Q1 attestation

KYC · Owner ID

Smarty + ID.me

verified

Re-screened daily

W-9 · ACH auth

Documenso · e-signed

verified

Aug 04

OFAC · sanctions

Sovos · auto-screen

verified

Last hit · 0

Audit log · 2yr

immutable storage

verified

12.4M events

12.4M events captured · exportable to CSV / API · immutable storage

Why a built-in vault

Payments without the compliance weight.

Embedding payments means taking on sub-merchant compliance — KYC, sanctions screening, PCI controls, document management — unless your PayFac provider handles it for you. Pulse makes compliance continuous and invisible — pulled into onboarding, underwriting, and ongoing monitoring so the audit trail builds itself without your team lifting a finger.

What's inside

Built for the regulated world your platform operates in.

PCI DSS controls

Pulse tracks SAQ status, vulnerability scans, and renewal deadlines across every merchant on your platform — no PCI burden lands on your engineering team.

Document collection

Required documents are defined per merchant type and processor. Pulse auto-requests, versions, and stores every file so your team never chases paper.

KYC + sanctions screening

Identity verification and OFAC screening run inline via Sovos and Smarty + ID.me at onboarding, then re-screen on a schedule so the audit trail stays current.

Immutable audit trail

Every signature, document upload, decision, and status change is logged immutably. Exportable to CSV or piped via webhook for card-brand reviews.

Renewal & deadline alerts

Pulse watches every PCI renewal, license expiration, and document refresh across your merchant portfolio and routes alerts before deadlines hit.

Regulator-ready reporting

AML/KYC summaries, document status, and incident logs available on demand. When a card brand or auditor asks, the export is one click — not a two-week scramble.

Coverage

What Pulse operates on your behalf.

PCI DSS Self-Assessment Questionnaires
Quarterly vulnerability scan monitoring
AML / KYC verification status
OFAC sanctions screening (Sovos)
Business license + registration tracking
Insurance certificate management
Processor-specific compliance rules
Annual renewal reminders
Exception tracking + resolution

How it works

From boarding to audit export — fully automated.

  1. Step 1

    Merchant boards

    At onboarding, Pulse runs KYC via Smarty + ID.me and OFAC screening via Sovos inline — before the first transaction clears.

  2. Step 2

    Documents collected

    Pulse requests, validates, and versions required documents per merchant type and processor via Documenso e-sign portals.

  3. Step 3

    Continuous monitoring

    Sanctions re-screening, PCI SAQ tracking, and deadline watchers run automatically — your platform stays current without manual effort.

  4. Step 4

    Alert + resolve

    When a deadline approaches, a document expires, or a status changes, Pulse routes an alert to the right person before it becomes a violation.

  5. Step 5

    Export on demand

    Full event history, document trails, and decisions are exportable to CSV or via API — ready for card-brand reviews the moment they are requested.

Outcomes

Your platform ships faster. Pulse handles the rest.

Ship payments without compliance overhead

Pulse operates KYC, OFAC screening, and PCI controls on your behalf — your engineers build features, not compliance tooling.

Audits become exports

Centralized documentation and an immutable event log mean card-brand reviews and audits are answered with a single export, not weeks of digging.

Continuous coverage, not annual fire drills

Ongoing screening and deadline tracking catch compliance drift before it becomes a processor relationship problem.

Protect your platform standing

Consistent compliance across every sub-merchant protects your sponsor bank relationship and processor agreements.

Who it's for

Built for platforms that can't afford a compliance team.

  • Vertical SaaS platforms embedding payments without inheriting a compliance team
  • ISVs whose sponsor bank or processor requires auditable KYC and OFAC documentation
  • Product teams that need PCI DSS coverage without restructuring their infrastructure
  • Operations teams managing document-heavy merchant portfolios at scale
  • Founders who want card-brand-ready exports on demand without adding compliance headcount

Related

Where this connects.

Now onboarding software partners

Turn your software into a payments business.

We sell it, board it, underwrite it, and run it. You add a revenue line to your platform without adding headcount.

Become a payments partnerTalk to our team

Built for vertical SaaS platforms ready to monetize payments.

PCI DSS compliantSOC 2 Type II99.9% uptimeMulti-processor