Stockholm-icons / General / Shield-protectedCreated with Sketch.

Security at Pearly

HIPAA & PCI compliant software platform.

Stockholm-icons / Communication / Shield-userCreated with Sketch.

Our Security Commitment.

At Pearly, practice and patient trust is our #1 priority.

We take a rigorous approach to security to ensure HIPAA-compliant handling of protected health information (PHI) and PCI-compliant handling of financial card data.  Pearly has legally-binding Business Associate's Agreements (BAAs) with all third-party service providers handling PHI.

Stockholm-icons / Communication / Contact#1Created with Sketch.

Identity Management

Patient identity data (name, email, password) are managed and stored in the Google Identity Platform.

Google's Identity Platform implements industry-leading encryption (SHA-2) and authentication (OAuth 2.0) standards.

Stockholm-icons / Files / Locked-folderCreated with Sketch.

Patient Information

Patient information is stored on Google Cloud Platform, specifically Firestore and Cloud Storage.

The above Google services employ AES-256 encryption at rest and have completed ISO 27001, ISO 27017, ISO 27018, SOC 1, 2, and 3 certification.

Stockholm-icons / Files / File-doneCreated with Sketch.

Business Associate Agreements

Pearly has countersigned Business Associate's Agreements ("BAA") with Google and VGS certifying their compliance with all relevant HIPAA requirements vis-a-vis their data transmission and storage functions.  

We, in turn, offer a Business Associate Addentum to Pearly dental practice customers.

Stockholm-icons / Shopping / Credit-cardCreated with Sketch.

Financial Information

All credit card, debit card, ACH, and other financial data is collected, stored, and processed via Stripe.  

Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.