HIPAA & PCI compliant software platform.
At Pearly, practice and patient trust is our #1 priority.
We take a rigorous approach to security to ensure HIPAA-compliant handling of protected health information (PHI) and PCI-compliant handling of financial card data. Pearly has legally-binding Business Associate's Agreements (BAAs) with all third-party service providers handling PHI.
Patient identity data (name, email, password) are managed and stored in the Google Identity Platform.
Google's Identity Platform implements industry-leading encryption (SHA-2) and authentication (OAuth 2.0) standards.
Patient information is stored on Google Cloud Platform, specifically Firestore and Cloud Storage.
The above Google services employ AES-256 encryption at rest and have completed ISO 27001, ISO 27017, ISO 27018, SOC 1, 2, and 3 certification.
Pearly has countersigned Business Associate's Agreements ("BAA") with Google and VGS certifying their compliance with all relevant HIPAA requirements vis-a-vis their data transmission and storage functions.
We, in turn, offer a Business Associate Addentum to Pearly dental practice customers.
All credit card, debit card, ACH, and other financial data is collected, stored, and processed via Stripe.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.