Audit-ready by design. Built for healthcare from day one.

Pearl operates an audit-ready security program mapped to HIPAA safeguards and SOC 2 controls. End-to-end encryption on every interaction, BAA available where applicable, and a full diligence package available under NDA.

Audit-ready · Mapped to HIPAA + SOC 2 · BAA available

Audit-ready security program

Mapped to HIPAA safeguards and SOC 2 controls, with end-to-end encryption on every interaction and BAA available where applicable.

Fully encrypted

All data is encrypted end-to-end, at rest and in transit. Patient conversations are protected at every stage.

Secure infrastructure

Enterprise-grade infrastructure with strict access controls and continuous monitoring to protect patient data.

Built for healthcare

Unlike generic AI tools, Pearl was designed from day one for the regulatory requirements of dental practices.

Controls

How we protect your practice.

01

Encryption

All patient data is encrypted in transit and at rest. Every interaction is protected at every stage.

02

Access control

Role-based access ensures only authorized personnel can view patient data. Every access is logged and auditable.

03

Logging

Application, infrastructure, and access events are centrally logged with retention aligned to audit requirements.

04

Backups

Encrypted, redundant backups with tested restore procedures. Recovery objectives documented in our security overview.

05

Incident response

Documented incident response plan with on-call escalation, customer notification commitments, and post-incident review.

06

Vendor review

Subprocessors and infrastructure vendors are reviewed before onboarding and on a recurring cadence. Subprocessors list available under NDA.

07

Employee training

All Pearl team members complete HIPAA and security awareness training. Security is a company-wide responsibility.

08

Audit posture

Audit-ready security program, with controls actively mapped to HIPAA safeguards and SOC 2. Diligence package available under NDA.

Diligence package

Documents available under NDA.

Your security team can request the full diligence package. We share under a mutual NDA and turn around within two business days.

Request diligence package
  • 01Security overview
  • 02Policies
  • 03Risk assessment summary
  • 04Architecture overview
  • 05BAA
  • 06Subprocessors list

Privacy commitment

Our promises to your practice.

  1. 01Pearl is designed to support HIPAA-regulated workflows; BAA available where applicable.
  2. 02Data is fully encrypted end-to-end, at rest and in transit.
  3. 03Patient conversations are not used to train AI models.
  4. 04We will never sell patient data to third parties.
  5. 05You retain full ownership of your practice and patient data.