Data Protection

In accordance with GDPR data protection protocol, all data transacted to and from users operating in the both European Union (EU) and United Kingdom (UK) are transacted by Pearl EU and stored in Amazon Web Services (AWS) data centers located in Dublin, Ireland. This data infrastructure and GDPR certification, in conjunction with our MDR certification, ensures the most validated and secure clinical AI experience available in Europe.

Supplemental to server location-derived GDPR compliance, Pearl is also a certified member of the following international data privacy bodies:

• EU-US Data Privacy Framework
• Swiss-US Data Privacy Network
• UK Extension of the E.U.-U.S. Privacy Network

‍Our membership in these bodies serves as a failsafe, ensuring GDPR compliant data protection for Pearl users and their patients in the unlikely event that data originating in the UK or EU is somehow transacted through Pearl’s US data centers.. Our official certifications, maintained by the U.S. Department of Commerce, may be accessed at: https://www.dataprivacyframework.gov/

To further protect our users and their patients, Pearl employs robust data security standards aimed to prevent unauthorized access to software systems and user data, including but not limited to patient imagery, meta data, personal information and practice management data:

• Cryptography
  AES-256 keys with 1-year certificate duration and regular rotation intervals
• Logging
  HIPAA compliant logging of all data access in and out of all Pearl systems
• Static Code Analysis and Security Vulnerability Scanning
  SonarQube scanning ensures code quality and rapid security vulnerability detection.
• Encryption at Rest and in Transit
  End-to-End TLS 1.2 Encryption using AES-256