Enterprise Trust

Security Is Non-Negotiable

PearMedica is built security-first. Every layer of the platform — from API authentication to patient data storage — is protected by enterprise-grade security controls and strict regulatory compliance.

Regulatory Compliance

NDPA 2023 Compliant

Full compliance with the Nigeria Data Protection Act 2023, enforced at every layer.

Privacy Policy

Published & accessible

AES-256 Encryption

At rest & in transit

Consent Management

Clear opt-in flows

Data Processing Agreements

B2B template ready

Data Subject Rights

Access, deletion, export

Breach Protocol

72-hour notification

Access Logging

Immutable audit trails

Data Retention

1-year default policy

Data Protection

Encryption & API Key Security

Patient data is never stored in plain text. API keys are hashed and rotatable.

Patient Data Encryption

All patient health information (PHI) is encrypted using AES-256-GCM with per-record initialisation vectors. Data is encrypted at rest in the database and in transit via HTTPS/TLS 1.3.

Algorithm: AES-256-GCM
IV: Per-record random (16 bytes)
Auth Tag: 128-bit (tamper detection)
Key: 32-byte from ENCRYPTION_KEY env var

API Key Security

API keys are bcrypt-hashed on creation — the full key is shown once and never stored. Only a display prefix (sk_live_) is retained. Keys can be rotated, revoked, and scoped to specific API operations. Rate limiting is enforced per key (default: 100 req/min).

Clinical Safety

Incident Protocol

A 4-level severity classification with strict escalation timelines and continuous improvement.

L1

Near-Miss

AI error detected before patient harm.

Internal review within 7 days

L2

Minor Harm

Temporary discomfort, no medical intervention.

Review within 48 hours

L3

Serious Harm

Medical intervention required, no permanent damage.

Review within 24h, FMOH in 72h

L4

Death / Permanent

Immediate escalation required.

Report within 24 hours

Legal Protection

Liability & Compliance

Clear contractual terms protect both PearMedica and our customers.

Decision Support, Not Diagnosis

PearMedica provides clinical decision support only. Final clinical decisions remain with licensed healthcare providers.

B2B Contract Clauses

Standard templates include indemnification, liability limitations, data protection obligations, and SLA commitments.

Professional Indemnity Insurance

Coverage for AI-driven triage recommendations and clinical decision support — protecting both PearMedica and our customers.

Disaster Recovery

RTO <8 hours, RPO <24 hours. Daily encrypted backups with quarterly DR drills. Geo-redundant storage within Nigeria.

Questions About Security?

Our security team is available to discuss compliance requirements, data handling, and enterprise security configurations.

Contact Security TeamPrivacy Policy