Pearl Pearl

Security

How Pearl handles your code, prompts, credentials, and data.

What we never do

We do not train any model on your prompts, completions, or files. Scout reads your code at request time as context — that's it.

We do not share your data with advertisers, brokers, or third-party analytics. The marketing site and the dashboard do not load third-party trackers.

We do not store your provider API keys in plaintext beyond the OS keychain handoff.

We do not ship unsigned binaries. Every release is code-signed.

Authentication

Sign-in is delegated to auth.pearlfibers.com over OAuth2 with PKCE. Pearl never sees your password.

Access tokens are RS256-signed JWTs verified against the auth JWKS endpoint. Refresh tokens rotate on use and are family-tracked — a reuse of a previously-rotated token revokes the entire chain.

For SSH or headless environments, Pearl supports the Device Authorization Grant (RFC 8628). For team plans, SAML SSO is available; SCIM provisioning is included on Enterprise.

Where your data lives

Pearl runs on infrastructure owned and operated by PearlFibers. Database, application servers, and audit logs all live in our primary region. Backups are encrypted at the storage layer and kept in the same region.

We do not currently mirror customer data to providers outside our control. Subprocessors that process AI prompts are listed in the DPA.

Encryption

In transit: TLS 1.2+ on every endpoint — ide.pearlfibers.com, auth.pearlfibers.com, and the AI gateway.

At rest: database volumes are encrypted at the storage layer. User-supplied provider keys (BYO) are individually encrypted with libsodium's crypto_secretbox; the master key lives outside the database in a 0400-mode file owned by the gateway service account.

Auth tokens stored on the desktop client are persisted in the OS keychain (Windows Credential Manager on Windows). The IDE never writes them to a config file in the repo.

AI gateway controls

Zero-retention privacy mode is available on every paid plan and default-on for Enterprise. With it enabled, Pearl skips local request-body persistence and sends the provider opt-out headers that instruct them not to retain the request for training.

Per-key rate limits cap usage at the gateway. Workspace admins can set a monthly spend cap; the gateway returns 402 once spend exceeds the cap until the cap is raised or the month rolls over.

Provider failover is built in — if one upstream provider degrades, Scout can fall back to a configured alternate for the same model class.

Audit logging

Every state change on the gateway is recorded in an append-only audit log: access decisions, key creation and revocation, rate-limit overrides, spend-cap changes, and cap-triggered rejections. Audit log is filterable by user for Business; full unfiltered access on Enterprise.

Audit log retention is indefinite for compliance. Diagnostic logs (server-side error logs) are retained for up to 30 days.

Retention

Conversation history is kept for the lifetime of your account; you can delete sessions from the dashboard. Deletion cascades through backups within 30 days.

Per-request usage events are retained for 90 days for the dashboard, then summarized into daily rollups and pruned.

Daily usage rollups are kept indefinitely as a billing record.

Releases & binaries

PearlSetup.exe, Pearl.exe, and every bundled native binary are code-signed. Updates flow through our own update channel — Stable, Preview, and Next — with manifest signing and rollback support.

The pearl:// protocol handler is OS-registered on install for web → desktop auth handoff and deep links.

Vulnerability reporting

Found a security issue? Email security@pearlfibers.com with reproduction steps. We acknowledge within one business day and aim to fix critical issues within seven days.

Please don't publicly disclose until we've had a chance to ship the fix. We credit reporters in the changelog when they want it.

Compliance posture

For regulated workloads or formal compliance reviews, contact security@pearlfibers.com. We share more detail under NDA and can sign a DPA before procurement.

Last updated: 2026-05-08. Questions? Email legal@pearlfibers.com.