While building Hyperion we’ve taken a “security-first” mindset, restricting access by default. Here’s how it works.
In the App
- Volunteers are not able to view past surveys.
- Surveys are only stored on the phone until they are successfully submitted (at which point they’re deleted from the phone).
- A volunteer has no ability to read, update, or delete surveys once they are submitted.
In the Admin Portal
- Survey data is only accessible by one user - the user who created the PIT Count in the admin portal.
Submitted surveys are stored in Google Cloud, which Google uses internally to secure and store your emails in Gmail and your files in Google Drive and Google Docs.
Google has a robust security strategy including:
- Advanced physical security including biometric identification, cameras, and laser-based intrusion detection systems.
- Using cryptographic signatures to verify the integrity of the low-level software like the BIOS, kernel, and base operating system.
- Using cryptographic authentication and authorization at the application layer for inter-service communication.
- Multi-tier, multi-layer DoS protections.
- Encryption at Rest.
- We use automated tests to verify that data access rules allow and restrict access as appropriate.
- All PIT Count submissions are stored under the organization that conducted that PIT Count, so only the administrator of that organization can access that data.
- All survey submissions are Secure Sockets Layer (SSL) encrypted.
If you have any questions about the security around Hyperion, please contact me at email@example.com. I’d be happy to talk to you.