Estimated reading time 10 minutes
Security Program Overview
Hyper Anna is committed to the security of your data. As part of this commitment, we use a variety of industry-standard security technologies and procedures to help protect your information from unauthorised access, use, or disclosure.
The Hyper Anna security program is led by the Chief Technology Officer and is responsible for the following areas:
- Application Security
- Infrastructure & Network Security
- Corporate Security
- Physical Security
Hyper Anna employees are informed of their security responsibilities during on-boarding and attend regular training sessions to improve security awareness.
Hyper Anna is an artificial intelligence-powered data analyst that streamlines and accelerates the journey from raw data to actionable insights. Anna (“the Service”) will do all the tedious and technical work of writing code, analysing data through advanced analytical techniques, producing charts and, more importantly, insights.
Information We Collect
Information collected via technology: To activate the Service you do not need to submit any Personal Information other than your email address. To use the Service thereafter, you do not need to submit further Personal Information. However, in an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal information about that user and keep a record of the user’s preferences when utilising the Service, both on an individual and aggregate basis. Hyper Anna may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.
In addition to profile data, administrators-users are able to upload organisation datasets (typically time series business transaction data) that will be leveraged as part of the Hyper Anna product features such as Question and Answer and Top Insights.
How We Use and Share Information
In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about product updates and feature changes.
How We Protect Information
We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use (by closing the browser tab). We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software.
As said above, we collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes only your email, which is submitted to us by your system administrator.
Your Rights Regarding the Use of Your Personal Information
Links to Other Websites
Policy Data Centre Security and Location
Hyper Anna is hosted in Microsoft Azure in the Australia East data center. Deployment of Hyper Anna is typically classified as on-shore from a data locality perspective, ensuring that we meet our clients data sovereignty requirements.
Data Centres used by Hyper Anna are compliant to strict security standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, including Australia IRAP, UK G-Cloud and Singapore MTCS. Rigorous third-party audits, such as those done by the British Standards Institute.
Encryption of Data at Rest
Hyper Anna leverages best of breed cloud services with the option to exploit native data encryption services for the protection of client data. By default, all client data ‘at-rest’ (while it is stored on disks) is secured using (AES256) encryption.
Encryption of Data in Motion
Hyper Anna employs industry grade encryption (TLS 1.2) for all web / HTTPS traffic.
Console access to Hyper Anna services is limited to key operational staff and is protected through the use of SSH. SSH sessions are protected via identity key rather than password.
Hyper Anna enforce a strict data retention and destruction policy. Our policy is to retain records as necessary for business purposes, including maintaining the continuity and availability of records in the event of a disaster or hardware failure.
Retains records in accordance with applicable local laws.
Retains records relevant to pending or reasonably anticipated legal proceedings, consistent with the company’s legal obligations.
Retains records as necessary for tax purposes.
The Data Record Retention Policy also specifies policies related to the destruction of documents that are no longer required for business, legal, tax, or other reasons. As part of the data destruction policy, the method for proper document destruction and disposal is defined.
Customer data created by Hyper Anna as part of conducting business falls under the Hyper Anna Data Record Retention Policy and will be managed as such.
Data that a customer provides to Hyper Anna includes, but is not limited to, business intelligence metadata values and descriptions, database schemas, ETL workflows and routines, data content (in database and text files), database backups, images, user access information, and custom data manipulation code.
Data provided by the customer to Hyper Anna will be removed from the Hyper Anna environment and deleted within 30 days of termination of an agreement.
Hyper Anna is hosted using a multi-tenant Public Cloud - data segregation and a role-based access control model is used to protect client data and prevent unauthorised access. Some shared metadata (users are authenticated to the service and authorised to access specific resources via a single user directory).
Data Application Security and Training
Hyper Anna’s developers receive application security training in cutting edge initiatives, including the OWASP Top 10. Automated static code analysis has been implemented and regular third-party security assessments are performed.
Audits and Certifications
Hyper Anna perform annual network security assessments that includes:
Review of major changes to the environment such as a new system component, network topology, firewall rule, etc.
Conduct vulnerability scans.
Maintain change logs that track changes, provide information regarding the reason for the change and include an approver.
User Management & Administration
Hyper Anna user accounts can be provisioned via two primary methods
Individually via the Hyper Anna Admin Console. This can be performed by a Super Admin User (typically Hyper Anna staff) or Organisation Admin User (named client individuals).
Via batch through the Hyper Anna Delivery Team
Once an Organisation Admin Account is created the ongoing process for user access provisioning (to assign or revoke access rights) is handled by this user.
Ongoing review of the security permissions across users, groups, data sets is also the responsibility of the client Organisation Admin user.
Hyper Anna supports two primary mechanisms for user authentication
- Locally administered user accounts Users authenticate to Anna using basic authentication secured under HTTPS. JSON Web Token standard (https://tools.ietf.org/html/rfc7519) is used internally to secure the ongoing user session. User accounts and password are administered through the Hyper Anna Admin Portal. A role based access control (RBAC) model is used to provide authorised users access to individual resources (for example data sets).
Hyper Anna is using an Azure service Azure Database for MySQL servers located in Australia East (Sydney). Azure Database for MySQL servers is locally redundant. It is backed up automatically and the retention period is 7 days.
Full backups: Weekly
Differential backups: Twice Daily
Transaction log backups: Every five minutes.
If you have any questions regarding this document or the practices of the Hyper Anna website, please contact us by sending an email to email@example.com