Hyper Anna Security Requirements

Detailed overview and summary of Hyper Anna data security policies and procedures.

Estimated reading time 10 minutes

Security Program Overview

Hyper Anna is committed to the security of your data. As part of this commitment, we use a variety of industry-standard security technologies and procedures to help protect your information from unauthorised access, use, or disclosure.

The Hyper Anna security program is led by the Chief Technology Officer and is responsible for the following areas:

  • Application Security
  • Infrastructure & Network Security
  • Compliance
  • Privacy
  • Corporate Security
  • Physical Security

Hyper Anna employees are informed of their security responsibilities during on-boarding and attend regular training sessions to improve security awareness.

Product Overview

Hyper Anna is an artificial intelligence-powered data analyst that streamlines and accelerates the journey from raw data to actionable insights. Anna (“the Service”) will do all the tedious and technical work of writing code, analysing data through advanced analytical techniques, producing charts and, more importantly, insights.

Data Processed

Information We Collect

  1. Information collected via technology: To activate the Service you do not need to submit any Personal Information other than your email address. To use the Service thereafter, you do not need to submit further Personal Information. However, in an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal information about that user and keep a record of the user’s preferences when utilising the Service, both on an individual and aggregate basis. Hyper Anna may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.

  2. Information you provide us: By registering for an account, in addition to the information provided automatically by your browser when you visit www.hyperanna.com (“the Site”), to become a subscriber to the Service you will need to create a personal profile (through your system administrator). You can create a profile by registering with the Service and entering your email address, password, job role etc. By registering, you are authorizing us to collect, store and use your email address in accordance with this Privacy Policy.

    In addition to profile data, administrators-users are able to upload organisation datasets (typically time series business transaction data) that will be leveraged as part of the Hyper Anna product features such as Question and Answer and Top Insights.

How We Use and Share Information

  • Personal Information: Except as otherwise stated in this document, we do not sell, trade, rent or otherwise share for marketing purposes your Persona lnformation with third parties without your consent. We do share Personal Information with vendors who are performing services for the Company, such as the servers for our email communications who are provided access to user’s email address for purposes of sending emails from us. Those vendors use your Personal Information only at our direction and in accordance with our Privacy Policy.

    In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about product updates and feature changes.

  • Non-Personal Information: In general, we use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion.

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. If you are concerned about how your information is used, we suggest you reach out to us periodically for updates.

How We Protect Information

We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use (by closing the browser tab). We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software.

Privacy Policy

Hyper Anna is committed to maintaining robust privacy protections for its users. Our Privacy Policy is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.

As said above, we collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes only your email, which is submitted to us by your system administrator.

Your Rights Regarding the Use of Your Personal Information

You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional email. Please note that notwithstanding the promotional preferences you indicate by unsubscribing, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy.

As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. Therefore, this Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.

Changes to Our Privacy Policy

Hyper Anna reserves the right to change this policy and our Terms of Service at any time. We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates.

Policy Data Centre Security and Location

Hyper Anna is hosted in Microsoft Azure in the Australia East data center. Deployment of Hyper Anna is typically classified as on-shore from a data locality perspective, ensuring that we meet our clients data sovereignty requirements.

Data Centres used by Hyper Anna are compliant to strict security standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, including Australia IRAP, UK G-Cloud and Singapore MTCS. Rigorous third-party audits, such as those done by the British Standards Institute.

Technical Features

Encryption of Data at Rest

Hyper Anna leverages best of breed cloud services with the option to exploit native data encryption services for the protection of client data. By default, all client data ‘at-rest’ (while it is stored on disks) is secured using (AES256) encryption.

Encryption of Data in Motion

Hyper Anna employs industry grade encryption (TLS 1.2) for all web / HTTPS traffic.

Console access to Hyper Anna services is limited to key operational staff and is protected through the use of SSH. SSH sessions are protected via identity key rather than password.

Data Retention

Hyper Anna enforce a strict data retention and destruction policy. Our policy is to retain records as necessary for business purposes, including maintaining the continuity and availability of records in the event of a disaster or hardware failure.

  • Retains records in accordance with applicable local laws.

  • Retains records relevant to pending or reasonably anticipated legal proceedings, consistent with the company’s legal obligations.

  • Retains records as necessary for tax purposes.

  • The Data Record Retention Policy also specifies policies related to the destruction of documents that are no longer required for business, legal, tax, or other reasons. As part of the data destruction policy, the method for proper document destruction and disposal is defined.

Customer data created by Hyper Anna as part of conducting business falls under the Hyper Anna Data Record Retention Policy and will be managed as such.

Data that a customer provides to Hyper Anna includes, but is not limited to, business intelligence metadata values and descriptions, database schemas, ETL workflows and routines, data content (in database and text files), database backups, images, user access information, and custom data manipulation code.

Data Purging

Data provided by the customer to Hyper Anna will be removed from the Hyper Anna environment and deleted within 30 days of termination of an agreement.

Data Segregation

Hyper Anna is hosted using a multi-tenant Public Cloud - data segregation and a role-based access control model is used to protect client data and prevent unauthorised access. Some shared metadata (users are authenticated to the service and authorised to access specific resources via a single user directory).

Data Application Security and Training

Hyper Anna’s developers receive application security training in cutting edge initiatives, including the OWASP Top 10. Automated static code analysis has been implemented and regular third-party security assessments are performed.

Security Policies

Audits and Certifications

Hyper Anna perform annual network security assessments that includes:

  • Review of major changes to the environment such as a new system component, network topology, firewall rule, etc.

  • Conduct vulnerability scans.

  • Maintain change logs that track changes, provide information regarding the reason for the change and include an approver.

User Management & Administration

User Provisioning

Hyper Anna user accounts can be provisioned via two primary methods

  • Individually via the Hyper Anna Admin Console. This can be performed by a Super Admin User (typically Hyper Anna staff) or Organisation Admin User (named client individuals).

  • Via batch through the Hyper Anna Delivery Team

Once an Organisation Admin Account is created the ongoing process for user access provisioning (to assign or revoke access rights) is handled by this user.

Ongoing review of the security permissions across users, groups, data sets is also the responsibility of the client Organisation Admin user.

User Authentication

Hyper Anna supports two primary mechanisms for user authentication

  • Locally administered user accounts Users authenticate to Anna using basic authentication secured under HTTPS. JSON Web Token standard (https://tools.ietf.org/html/rfc7519) is used internally to secure the ongoing user session. User accounts and password are administered through the Hyper Anna Admin Portal. A role based access control (RBAC) model is used to provide authorised users access to individual resources (for example data sets).

Disaster Recovery

Hyper Anna is using an Azure service Azure Database for MySQL servers located in Australia East (Sydney). Azure Database for MySQL servers is locally redundant. It is backed up automatically and the retention period is 7 days.

Backup Frequency

Full backups: Weekly

Differential backups: Twice Daily

Transaction log backups: Every five minutes.

Contact Us

If you have any questions regarding this document or the practices of the Hyper Anna website, please contact us by sending an email to hello@hyperanna.com

Edit me