HomeAboutBlogCareersPricingDocsBlogTwitter
Sign up
Hyperquery.ai - Security
At Hyperquery, data and trust are at the heart of what we do. We take the utmost care in implementing battle-tested measures to protect the security and privacy of our customers and their data.

Please contact us if you have any further questions.
What is Hyperquery?
How it works under the hood
Why Use Hyperquery?
Hyperquery is a collaborative doc workspace for data analysts. It brings queries, docs, and metadata to a single workspace. You can use Hyperquery as an SQL notebook, for data notes and docs, as a data wiki, as an automated data catalog, for tasks & lists, and for project management. Hyperquery is the missing productivity layer to your data stack.
How It Works (in a nutshell)
Metadata
Hyperquery connects to accessible data sources (e.g. data warehouses like BigQuery) with customer-provided credentials. Once connected, Hyperquery's services index non-row-level, non-sensitive metadataonly (table name, description, column names, column descriptions, etc.) for consumption by the Hyperquery application.
Queries
Hyperquery's main workspace is a document and query-editor hybrid. It connects to data sources (data warehouses) and executes queries against them. We securely store query results and the queries themselves on our servers within our private virtual network. All data is encrypted.
Security Measures
A selection of our precautions for our customer's data protection
SOC 2 Type II Compliant
Hyperquery is AICPA SOC 2 Type 2 compliant. This confirms our strict adherence to industry-leading security controls and standards. A copy of this report can be provided upon request.
Measures for Application Security
We keep services inaccessible by default.
Our containers are deployed within virtual private networks with no public subnets, behind a NAT gateway and load balancers — and those are the only gateways on public subnets. Only API services are connected to the load balancer and all other services are in private subnets.
We keep services private by default.
All non-auth API services handling customer data are inaccessible without bearer-token user authentication and authorization from trusted identity-providers like Google G-Suite.
We keep our keys where they belong.
Master encryption keys are managed by AWS and not accessible by any humans. Keys are never stored in version control, rotated on a routine schedule, and stored encrypted in a Key Store that is further encrypted using the Master Keyring. All developers accessing production environments are provided separate, auditable access keys.
We keep services running on the latest stable software.
All EC2 instances are running the latest Ubuntu Server Release LTS (20.04).
We encrypt our data-at-rest.
Our RDS, DynamoDB, TimescaleDB, and other storage services are encrypted by default.
Measures for Data-in-Transit
We are HTTPS/TLS by default.
All application, API, and other service deployments communicate with other services via HTTPS to protect data-in-motion.
Our certificates are issued by an industry-standard issuing authority.
Our certificates are signed and issued by Amazon Web Service's Route53 service and its Certificate Authority.
Measures for Human Attack Surfaces
We are HTTPS/TLS by default.
All personnel at Dataframe use the 1Password.com password manager with a strict 90-day password rotation and audit policy. All technical personnel have a 60-day rotation, 2FA-by-default, and audit policy for data-critical services like GitHub, AWS, and cloud data warehouses.
We maintain strict data access controls for technical personnel.
All technical personnel are given access to data and each data-managing tool with the least amount of data privileges necessary to accomplish a given task.
We maintain strict security and centralized access on all company-owned machines.
Development machines are pre-installed with our vendor Rippling's remote root access and fleet management tools, and can be remotely accessed or wiped at any time. All machines are full-disk encrypted and default passwords are changed. These checks are monitored 24/7 for compliance using the Vanta's agent software installed into all devices.
We keep a small circle of trust.
Only a handful of trusted personnel have authorized ECDSA-derived SSH keys.
Privacy
We respect our customers' fundamental data rights.
Privacy Policy
We have adopted a Privacy Policy compliant with GDPR, CCPA, CalOPPA regulations, In this statement, we explicitly list how and why data is used by our marketing site and application.
Our Respect for Data Consumer Rights
Right of access
Customers have the ability to access any information from the application. If the customer requests (via email) a copy of any or all information generated by Dataframe, we will provide the data in a machine-readable format within a reasonable turn-around time. This will be an automated feature in the near-future.
Right to rectification
Customers have the ability to rectify any information gathered or generated by Dataframe from the application. If a customer requests rectification (via email) of any information for which the application does not enable revisions, we will make the appropriate revisions within a reasonable turn-around time.
Right of data portability
If a customer requests (via email) a copy of any or all information generated by Dataframe, we will provide the data in an industry-standard, machine-readable format within a reasonable turn-around time. This will be an automated feature in the near-future.
Right to restriction of processing
If a customer restricts processing (via email), we will halt any in-progress or scheduled processing operations.
Right to erasure
When a customer requests erasure of a data warehouse, Dataframe automatically deletes the data source connections, indexed data, or user-generated data, and any in-progress or scheduled processing of the source is halted.
Right to object to processing
If a customer objects to processing (via email), we will halt any in-progress or scheduled processing operations.
Rights in relation to automated decision making and profiling
Dataframe does not collect any data automatically to profile users for individual decision-making. Dataframe only collects data for aggregated, anonymized usage analysis that informs product development and customer assistance efforts.
Right to be informed
Our privacy policy is available at https://hyperquery.ai/privacy, is a condition of user registration, and are readily accessible hyperlinks on our informational page. On updates to our Privacy Notice, we email our user base of relevant changes and if a renewed consent is required, the application will block further usage until consent is given.
Questions or Concerns?
Contact: kevin@hyperquery.ai (CTO)
Thank you!