Hyperquery is a data notebook for analytics and data science teams. You can use Hyperquery to iteratively execute code (SQL and Python) and visualize the results. However, unlike other technical tools (compare: Jupyter or SQL IDEs), work in Hyperquery is performed within a WYSIWYG editor, enabling enhanced flexibility as it pertains to presentation, collaboration, and organization.

Hyperquery connects to data sources (e.g. data warehouses like Google BigQuery, Snowflake, or AWS Redshift) with customer-provided credentials, then, within Hyperquery notebooks, users can compose queries and execute against these sources using the provided credentials. We securely store the queries and the query results on our servers within our private virtual network. All data is encrypted.

Hyperquery also provides support for Python execution, which we enable through self-hosted instances of Jupyter running on dedicated infrastructure. Each notebook holds state in a manner akin to a self-contained Jupyter notebook, and all data is only temporarily held in the memory of the underlying machines.

To enable rich data warehouse/lake-native capabilities, such as autocomplete, catalog capabilities, and a persistent schema tree, we periodically collect metadata from the provided data source connection, at a cadence specified by the user. This metadata is nonsensitive, being comprised of table names, schema names, column names, column descriptions, and other similar properties of the tables available through the source connection.

Hyperquery is AICPA SOC 2 Type 2 compliant. This confirms our strict adherence to industry-leading security controls and standards. A copy of this report can be provided upon request.

Our containers are deployed within virtual private networks with no public subnets, behind a NAT gateway and load balancers — and those are the only gateways on public subnets. Only API services are connected to the load balancer and all other services are in private subnets.

All non-auth API services handling customer data are inaccessible without bearer-token user authentication and authorization from trusted identity-providers like Google G-Suite.

Master encryption keys are managed by AWS and not accessible by any humans. Keys are never stored in version control, rotated on a routine schedule, and stored encrypted in a Key Store that is further encrypted using the Master Keyring. All developers accessing production environments are provided separate, auditable access keys.

All EC2 instances are running the latest Ubuntu Server Release LTS (20.04).

Our RDS, DynamoDB, TimescaleDB, and other storage services are encrypted by default.

All application, API, and other service deployments communicate with other services via HTTPS to protect data-in-motion.

Our certificates are signed and issued by Amazon Web Service's Route53 service and its Certificate Authority.

All personnel at Hyperquery use the 1Password.com password manager with a strict 90-day password rotation and audit policy. All technical personnel have a 60-day rotation, 2FA-by-default, and audit policy for data-critical services like GitHub, AWS, and cloud data warehouses.

All technical personnel are given access to data and each data-managing tool with the least amount of data privileges necessary to accomplish a given task.

Development machines are pre-installed with our vendor Rippling's remote root access and fleet management tools, and can be remotely accessed or wiped at any time. All machines are full-disk encrypted and default passwords are changed. These checks are monitored 24/7 for compliance using the Vanta's agent software installed into all devices.

Only a handful of trusted personnel have authorized ECDSA-derived SSH keys.

We have adopted a Privacy Policy compliant with GDPR, CCPA, CalOPPA regulations, In this statement, we explicitly list how and why data is used by our marketing site and application.

Customers have the ability to access any information from the application. If the customer requests (via email) a copy of any or all information generated by Hyperquery, we will provide the data in a machine-readable format within a reasonable turn-around time. This will be an automated feature in the near-future.

Customers have the ability to rectify any information gathered or generated by Hyperquery from the application. If a customer requests rectification (via email) of any information for which the application does not enable revisions, we will make the appropriate revisions within a reasonable turn-around time.

If a customer requests (via email) a copy of any or all information generated by Hyperquery, we will provide the data in an industry-standard, machine-readable format within a reasonable turn-around time. This will be an automated feature in the near-future.

If a customer restricts processing (via email), we will halt any in-progress or scheduled processing operations.

When a customer requests erasure of a data warehouse, Hyperquery automatically deletes the data source connections, indexed data, or user-generated data, and any in-progress or scheduled processing of the source is halted.

If a customer objects to processing (via email), we will halt any in-progress or scheduled processing operations.

Hyperquery does not collect any data automatically to profile users for individual decision-making. Hyperquery only collects data for aggregated, anonymized usage analysis that informs product development and customer assistance efforts.

Our privacy policy is available at https://hyperquery.ai/privacy, is a condition of user registration, and are readily accessible hyperlinks on our informational page. On updates to our Privacy Notice, we email our user base of relevant changes and if a renewed consent is required, the application will block further usage until consent is given.