LAST UPDATED: February 4, 2023
At HyThere Corp., creator of DemoHop, we are committed to protecting the confidentiality, integrity and availability of our information systems and our customer data. We are constantly improving our security controls and analyzing their effectiveness to give you confidence in the security of your confidential data.
Here we provide an overview of some of the security controls in place to protect your data.
Please contact your DemoHop account representative for further inquiries.
Cloud Security
DemoHop utilizes various services and infrastructure from Google Cloud for cloud hosting. Our provider services are certified as ISO 27001, PCI DSS Service Provider Level 1, SOC 1 and/or 2, and more compliant. Learn more about Google Cloud compliance offerings. Google Cloud implements multiple physical security layers including biometric identification, metal detection, cameras, vehicle barriers, and laser-based intrusion detection systems. Learn more about Google Cloud security of physical premises and Google Cloud data center security.
Encryption
Google Cloud infrastructure that DemoHop utilizes encrypt all data at rest and in transit. Learn more about Google Cloud encryption at rest and Google Cloud encryption in transit.
Authentication and Authorization
Authentication and authorization on DemoHop is controlled by a Google Cloud customer identity and access management (CIAM) platform. DemoHop users sign in via either an email link or a single sign-on method (OIDC/SAML) if optionally upgraded. If the sign in attempt is successful, signed and encrypted tokens are issued and required on every request. Access tokens are short lived and are refreshed automatically on expiration. When a user signs out all tokens are revoked and are no longer usable. In addition, authorized HyThere personnel have the ability to manually lock out individual users if suspicious activity is observed. Each user has a set of authorizations that limit what actions they’re allowed to perform.
Availability and Continuity
DemoHop is deployed on Google Cloud infrastructure. Services are configured to scale dynamically in response to incoming load. Simulated load tests and API response time tests are incorporated into our release and testing cycle. Production data storage is highly available with automated backups and point-in-time recovery enabled to ensure minimal downtime and data loss. In the event of a region or zone outage, HyThere has the ability to easily deploy to a new location.
Environment Segregation
Testing, staging, and production environments are logically separated from one another. Customer data is never used in any non-production environment.
Row-Level Security (RLS)
DemoHop databases enforce row-level security (RLS) at the database level where appropriate. Database queries require valid RLS parameter values to be included or they will fail. This practice introduces logical segregation of tenant data and significantly reduces the impact a bad actor can make, drastically improving customer data confidentiality.
Video Calls
DemoHop utilizes a service called Daily for video calls. Daily is a globally-scaled and HIPAA, GDPR, SOC 2, and more compliant WebRTC video and audio service. DemoHop does not store any video call data, other than the internal user ID’s that are actively in a call or call queue and timestamps indicating when an internal user ID joins and/or leaves a call or call queue. Daily never stores any video, audio, or screen-sharing data from any call other than through call recording APIs. By default, DemoHop does not allow call recording but may be enabled by customer request. Daily does not log or store any video call chat messages. Learn more about security at Daily.
Third Party Security
HyThere understands the risks associated with improper vendor management. We evaluate and perform due diligence on all of our vendors prior to engagement to ensure their security is to a suitable standard. If they do not meet our requirements, we do not move forward with them. Selected vendors are then monitored and reassessed on an ongoing basis, taking into account relevant changes.
Logging and Monitoring
Application and infrastructure systems log information for troubleshooting, security reviews, and analysis by authorized HyThere personnel.
Personnel
HyThere conducts background checks at the time of hire where permitted by law. All HyThere personnel are required to sign Non-Disclosure and Confidentiality agreements.
Access Control
Access is granted on a principle of least privilege. Access is revoked immediately upon termination.
Development
Our development team employs secure coding techniques and best practices and closely follows industry standard security awareness documentation including Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST), and more.
Policies and Procedures
HyThere maintains a comprehensive set of security policies and procedures. HyThere leadership personnel review these on a monthly cadence to ensure complete coverage and accuracy is maintained.