What is Hyperquery?
How it works under the hood
Why Use Hyperquery?
Hyperquery is a data notebook for analytics and data science teams. You can use Hyperquery to iteratively execute code (SQL and Python) and visualize the results. However, unlike other technical tools (compare: Jupyter or SQL IDEs), work in Hyperquery is performed within a WYSIWYG editor, enabling enhanced flexibility as it pertains to presentation, collaboration, and organization.
How It Works
Queries
Hyperquery connects to data sources (e.g. data warehouses like Google BigQuery, Snowflake, or AWS Redshift) with customer-provided credentials, then, within Hyperquery notebooks, users can compose queries and execute against these sources using the provided credentials. We securely store the queries and the query results on our servers within our private virtual network. All data is encrypted.
Python
Hyperquery also provides support for Python execution, which we enable through self-hosted instances of Jupyter running on dedicated infrastructure. Each notebook holds state in a manner akin to a self-contained Jupyter notebook, and all data is only temporarily held in the memory of the underlying machines.
Metadata
To enable rich data warehouse/lake-native capabilities, such as autocomplete, catalog capabilities, and a persistent schema tree, we periodically collect metadata from the provided data source connection, at a cadence specified by the user. This metadata is nonsensitive, being comprised of table names, schema names, column names, column descriptions, and other similar properties of the tables available through the source connection.
Security Measures
A selection of our precautions for our customer's data protection
SOC 2 Type II Compliant
Hyperquery is AICPA SOC 2 Type 2 compliant. This confirms our strict adherence to industry-leading security controls and standards. A copy of this report can be provided upon
request.
Measures for Application Security
We keep services inaccessible by default.
Our containers are deployed within virtual private networks with no public subnets, behind a NAT gateway and load balancers — and those are the only gateways on public subnets. Only API services are connected to the load balancer and all other services are in private subnets.
We keep services private by default.
All non-auth API services handling customer data are inaccessible without bearer-token user authentication and authorization from trusted identity-providers like Google G-Suite.
We keep our keys where they belong.
Master encryption keys are managed by AWS and not accessible by any humans. Keys are never stored in version control, rotated on a routine schedule, and stored encrypted in a Key Store that is further encrypted using the Master Keyring. All developers accessing production environments are provided separate, auditable access keys.
We keep services running on the latest stable software.
All EC2 instances are running the latest
Ubuntu Server Release LTS (20.04).
We encrypt our data-at-rest.
Our RDS, DynamoDB, TimescaleDB, and other storage services are encrypted by default.
Measures for Data-in-Transit
We are HTTPS/TLS by default.
All application, API, and other service deployments communicate with other services via HTTPS to protect data-in-motion.
Our certificates are issued by an industry-standard issuing authority.
Our certificates are signed and issued by Amazon Web Service's Route53 service and its Certificate Authority.
Measures for Human Attack Surfaces
We are HTTPS/TLS by default.
All personnel at Hyperquery use the
1Password.com password manager with a strict 90-day password rotation and audit policy. All technical personnel have a 60-day rotation, 2FA-by-default, and audit policy for data-critical services like GitHub, AWS, and cloud data warehouses.
We maintain strict data access controls for technical personnel.
All technical personnel are given access to data and each data-managing tool with the least amount of data privileges necessary to accomplish a given task.
We maintain strict security and centralized access on all company-owned machines.
Development machines are pre-installed with our vendor Rippling's remote root access and fleet management tools, and can be remotely accessed or wiped at any time. All machines are full-disk encrypted and default passwords are changed. These checks are monitored 24/7 for compliance using the Vanta's agent software installed into all devices.
We keep a small circle of trust.
Only a handful of trusted personnel have authorized ECDSA-derived SSH keys.
Privacy
We respect our customers' fundamental data rights.
Privacy Policy
We have adopted a
Privacy Policy compliant with GDPR, CCPA, CalOPPA regulations, In this statement, we explicitly list how and why data is used by our marketing site and application.
Our Respect for Data Consumer Rights
Right of access
Customers have the ability to access any information from the application. If the customer requests (via
email) a copy of any or all information generated by Hyperquery, we will provide the data in a machine-readable format within a reasonable turn-around time. This will be an automated feature in the near-future.
Right to rectification
Customers have the ability to rectify any information gathered or generated by Hyperquery from the application. If a customer requests rectification (via
email) of any information for which the application does not enable revisions, we will make the appropriate revisions within a reasonable turn-around time.
Right of data portability
If a customer requests (via
email) a copy of any or all information generated by Hyperquery, we will provide the data in an industry-standard, machine-readable format within a reasonable turn-around time. This will be an automated feature in the near-future.
Right to restriction of processing
If a customer restricts processing (via
email), we will halt any in-progress or scheduled processing operations.
Right to erasure
When a customer requests erasure of a data warehouse, Hyperquery automatically deletes the data source connections, indexed data, or user-generated data, and any in-progress or scheduled processing of the source is halted.
Right to object to processing
If a customer objects to processing (via
email), we will halt any in-progress or scheduled processing operations.
Rights in relation to automated decision making and profiling
Hyperquery does not collect any data automatically to profile users for individual decision-making. Hyperquery only collects data for aggregated, anonymized usage analysis that informs product development and customer assistance efforts.
Right to be informed
Our privacy policy is available at
https://hyperquery.ai/privacy, is a condition of user registration, and are readily accessible hyperlinks on our
informational page. On updates to our Privacy Notice, we email our user base of relevant changes and if a renewed consent is required, the application will block further usage until consent is given.