Supahands takes the security of our customers data very seriously and has made protection of the information our top priority. Supahands implements a layered approach to security in order to ensure compliance with regulatory, best practice, and customer requirements, including GDPR which goes into effect for all EU citizens on May 25, 2018.
The information provided here is meant to give an overview of our security posture and approach, not to provide details of our security policies and controls.
Data Access & Storage
Secure Data Access Platform
Supahands offers a Secure Data Access Platform, which enhances Supahands security capabilities for customers working with personally identifiable information (PII), protected health information (PHI) and those requiring other sophisticated compliance needs.
Supahands does not own, share, monetize or exploit customer data or it’s by-products for profit. Any data shared by a customer can be deleted upon request.
Strict privacy control
Our Secure Data Access Platform maintains strict privacy controls and secure data access through a variety of mechanisms. Data can be hosted onto our secure web-based annotation platform from the following locations.
Private content buckets: These buckets offer additional restrictions on content access for Supahands Job Requestors, Supahands Contributors (Secure Contributors and Open Crowd) and Internal Contributors.
Public content buckets: These buckets allow customers to store data in public buckets and maintain security through Expiring Links, IP Whitelisting, and Referral Headers.
Our annotators SupaAgents (contributors) undergo screening as well as validation of Federal/Government/State ID as part of our KYC procedure.
Non Disclosure Agreements
SupaAgents sign NDAs with Supahands and receive credentials to access the Supahands platform.
System Activity Monitoring
We constantly monitor system activity to detect and prevent platform intrusion. All configuration changes are closely monitored to ensure our systems adhere to standards. All events are logged to enable Supahands to perform forensic analysis of attacks and to identify anomalies and to alert to potential security incidents.
Multi Factor Authentication
Supahands adheres to a “least privileged” access policy, only allowing authorized staff to access data required to perform their job function. We employ multi factor authentication for all employees to gain access to our corporate systems. All access control is centralized to allow audit and monitoring. Access to all systems can be removed quickly and efficiently if an account is suspected of being compromised or is no longer required.
Vertical and horizontal slicing techniques
To ensure data confidentiality by separating a line of data up into multiple components before distribution to annotators to prevent privacy exploitation.
Is enforced so that SupaAgents and project teams can be kept exclusive.
Regular Training and Review
Of privacy and security policies by Supahands Employees and SupaAgents.
Supahands regularly performs internal and external vulnerability tests to assess necessary enhancements to the platform to address evolving security threats.
We maintain and regularly update our information security policies and ensure enforcement through both technical and operational controls. Our policies adhere to both regulatory and industry best practice standards including GDPR compliance.
Access-controlled premises or electronic database
We take steps to hold information securely in electronic or physical form. Our information security policy is supported by a variety of processes and procedures, and we store information in access-controlled premises or electronic databases requiring logins and passwords.
Access controls and confidentiality obligations
All Supahands employees, officers or contractors and third-party providers with access to confidential information are subject to access controls and confidentiality obligations, and we require our third-party data storage providers to comply with appropriate information security industry standards.
Supahands is built with acceptable levels of horizontal redundancy in it’s infrastructure to ensure continuity of service. Our content delivery network (CDN) provides further robustness through a geographically distributed network of proxy servers and data centers.
Supahands has a disaster recovery (DR) plan in place for replicating data and services in the event of a natural or human-induced regional disaster.
While we continually strive to ensure that our systems and controls are updated to reflect technological changes, it is a customer’s responsibility to ensure their usernames and passwords in relation to our online services are kept strictly confidential to them and not be made available to any other person(s) or to notify us immediately if they suspect that someone else may be using their credentials,