Hi all! This are the most frequent questions I’m asked about how do we keep employee anonymity from a technical perspective. Please don’t hesitate to contact me using the chat if you have further doubts.
1. Where does Happyforce saves the login data of the users?
All data is stored on our database, a MongoDB running on AWS Ireland with encryption at rest enabled
2. What kind of information is stored?
We have two type of users: employees and managers. The first ones can access to the app for voting and posting comments. The managers can access the Happyforce dashboard to manage the account, create questions or analyze data. We store the email and to which company they belong to. Also, in the case of managers, we store the access password (encrypted ). For the employees we store session information (also encrypted), which internally allows us to identify them in order to allow or deny participation on Happyforce and assign their votes or comments to the proper department or segment in Happyforce.
3. Are the user account connected to the comments?
No. For the comments we store an encrypted internal user id and the department or segment the comment was directed to. We never attach any employee personal information to comments.
4. Can we trace back who wrote a comment?
No. Our clients cannot know who wrote a comment. This is only possible for us (Happyforce) and it isn’t an easy task. When a comment is posted, we store with it the userId encrypted (which is calculated in realtime using a private key). We store that id for some some features like "show me other comments from the same user", but it can't never be traced down to the employee that wrote it. Internally, we can calculate the encrypted userId and the look for their comments, but a private key is needed for perform this operation. We keep this also because that way we can perform analytics like churn prediction (based on NLP and which votes the employee performed), but this is never exposed, and the master key is only accesible by Happyforce’s CTO.
5. What other events do you track from the users?
We only track events to have analytics of usage and to deliver push notifications. That is: device has (no id, since is not allowed), navigation events (did he/she pressed that button or opened that screen) and some information about the company (id), in order to be able to analyze the data or route the notifications. For analytics we rely on Mixpanel and for push notifications on OneSignal.
6. If we ask questions like "How do you like the HR department", and there are only 2 male peers, how is anonymity ensured?
Happyforce checks the number of persons that matches a segment (in this case 2 male participants), and if it's below a number (by default 5, we adjust it automatically depending on the size of the company), the Happyforce backend server never returns the information to the clients