Hypothesis understands the importance of protecting the security of our users’ data. In order to do this we employ a variety of development approaches and security controls based on industry best practices. For higher education customers, we have documented these in our HECVAT response. We have also completed a Cloud Security Alliance CAIQ assessment, available upon request. In addition to our internal practices, we contract with a third party that performs an annual evaluation of the security of our software and infrastructure. Please contact us for their latest report.

The methods we use to protect the security of users’ data include:

  • Following software development best practices to avoid common vulnerabilities
  • Following cloud infrastructure best practices to prevent unauthorized access to data
  • Static analysis of our code
  • Automatic vulnerability monitoring for third-party dependencies
  • Security awareness training for our staff
  • Regular security assessments of our infrastructure
  • Automated log analysis and security event alerting
  • Third-party audits for vulnerabilities in our software
  • Third-party penetration testing of our infrastructure

For more information on how we handle user data, see: