Tech & Integration

Tech & Integration

SmartHamster is a web-based application that displays, in both Android and iOS apps, content created by a company to its employees (i.e. the info in the cloud). With encrypted login and state-of-the-art code and EU-based servers, SmartHamster delivers high security, performance and usability to its customers.

Key features

Company administrators: create content, set permissions based on groups and users, upload files such as payroll reports or other documents, upload images, create news articles, write messages, create posts.

Front End Application

The front end application is built using Angular JS and the Ionic framework for native application conversion. We use the latest versions and keep them updated. We use PWA - Progressive Web App (which can be saved/downloaded to your phone and thus cached), Android (Play Store) and iOS (Apple App Store). The application has been approved in both stores.

Admin application

The admin application uses PHP Laravel (8.x) which is a powerful open source MVC framework.

Development process

We develop according to Kanban and Agile with a clear Backlog of prioritized items. We test in localhost and staging both manually and automated before releasing to production and building to app stores.

Bugs and changes are handled in a process where they are flagged as bugs and depending on the scope, qualified and fixed as soon as possible. 

Cookies and tracking

Currently we do not track anything in the application, but we plan to introduce statistics. Cookies are used for some parts of the login process.

Security

mySQL database: only administrators have permission to write to the databases. Local information on localhosts is obfuscated. No passwords can be read at any time (hashed).

We use encryption services that provide a simple and convenient interface to encrypt and decrypt text via OpenSSL with AES-256 and AES-128 encryption. All encrypted values are signed using a message authentication code (MAC) so that their underlying value cannot be changed or manipulated once encrypted.

Login: we use the Swedish Bank ID. Their technical infrastructure and its operation and maintenance are certified according to ISO27001:2013. They work with a risk-based management system according to ISO 27001:2013,COBIT and other standards/best practices for electronic identification, such as EIDAS and SEL. (https://www.bankid.com/en/foretag/saekerhet) 

Certificates: we use SHA-256 ECDSA SSL certificates (https).

Data: we comply with GDPR.

External scripts: we use Jotforms (256 bit SSL). (Server from a location in the EU) .

Passwords to Jotforms are kept secure.

https://www.jotform.com/security/ 

Server location

Our servers are located in Frankfurt and Amsterdam (EU) and hosted by DigitalOcean. More information on https://www.digitalocean.com/legal/ 

Backups

We make incremental backups and save data for up to 7 days.

Tech & Integration