Data privacy at Humu: Building systems for trust to make work better

At Humu, we’re on a mission to make work better for everyone, everywhere—with science, machine learning, and a little bit of love. As builders of technology, that means creating systems that can address the needs of workplaces as varied as oil rigs to trading floors. As a business, it means investing in scale from the beginning to have maximum impact.

To help our partners make work better—by identifying, then driving behavioral change that leads to happier, more productive workplaces—we are entrusted with sensitive data. Information like who does what job within a company, who manages who, and more. And to ensure we’re doing everything we can to protect this data, at Humu we’re building systems from the ground up with privacy and security in mind.

Humu’s investment in both privacy and security is a part of our commitment to keeping a little bit of love in everything we do. That love and care of the data we’re trusted with is, we believe, a critical part of our mission. The companies we partner with—and their employees—need to know that their data is secure in our hands.

To prove this commitment, Humu is now an ISO 27001:2013 and SOC 2 Type 1 certified provider, recognizing that our security policies, procedures, and controls have received third-party accreditation from the International Standards Organization and American Institute of Certified Public Accountants.

These internationally recognized standards ensure the confidentiality, integrity, and availability of every Humu partner’s data. And further, they demonstrate that Humu’s security program is well-established, including all policies and procedures around risk assessments, employee behavior, physical and logical protections, and business continuity.

While these certifications focus on security, privacy continues to be one of the central drivers of our work at Humu. That’s why we built with the GDPR in mind from day one, with core functionality to enable transparency, control, and data portability.

Trust means that every piece of information we receive—in particular, employee opinions—is treated with care. Personal opinions are shared only as aggregated analyses, with lots of technical privacy work to ensure nobody can find out what any one person said. On the occasions when our partner companies request access to employee sentiment on a person-by-person basis, we tell employees that—before we ask their opinions.

These days, it can be quick and easy to build new technology. In Silicon Valley we see it all the time. But you can build the fast way or you can build the right way. At Humu, we’ve placed our bets on building for privacy and security from day one—for the benefit of our partners, and for their employees around the world.

Because you can’t make work better without the trust of employees everywhere. Trust that we’re on their side, that we respect their privacy and their preferences, and that we really are all in it together.

Because we’re only able to make work better if we know what’s really going on within our partner companies. And we can’t know what’s really going on without trust. Trust that every piece of information employers and employees share with Humu is being handled fairly, discreetly, and—yes—with a little bit of love.

If you’d like to learn more about security and privacy at Humu, please contact us at and

Bryan Zimmer is Head of Security at Humu.

Continue reading