Ensuring Data Security and Privacy at Snapshot: A Comprehensive Approach in the Digital Era

Written By Ana Clara Lamounier

In today's digital landscape, data security and privacy are paramount. As technology advances, so do the challenges of protecting personal information responsibly. This blog explores the evolution of data security and privacy, current challenges, and Snapshot's commitment to maintaining robust protections in this dynamic environment.

Data Security and Data Privacy

Data security and data privacy, while often used equivalently, are distinct concepts that intersect in critical ways. While data security focuses on protecting data from unauthorized access and misuse, data privacy focuses on the individual rights of data subjects. While they’re different, they meet at a crucial point: ensuring data is both safe and used appropriately.

The Evolution of Data Security and Privacy

As the internet has evolved, so have the steps taken to protect and maintain data privacy. In the beginning, the whole process was quite simple - as long as you didn’t click on junk pop up windows or downloaded a suspicious file, you were in the clear. But as technology progressed, the need for more advanced security measures increased alongside the growing complexity of cyber threats.

  • 1990s: Data collection was limited and the main concern was viruses and simple hacks. That was until the Solar Sunrise incident, where 18 and 16-year-old boys hacked into the U.S. Department of Defense’s computer systems.

  • 2000s: The Worm Era spread phishing emails all over the internet, leading to the development of firewalls, antivirus software, and basic encryption.

  • 2010s: From the Stuxnet worm, which is believed to have been used to sabotage Iran's nuclear weapons program, to the Yahoo data breaches, vulnerabilities were highlighted, prompting the introduction of regulations like GDPR and CCPA.

  • 2020s: Cyber threats are more sophisticated and expensive than ever, reaching USD 4.45 million in 2023. Companies and governments are now implementing advanced encryption, multi-factor authentication, and secure cloud services to protect their data.

Generative AI and Large Language Models

Since the early demo of ChatGPT in November 2022, the AI tool has taken over the world, with use cases ranging from fitness routines to coding. However, ChatGPT didn't emerge out of thin air—it is the result of a long-anticipated evolution of LLMs, dating all the way back into 2017.

Nowadays, ChatGPT has become a household name, inspiring tech giants like Microsoft and Google to develop their own LLMs for public use. However, the rise of generative AI and LLMs require vast amounts of data for training, raising questions about how this data is collected, stored, and used. This adds new security challenges that require continuous innovation.

  • Data Collection: Ensuring ethical and consensual data collection practices.

  • Bias and Discrimination: Addressing and mitigating biases in AI models to prevent discriminatory outcomes.

  • Model Security: Protecting AI models from adversarial attacks.

  • Consent and User Cox: transparency and obtaining proper consent for data usage.

These concerns are being debated across all social spheres, from government to the private sector, and the general public. Even though it is a relatively new subject, there have already been significant achievements like the EU AI Act released in 2023, the OECD AI Principles, and the Global Partnership on Artificial Intelligence (GPAI).

Keeping Your Data Secure at Snapshot Reviews

At Snapshot, your data is your own. We never share user data with third parties, not even for our AI model. Our AI operates purely based on logic and standard neural activities, ensuring your data remains private and unbiased.

Our data privacy policy gives you full control over your personal information. We comply with major regulatory frameworks to ensure your data is handled with the utmost care and respect:

  • Account Settings: Easily access and update your personal information.

  • Permissions: Control who can view and access your data.

  • Data Deletion: Option to permanently delete your account and all associated data.

Further strengthening our privacy measures, admins can set different permission levels on the platform. By default, admins have full access, managers can access their team members' information, and individual users can only see their own data. The platform also allows users to be marked as “Active” or “Inactive.” Active users can log in and access the platform, while inactive users can't log in but their activity is still monitored and accessible. This ensures confidential project data remains safe and only authorized users can view it.


In addition to these measures, we leverage the AWS Well-Architected Framework to ensure our infrastructure is robust, secure, and efficient. This framework provides a structured approach for evaluating and implementing best practices in cloud architecture across five key pillars: operational excellence, security, reliability, performance efficiency, and cost optimization.

We use encryption at rest for our databases, meaning that all stored data is encrypted using advanced encryption algorithms. This ensures that your data remains protected even if unauthorized access to the storage infrastructure occurs. Our encryption-at-rest strategy employs AWS Key Management Service (KMS) to manage cryptographic keys securely, adding an additional layer of protection.

For data in transit, we implement Transport Layer Security (TLS), which is a cryptographic protocol designed to provide secure communication over a network. TLS ensures that data transferred between our services and your devices is encrypted and cannot be intercepted or tampered with by malicious actors. This means that your data is safe from eavesdropping and man-in-the-middle attacks during transmission.

Furthermore, our implementation of the Well-Architected Framework includes continuous monitoring and automated security checks to identify and address potential vulnerabilities proactively. We perform regular security audits and penetration testing to ensure our defenses remain strong against emerging threats.

These practices, combined with our partnership with AWS and adherence to their stringent security standards, reinforce our commitment to maintaining the highest level of data protection. By integrating these advanced security measures, we ensure that your data is secure at all stages—whether at rest in our databases or in transit between our services and your devices.

The Bigger Picture

The evolution of data security and privacy has been driven by both technological advancements and regulatory frameworks. At Snapshot Reviews we don’t just meet these standards - we surpass them. We are committed to creating a secure and trustworthy environment for our users, leveraging the most advanced technologies to benefit not only engineering teams, but also any modern professional navigating the current technological landscape. 

As technology continues to evolve, so will our efforts to protect your data, ensuring you can use Snapshot Reviews with confidence.

Ana Clara Lamounier
Previous

Using Data for Unbiased Decision Making
Next

From Raw Data to Decisions: The Impact of AI on Engineering Performance Management