Data Privacy and Security

Privacy and Security This section describes privacy and security measures used to protect your data. To learn how we safeguard your personal information, see our Terms of Service.

Paper shredder

Privacy

Captricity is designed for the inevitable reality that some of the documents we process contain sensitive and/or confidential information. We understand and respect the privacy regulations of IRB, HIPAA, and other governing bodies and do everything we can to help our customers conform to these regulations. To this end, Captricity is built with state-of-the-art security fully integrated into every step of the data digitization process. Specific features include:

Shredded data verification

Shreddr, the technology that powers Captricity, is named after the well-known document-shredding technology used across industries to protect confidential data. Shreddr technology works by isolating pieces of information, or data fields, within a form into distinct images.

The original form (left), and shredded results pulled from multiple forms (right)

Shredded work

Each field, or “shred,” is then read and digitized out of context from the rest of the form by one of thousands of data entry workers spread across the globe (the majority of which come from Amazon’s Mechanical Turk).

The data entry and review process is designed so that each worker is assigned to process a given class or type of data, such as Lastname, from many forms rather than a group of complete forms. This ensures that every worker sees only one piece of data, or shred, from a single form.

In the diagram above, Worker 1 processes only Lastname fields from hundreds of forms without ever seeing ID number, City, Age, or any other fields from a single form. Moreover, workers process data in a “blind” fashion, meaning that they are not informed which class or type of data they have been assigned. In the example above, this means that Worker 1 does not know they are processing Lastname fields, Worker 2 does not know they are processing ID numbers, and so on.

The point is that workers focus only on accurately transcribing the specific data contained in their assigned fields, or shreds, without need for or knowledge of additional context.

An additional note about Shreddr technology and security: Each shred is protected by a special algorithm so that even if someone managed to gather a large collection of shreds, it would be virtually impossible to reconstruct the original form⎼a feature even paper shredders aren’t able to claim!

Redaction

In some cases, such as with social security numbers, personally identifiable information (PII) may be exposed even using shredding technology. There are two solutions:
  1. If you do not need this information to be digitized, you can redact or black out the field using Advanced features in the defining fields step. This information will not be seen by anyone, and will also not be included in your results.
"Black this out" feature in the defining fields toolbox

 


  1. If you do need this information to be digitized, you can break the PII-containing field into separate fields. For example, you can break a social security number into three separate fields so that each field will be read and digitized by a different worker.
Social security number broken into three fields

Privacy-certified workers

Another option for processing sensitive, or PII-containing fields, is to route the work through privacy-certified workers or your own staff. Contact us to pursue or learn more about this option.

 

Security

Website

  • All communication with the Captricity website, including file upload and download, occurs via HTTPS under AES 256-bit SSL encryption.
  • Minimum-strength standards are enforced for user passwords, which are encrypted during transmission and storage.
  • Web-based application means no software to download, and therefore more protection from computer viruses.

Data center

  • We use Amazon’s secure, large-scale data centers which feature firewalls, redundant hardware and power, and video and human security surveillance.
  • Data center staff are regulated via multiple checkpoints and two-factor authentication.

Data

  • All data is stored and transmitted using bank-grade encryption.
  • Documents and datasets are backed up daily; all backups are encrypted.
  • On account cancellation, you may request to have your data permanently purged from our system.

Sharing

We don’t share, rent, or sell any information to third parties without your explicit consent.