

Show HN:  VerticalChange, SurveyMonkey meets Highrise (and a LOT of AngularJS) - dylanz

We built a &quot;people management platform&quot;.  I think this falls into the &quot;unsexy&quot; category.<p>Users can build custom forms to track any type of data for people. While the application is applicable in many different markets, our initial target is social-service agencies, non-profits, and case-managers (it’s where we think we can make the biggest positive impact).<p>Technology wise, our upcoming blog posts might be something like “2 years with AngularJS” and “HIPAA Compliance on AWS”.  We’ve had a great time developing with tools and platforms like AngularJS, Postgres (w&#x2F; hstore), Rails, Golang, Chef, AWS (VPC), etc.<p>A long time in the making, we have happy clients, and are really excited to get some more eyes on it.  Any feedback is always appreciated, and I&#x27;m happy to answer any questions.  Thanks!
======
dylanz
Clickable: [https://verticalchange.com](https://verticalchange.com)

------
maxmmurphy
Love to hear more about HIPAA compliance on AWS, been there recently and would
love to see other's take on it. Especially because the AWS whitepaper is
so....unsubstantial.

~~~
johne20
A lot of HIPAA compliance comes down to documentation, etc, for example
getting AWS to sign BAA

From a technical perspective, here are some highlights.

Run everything in VPC, with private and public subnets only exposing bare
minimum externally

All disks are encrypted (we used dm-crypt)

All data at rest on s3 or in flight is encrypted.

Redundant encrypted backups

Enable multi-form auth on AWS signin, audit IAM users

Don't rely on external service providers for anything (except AWS of course)

Make sure have an audit trail for everything. We log every action a user makes
including the response.

------
tharshan09
It would be great if you could share your insights into handling
authentication with an API. I am still yet to find a perfect way to do it.

~~~
johne20
I am not certain if you are referring authenticating to an API via Angular or
just API auth in general, but I can touch on both.

atm, we just use traditional rails authentication since our angular app is the
only consumer of the api. But, that will be a bridge we need to cross soon and
will post our findings. I would start by looking at how other market leaders
do it, eg Stripe et al.

As far as connecting an angular app to backend api, I would look at this
[http://www.frederiknakstad.com/authentication-in-single-
page...](http://www.frederiknakstad.com/authentication-in-single-page-
applications-with-angular-js/)

~~~
tharshan09
Yes I am referring to Authentication via Social Auth like Facebook and normal
email/pass auth as well. But I am using Django as the backend, not node like
most of these tutorials are using.

------
mharnish
Unsexy is the new sexy. Go Silicon Beach!

~~~
dylanz
That's what we were thinking! Out of all the markets we looked at, this seemed
to be the most underserved in terms of software. There is _a lot_ of partial
software solutions out there, but they are all extremely antiquated and end up
being a huge burden on the users.

~~~
mharnish
Reminds me of Appfolio and how antiquated rental property mgmt software was
before they came out with their product.

------
edbyrne
So this is a CRM for non-profits? Or a HR tool?

~~~
dylanz
It is actually a combination of both.

HR Tool: You can add all of your agencies employees, and use the system like a
case management platform. You can see what your employees are doing in an
event stream, and also assign them tasks.

CRM: More so this. Add all of your clients, jot down case notes, administer
surveys for them, etc. You'd see a lot of similarities between us an Highrise
in terms of CRM features.

