How HiberHilo handles your data. 

Ensure data security and compliance.

Article · 3 min read

HiberHilo is an easy-to-install, easy-to-use, and easy-to-love solution for oil and gas companies with wells and pipelines in remote locations. It lets you gather data from any well or pipeline, anywhere. Without sending out a crew. Simple, right?


Well, yes and no. Yes, because we believe that IoT solutions in remote locations should be easy. But no, because making a solution that’s easy to use and secure requires some serious commitment. 


At the end of the day, HiberHilo is collecting private data from your fields. And there’s a lot that goes into making sure that information stays secure, all the time. 

We rounded up some of the most common questions we get from our customers regarding data security and residency. 


What kind of data does HiberHilo collect?

HiberHilo only collects a small amount of data from your wells. Most of our customers use it to collect pressure and temperature data. But some install flow sensors, as well. It’s only the data you want us to collect: nothing else is measured or stored in HiberHilo. 


When you sign up, we do ask for some other basic information. You’ll have to tell us your name, create a username, and email to create an account. All of this information is protected according to the European General Data Protection Regulation (GDPR). We don’t sell it, share it, or distribute it in any way. 

Where is the data stored?

As soon as a piece of data is collected at a sensor, it is transmitted to the gateway via a secure LoRa connection. which can be as far as 8 kilometers away. Upon reaching the gateway, that data will be temporarily stored on the device. 


Every 15 minutes (or however often you choose to receive updates), the data stored in the gateway is transmitted via satellite network to the Google Cloud. For example, we often use the Inmarsat network, which provides satellite connectivity to major shipping companies, governments, and other high-security industries. Inmarsat has one of the strongest security standards in the world. But, to be extra secure, the data is encrypted before being transmitted from the gateway. 


The data is safely stored in the Google Cloud, and physically located here in the EU. 



What are HiberHilo’s data security practices?

We take data security seriously. Seriously enough that we’ve undergone a rigorous audit of our security practices, and have been found to meet the highest security standards. We’re SOC-2 Type II compliant, and are continuing to investigate how we can improve our security measures. We go through an annual accredited audit of our practices and annual pen testing, and have always passed without any issues. 


Data security is baked into our business. We follow secure-by-design software practices. And our office is in a highly secure building facility with facial recognition software. We also did the SOC-2 certification through a platform called Vanta, which monitors our security systems in real-time. 


In addition to the SOC-2 Type II compliance, we only work with highly trusted partners when it comes to data collection and storage. Inmarsat is well-known for its security practices. And the Google Cloud is one of the most secure places to park your data out there. We work with major oil and gas companies like Shell, who have thoroughly investigated our security measures and approved our processes. 



Who has access to the data?


Good question. And the simple answer is: mainly your team. 


HiberHilo users own their data. And because you own your data, we believe you should have unilateral access to it. Here at our headquarters in the Netherlands, we only look at data that tells us if your sensors and gateway are working properly. 


If you choose to use our online dashboard, only verified users can see your data. Whenever someone logs in their identity is authenticated. Only after that authentication can they securely access the dashboard which shows their data.


It goes without saying, we’ll never sell any of your information. We also have pretty strict SLAs and contracts in place that protect your ownership of your information.