Skip to content

Platform

The infrastructure behind every signal

Four products, one foundation. SignalSuite is built on a shared anonymity model, a single scoring engine, and database-level isolation, so trust isn't a promise bolted on top, it's how the system is wired.

How it works

From a single answer to a safe insight

Every product follows the same four-step path. Anonymity and the privacy threshold are enforced before a result is ever shown, not as a final review step, but as part of the pipeline itself.

  1. Step 1: Collect

    People answer a short, structured survey through a per-link access token. No account, no login.

  2. Step 2: Anonymize

    The response is written with no identity column attached. Anonymity is structural, set in the schema itself.

  3. Step 3: Score

    Postgres normalizes each answer to a 0–100 scale and rolls it into per-dimension and overall scores.

  4. Step 4: Surface

    Results unlock only once enough responses protect every individual, then the employer sees patterns, not people.

Anonymity model

No identity ever touches a response

The strongest privacy guarantee is the data you never collect. SignalSuite responses are anonymous by structure: there is no column to hold a name, so there is nothing to expose, subpoena, or accidentally surface.

  • No identity to leak

    Response tables carry no user ID, no email, no IP address. Anonymity isn't a setting that can be toggled off. It's the shape of the schema.

  • Write-only response path

    Responses arrive through a per-link access token and a security-definer function. Client roles can submit, but cannot read a single raw response back.

  • Patterns, not people

    Results are only ever released as aggregates. An employer sees how a team feels, never who said what, never an individual answer.

2 of 5 responsesResults locked

Too few responses to protect an individual. No score, no average, nothing leaves the database.

5 of 5 responsesResults unlocked

Enough responses now shield each person. The score is released, but only ever as an aggregate.

Threshold of 5 shown for illustration. The exact value is configurable per product and per diagnostic.

Scoring engine

One scoring method, computed in the database

Raw 1-5 responses are noisy and hard to compare. A shared scoring engine normalizes them to a consistent 0-100 scale, computes per-dimension and overall scores, and reports eNPS separately, all in Postgres, all suppressed below the privacy threshold.

  • One normalization, everywhere

    A 4 out of 5 means the same thing in every product. Each answer runs through the same (rating − 1) ÷ 4 × 100 transform, in the database.

  • Dimensions and overall

    Scores resolve per dimension and roll into a single overall figure. Top dimensions surface as strengths; the lowest are flagged as risks.

  • Suppressed below threshold

    If a result hasn't cleared its privacy threshold, the scoring function returns nothing at all. There's no partial number to reverse-engineer.

Answer4 / 5Normalize(4 − 1) ÷ 4Scale× 100Contribution75

Every 1–5 answer is normalized to a 0–100 scale by the same in-database function, so a score means the same thing in HireSignal, ManagerSignal, and every product that follows.

Overall score

77/ 100

Illustrative
  • Clarity & direction82
  • Support & growth74
  • Trust & fairness88
  • Communication69
  • Recognition71
  • Accountability79

The overall score is the mean of the six dimensions. The top two become highlighted strengths, the bottom two flagged risks. eNPS is reported on its own, never folded into the score.

Cross-product intelligence

One workspace. One data model. Four products.

Each product is a surface over the same machinery. They share a workspace, a Postgres data model, and the scoring infrastructure underneath, so adding a product doesn't mean adding a silo.

  • Shared, not stitched

    Anonymity, scoring, and isolation are built once and reused. New products inherit the same guarantees on day one.

  • The path to a unified Org Score

    Because every product speaks the same 0-100 language, the scores can eventually combine into one Org Score.

On the roadmap: cross-product analytics and the unified Org Score dashboard are a later milestone. Today, HireSignal and ManagerSignal are live and already share this foundation.

Products

  • HireSignalAvailable
  • ManagerSignalAvailable
  • SalarySignalComing soon
  • CultureSignalComing soon

Shared infrastructure

  • Anonymity model
  • Scoring engine
  • Row-level security

Foundation

One workspace · one Postgres data model

Security & isolation

Isolation enforced where it can't be bypassed

Access rules that live in application code can be skipped by the next code path. SignalSuite enforces multi-tenant isolation in Postgres itself, with row-level security on every table.

  • RLS on every table

    Row-level security is enabled table by table. A workspace member can only ever see rows scoped to a workspace they belong to.

  • Least privilege by default

    Default grants are revoked, then execute is granted function by function. The anonymous role can submit a response and nothing else.

  • Security-definer writes

    Every write flows through a vetted function that validates input and enforces scope, so business rules live next to the data they protect.

Encryption in transit and at rest

Traffic is served over TLS, and data is encrypted at rest by our managed Postgres platform. It's a baseline commitment, not a premium add-on.

AI layerRoadmap

We plan to add theme clustering and summarization to turn open comments into readable patterns. By design, it will only ever read the same anonymized, threshold-gated aggregates as the rest of the platform. It can never de-anonymize a response. This is not shipped today.

Built for trust

What's shipped, and what's next

We'd rather be precise than impressive. Here's an honest line between the infrastructure running in production today and the work still ahead.

Live today

  • Structural anonymity with no identity columns
  • k-anonymity threshold suppression
  • Shared 0-100 scoring engine, in-database
  • Row-level security and least-privilege access

On the roadmap

  • Unified cross-product Org Score
  • Cross-product analytics dashboards
  • AI theme clustering and summarization
  • Formal compliance attestations

Questions

The honest answers

Can an admin de-anonymize a single response?
No. There is no identity column on a response to expose. The link between a person and their answer is never recorded in the first place. Even with full database access, there is nothing to join an answer back to a name.
What is the privacy threshold, and who sets it?
It's a minimum number of responses required before any result is shown: the k in k-anonymity. It defaults to 3 for HireSignal and 5 for ManagerSignal, and can be raised per workspace or per diagnostic. Below it, the database returns no score.
Is the scoring the same across products?
Yes. The 0-100 normalization, per-dimension rollup, and threshold suppression are shared infrastructure that every product builds on, which is what makes a future cross-product Org Score possible.
Do you have a cross-product Org Score today?
Not yet. Two products are live and share the same scoring engine; a unified Org Score that rolls them into one read on organizational health is on the roadmap, not shipped.
Does the AI layer ever see who said what?
It can't. Any future theme-clustering or summarization runs on the same anonymized, threshold-gated aggregates everything else reads. There is no de-anonymized data path for it to use. Today, that layer is roadmap, not a shipped feature.
How is my data isolated from other companies?
Every domain table is scoped to a workspace and guarded by row-level security, so one customer's data is invisible to another at the database layer. See Security & Compliance for the full picture.

See the platform from the inside

Set up a workspace and watch the pipeline work: anonymous responses in, safe patterns out. Start with one product and grow into the suite.