Show HN: VerticalChange, SurveyMonkey meets Highrise (and a LOT of AngularJS)

16 points by dylanz ↗ HN
We built a "people management platform". I think this falls into the "unsexy" category.

Users can build custom forms to track any type of data for people. While the application is applicable in many different markets, our initial target is social-service agencies, non-profits, and case-managers (it’s where we think we can make the biggest positive impact).

Technology wise, our upcoming blog posts might be something like “2 years with AngularJS” and “HIPAA Compliance on AWS”. We’ve had a great time developing with tools and platforms like AngularJS, Postgres (w/ hstore), Rails, Golang, Chef, AWS (VPC), etc.

A long time in the making, we have happy clients, and are really excited to get some more eyes on it. Any feedback is always appreciated, and I'm happy to answer any questions. Thanks!

12 comments

[ 3.0 ms ] story [ 44.2 ms ] thread
So this is a CRM for non-profits? Or a HR tool?
It is actually a combination of both.

HR Tool: You can add all of your agencies employees, and use the system like a case management platform. You can see what your employees are doing in an event stream, and also assign them tasks.

CRM: More so this. Add all of your clients, jot down case notes, administer surveys for them, etc. You'd see a lot of similarities between us an Highrise in terms of CRM features.

Unsexy is the new sexy. Go Silicon Beach!
That's what we were thinking! Out of all the markets we looked at, this seemed to be the most underserved in terms of software. There is a lot of partial software solutions out there, but they are all extremely antiquated and end up being a huge burden on the users.
Reminds me of Appfolio and how antiquated rental property mgmt software was before they came out with their product.
It would be great if you could share your insights into handling authentication with an API. I am still yet to find a perfect way to do it.
I am not certain if you are referring authenticating to an API via Angular or just API auth in general, but I can touch on both.

atm, we just use traditional rails authentication since our angular app is the only consumer of the api. But, that will be a bridge we need to cross soon and will post our findings. I would start by looking at how other market leaders do it, eg Stripe et al.

As far as connecting an angular app to backend api, I would look at this http://www.frederiknakstad.com/authentication-in-single-page...

Yes I am referring to Authentication via Social Auth like Facebook and normal email/pass auth as well. But I am using Django as the backend, not node like most of these tutorials are using.
Love to hear more about HIPAA compliance on AWS, been there recently and would love to see other's take on it. Especially because the AWS whitepaper is so....unsubstantial.
(comment deleted)
A lot of HIPAA compliance comes down to documentation, etc, for example getting AWS to sign BAA

From a technical perspective, here are some highlights.

Run everything in VPC, with private and public subnets only exposing bare minimum externally

All disks are encrypted (we used dm-crypt)

All data at rest on s3 or in flight is encrypted.

Redundant encrypted backups

Enable multi-form auth on AWS signin, audit IAM users

Don't rely on external service providers for anything (except AWS of course)

Make sure have an audit trail for everything. We log every action a user makes including the response.