Ian Yamey
Chief Technology Officer
ian@policygenius.com
The easiest way to get insurance online
LEARNING
Education and decision support tools
SHOPPING
Unbiased quote comparison
INSURANCE CONCIERGE�We’re with you every step of the way
Under the hood
Ruby
Dynamic language, promotes simplicity
Rails
Full stack web development framework
Redis
In memory object-store
Postgresql
Relational Database Management System
ReactJS
Rich javascript components
Gulp
Asset pipeline
Be better, together
Github
Code collaboration
Slack
Team chat (but mostly about the GIFs)
Code Climate
Automated code quality reviews and code linting
Semaphore
Continuous Integration and Deployment.
Security and HIPAA Compliance
Sensitive customer data and protected health information
Income / Finances
SSN
Household info
Driver license
Health
Investments
Demographics
Debt
1
Encrypt
sensitive data
Restrict access
Audit and monitor
2
3
Don’t let it get in the way of a modern development culture
Aptible
HIPAA compliant docker hosting.
Docker
Applications as lightweight containers
Our modern development culture
Deployment
One-command to deploy. Multiple deploys a day from a CI server.
(Pragmatic) Agile
Collaboration is key. Pair Programming, Standups, TDD, Retrospectives.
Data wins
Test everything, and automated it! Analytics, A/B tests, Fact based
Product-centric
Engineers need to be passionate about product and drive innovation
Analytics + Consumer Behavior
Google Analytics
Chartbeat
Analyze customer behavior
vs
Protect customer identity
An example: Sending email
without revealing identity
(only you should) Know thy customer
$$$
$$$
APPLICATION
+
CRITICAL
ILLNESS
HEALTH
USE PLACEHOLDER STRINGS
Use placeholders for sensitive data �(eg last name, PHI)
Your app acts as a man-in-the-middle and inserts the sensitive data
INTERCEPT
External systems send customer emails to your app
CREATE A PSEUDO INBOX PER CUSTOMER
LIMIT WHAT 3RD PARTIES KNOW
External systems only see sanitized data
Resend the email to the customer, directly from your App
RESEND
Identify the user with
third party systems
analytics.identify("ciwhfhv9jzs3jv3p3gojxcis")
Anonymous, unique ID
Track traits
analytics.identify("ciwhfhv9jzs3jv3p3gojxcis",{
first_name: "ian",
state: "New York",
blood_pressure_systolic: 130,
blood_pressure_diastolic: 80,
})
analytics.identify("ciwhfhv9jzs3jv3p3gojxcis",{
first_name: "ian",
state: "New York",
login_url: "LOGIN_URL",
last_name: “LAST_NAME”
})
PLACEHOLDERS FOR SENSITIVE DATA
Let the third party, party!
HTTP POST https://www.policygenius.com/process-incoming-email
ciwhfhv9jzs3jv3p3gojxcis@customers.policygenius.com
Third Party
Mailgun
class EmailProcessor� def initialize(email)� @email = email� end� � def process� # determine the customer's actual email address� uuid = @email.to.first[:token]� customer = Customer.find_by(analytics_id: uuid)� actual_customer_email = customer.email� � # replace any placeholders with real values� new_body = @email.raw_html� .gsub('LAST_NAME', customer.last_name)� .gsub('LOGIN_URL', customer.auto_login_url)� � # resend the email� CustomerMailer.mail(� to: actual_customer_email,� subject: @email.subject,� body: new_body� ).deliver_later� end�end
ciwhfhv9jzs3jv3p3gojxcis@customers.policygenius.com
Third Party
HTTP POST https://www.policygenius.com/email-processor
Mailgun
PolicyGenius App
ian2015@gmail.com
NEXT?
Questions?*
* (I’m here for Q’s about our stack, product and engineering team). If you’re looking for answers about your own insurance needs, we have a website for that! https://www.policygenius.com