Rhino Meets Compliance Challenges Head-on Thanks to Heroku

Heroku Enterprise, data services, and Salesforce integration simplify compliance for Rhino’s insurance platform

Today, more Americans rent their home than at any point since 1965.1 In those 55 years, the internet has brought enormous change to how we find rental properties. However, there’s one aspect of renting that has hardly changed at all: the security deposit.

Arguably, security deposits are a challenge for everyone. Across the US, they tie up $190 billion.1 For individuals, finding the money for a deposit can be a significant barrier to renting, and there’s no guarantee of getting it back. According to research by Rent.com,2 more than a quarter of tenants have lost their security deposit. A third of them never found out why. For landlords, deposits bring the overhead of managing other people’s money, and even a large deposit might not cover every scenario.

In 2017, the team at Rhino started building a Heroku-based app that would offer a better way.

An alternative to security deposits

The Rhino proposition is simple. Rather than taking a security deposit, landlords ask new tenants to complete Rhino’s online form. Taking around 60 seconds to fill out, the form captures enough information to generate a tailored insurance policy that does away with the need for a deposit payment.

Tenants then pay a small monthly insurance premium to Rhino, rather than an up-front security deposit. They may log into the app from time to time to review their policy, update credit card details, or access other information.

For Rhino’s partners –– landlords, property management platforms, insurance underwriters, and listings services –– their relationship with the platform is ongoing. Landlords, for example, can log into their accounts to make a claim on the insurance policy in the event of property damage or unpaid rent.

Three applications running on Heroku

That split is reflected behind the scenes in the architecture of the Rhino platform, where there are three core applications:

  • Renter application: home to the tenant application form
  • Partner portal: where landlords and property managers oversee their portfolio of tenant policies and manage their insurance claims
  • Partner API: an interface to enable integrations with property management platforms used by landlords

Almost every part of the Rhino platform runs on Heroku. Most data is stored in Heroku Postgres, and soon the team will migrate remaining data from an Amazon RDS database to Postgres.  Rhino uses Heroku Data for Redis for caching and processing background jobs, as well as storing non-relational and ephemeral data to deliver a better user experience.

From the beginning, Rhino's CTO and co-founder Bryan Woods has set a policy of using tried and trusted technologies. That philosophy is reflected throughout the platform, including running their renter application and partner portal as Ruby on Rails apps in Heroku.

Rhino chose something a little more exotic for the Partner API in the form of Elixir and Phoenix, taking advantage of Heroku's Phoenix buildpack. However, even if Elixir is less well known than Ruby, it is built on top of Erlang, a language platform designed to meet the extreme reliability demands of the telecoms industry.

A screenshot of the Rhino homepage

So, why is proven technology so important to Rhino?

Heroku lets us funnel all of our mental resources and time into building our business, instead of reinventing the wheel. Bryan Woods, CTO and Co-Founder, Rhino

Heroku helps Rhino meet strict compliance requirements

Insurance is a complex market in which to operate. The risks borne on all sides of an insurance transaction has led to long-established regulation at the state level. That means that providers like Rhino must meet the varying requirements of 51 different regulators, including the District of Columbia, if they are to operate across the United States. Today, Rhino operates in 41 states, and is on its way to expand nationwide.

Compliance goes beyond meeting the requirements of state insurance regulators, however. Many of Rhino’s partners –– landlords, property management platforms, leasing agents –– are also heavily regulated, and require that the platform meet even stricter security, privacy, and data protection standards related to real estate and landlord-tenant laws. For Rhino, demonstrating compliance is an ongoing task that requires a flexible and agile approach.

If partner and regulator requirements were consistent from state to state and partner to partner, then it would be relatively easy for the Rhino team to demonstrate that their platform is compliant. However, unlike healthcare under HIPAA rules, there isn’t a single standard for the insurance industry. Instead, each state and each partner requires varying solutions. That makes implementing compliance a highly manual process.

By running on Heroku, the Rhino team has a strong foundation from which to meet their regulatory compliance. As the Heroku platform is subject to rigorous compliance testing, meeting strict SOC and ISO requirements, large parts of Rhino’s technology stack are already compliant with industry security and privacy standards. And with the help of the Heroku team, Rhino are able to demonstrate compliance without the overhead of auditing their server and data layers.

Heroku makes our job easier by maintaining ISO and SOC compliance.. When a partner or regulator demands something non-standard, the Heroku team is always there to help us get the documentation we need. Bryan Woods, CTO and Co-Founder, Rhino

Heroku Connect syncs Rhino’s data with Salesforce

A smooth and speedy onboarding process for partners is key to Rhino’s success. Larger landlords often want to integrate the Rhino offering with their existing systems. In some cases, that means integrating with ready-made property management systems. In others, it requires building support for a landlord’s custom system.

An example of a warning when completing a Rhino application

One New York property management company runs their own custom system built on top of Salesforce. When it came time to offer Rhino to its tenants, the company wanted to ensure automatic synchronization of data between Rhino and its Salesforce implementation. Thanks to Heroku Connect, the Rhino team was able to create that integration in a fraction of the time it would have taken for them to build it themselves. With that Heroku Connect integration in place, data syncs automatically between Rhino's Heroku Postgres database and the company's Salesforce org.

For those partners using systems other than Salesforce, there are two routes to integration. One is the Rhino partner API, which means that even the smallest partners can integrate without significant investment from the Rhino team. The other requires custom development by Rhino. In those cases, it’s essential that Rhino’s engineers can react quickly to new partner requirements and complete each integration to a high level of quality within a short turnaround time. Heroku’s managed platform and CI/CD pipeline give Rhino the agility to spin-up prototype integrations, see them through partner review, and deliver them to production without the distraction of operational admin.

When it comes to running Rhino’s own business processes, Heroku Connect comes into its own again, synchronizing data between Rhino’s Salesforce org and records in the Rhino app.

A data warehouse on Heroku, integrated with Tableau

Insurance is all about having access to high quality data in order to determine levels of risk and gain insights into business growth. Both to serve their underwriters and to inform their own operations, Rhino runs a data warehouse that collates data from every part of the business.

At its core, that data warehouse is a large Heroku Postgres instance into which data automatically flows from customer records, Google Analytics, Mailchimp, Zendesk, Salesforce, and every other corner of the Rhino platform. The complexity comes in automating that data flow, so that data of varying shapes and sizes reaches the warehouse in near real time and in a form that is easily queried.

The scope of the project initially concerned the team at Rhino. Not only did it seem that setup would be labor intensive, but each new data source would require its own custom glue code to transform it and then sync into the warehouse. As it happened, the team discovered the Stitch ETL tool. Stitch takes Rhino’s various data sources, standardizes them, and feeds them into the Heroku Postgres data warehouse. Adding new data sources takes minutes, rather than the weeks that team had first anticipated.

With the data warehouse as its source, Rhino’s teams now have a Tableau interface to visualize complex queries in order to better understand the risk involved.

We chose each part of our tech stack –– Heroku, Salesforce, Tableau –– because they were the right choice for that job. It’s funny, as we never set out to do it, but our whole business is running on Salesforce. Bryan Woods, Co-Founder and CTO, Rhino

Rhino plans its future on Heroku

Three years since Rhino began its journey on Heroku, the business is close to operating nationwide and reaching ever more tenants thanks to new partnerships with property management companies.

At every level of their offering, Heroku has played a transformational role in Rhino’s ability to execute. Heroku’s managed platform has given the Rhino engineers the space to focus on solving customer needs while providing a foundation for regulatory compliance. Heroku’s Data Services have unlocked insights that enable Rhino and its partners to make the right decisions. And Heroku’s integration with the broader Salesforce ecosystem has accelerated Rhino’s ability to expand into fresh markets and sign new partnerships.

1) https://www.pewresearch.org/fact-tank/2017/07/19/more-u-s-households-are-renting-than-at-any-point-in-50-years/
2) https://www.rent.com/blog/tips-for-getting-your-security-deposit-back/

Code[ish] podcast icon

Listen to the Code[ish] podcast featuring Bryan Woods: Launching a Startup in a Regulated Industry.

Inside Rhino on Heroku

The Rhino platform is made up of three related apps on Heroku, each backed by its own Heroku Postgres database with support from Heroku Data for Redis. Two are Ruby on Rails web apps and the third is an Elixir/Phoenix app serving an API for consumption by Rhino's partners.

As a Heroku Enterprise customer, Rhino uses Heroku Connect to sync data between their Heroku Postgres database and Salesforce, for both internal and external orgs..

The Stitch ETL platform brings together Rhino's data from various sources and feeds it into a Heroku Postgres database, which they use as a data warehouse. The Rhino team and their partners then use Tableau with the data warehouse for visualization. Rhino's Heroku Add-ons include SendGrid for transactional email, New Relic for monitoring, and both Papertrail and Coralogix for regulation compliant logging.