3 min readUpdated April 20, 2026
This is the single most important part of the product. Managers see aggregated team trends. They never see individual responses.
What a manager can see
- Aggregated averages for their department(s): vibe score, mood, stress, sleep, energy.
- Response rate for their department(s).
- Distribution of answers per question (e.g. 'how many people rated stress 4 vs. 5').
- Anonymised open-text comments, only when a department has 5 or more respondents in the period.
- The AI briefing scoped to their department(s).
What a manager cannot see
- Who answered a specific question, or what any one person answered.
- Anything about a department with fewer than 5 respondents — those cells blank out entirely.
- Individual journal entries, mood logs, or mindful-minute sessions.
- Who is or isn't on a streak, beyond their own employees' opt-in shout-outs.
- Any data about departments they don't manage.
How we enforce it
The enforcement happens at three layers. The Postgres database uses row-level security policies scoped to the manager's department. The API layer re-checks scope on every request. The UI layer never asks for data outside that scope. If any of the three misbehaves, the others still block.
We keep a public summary of the RLS policies in our GitHub repo. If you want to verify them in place, email info@bearacle.com and we'll share read-only access.
Was this article helpful, or missing something? Email info@bearacle.com or open a ticket.