Is your sensitive data at risk? Request a free scan to learn more.


Download free DLP for AI whitepaper

Polymer security

Data security is Polymer’s number one priority. Polymer is SOC 2 Type 2 certified. That means you can trust our practices, policies, procedures, and operations meet rigorous security standards. 

Polymer Security Center

We cannot view the contents of your files, messages, or tickets

All data is encrypted or hashed via automated on-demand processes.

Video Screenshot

 What happens when you install Polymer?



You authenticate directly with the SaaS app you want Polymer to protect.



Polymer acknowledges you’re a valid user and asks for minimum scopes.


Serverless processing

Polymer creates a secure environment for your organization and data is processed through an encrypted protocol.


Metadata reporting

Only metadata needed for reporting is stored on Polymer’s server.



Upon expiry, your environment self-destructs and no footprint remains in Polymer’s server other than metadata.


General Data Protection Regulation (GDPR)

Polymer adheres to GDPR guidelines to protect our customers’ personal data and privacy rights.


Service Organization Control (SOC) 2

Polymer is SOC 2 Type 1 and SOC 2 Type 2 certified.

Google Scope

Google Scopes Verified

Leviathan, one of three Google-authorized pen-testing firms, has verified Polymer’s code, controls, and Google scopes to meet the highest security standards.

Polymer Security FAQ

Does Polymer store my messages and files?

Polymer does not persistently store user messages or files. Message meta data is retained by Polymer for reporting. However the underlying messages and files are not retained.

How does Polymer process files on my SaaS app?

Polymer processing is based on a serverless environment where all processing done is via on-demand servers using AWS Lambda. These ad-hoc servers spin up and self-destruct after processing is complete. Only the metadata derived and signed-URLs (that can only be opened via client authentications) are generated from this process and reported upon.

Where is Polymer hosted?

Polymer is currently hosted exclusively in AWS & GCP US data centers. We utilize multi-zone redundancy to maximize availability and uptime. All customer data is currently retained in the US.

What are Polymer’s policies regarding personally identifiable information (PII)?

Polymer retains the following PII information for the purpose of normal operation of the service: First name, last name, and email address. Polymer will also be provided an end user’s current public IP address when accessing the website.

Where can I find more information about Polymer’s security practices?

Have security questions? Please set up time with our security and data privacy team by emailing us at