Polymer Security

Polymer keeps customer data secure and meets global compliance standards.

Polymer does not process any customer data on fixed hosting servers. All processes are piped through on-demand spawned servers (lamdba process) that report on metadata. At the end of an event, the on-demand server expires with no data used for processing remaining on Polymer servers.

Polymer Security Center

Polymer cannot view contents of customer files, chats & tickets

All data in transit and at rest is encrypted or hashed via automated on-demand processes.

Video Screenshot

What happens when you press install?



You authenticate directly with the Saas plataform you are installing Polymer on.



Upon acknowledgement of a valid user, Polymer will ask for minimum scopes


Serverless processing

HTTPS based encrypted read into a server-less docker instance spawned specifically for your Run.


Metadata reporting

No actual data ever hits Polymer servers. Only metadata is extracted from 3) for reporting



On-demand docker instance self-destructs. No non-metadata footprint left in Polymer’s environment


General Data Protection Regulation (GDPR)

Polymer adheres to GDPR guidelines to protect our customers’ personal data and privacy rights.


Service Organization Control (SOC) 2

Polymer has achieved SOC 2 Attestation


Google Scopes Verified

Leviathan, Google Authorized (one of three) pen testing firm has verified Polymer code, controls and Google Scopes to meet highest security standards.

Frequently Asked Questions

Does Polymer store my files and messages?

Polymer does not persistently store user messages or files. Message meta data is retained by Polymer for reporting. However the underlying messages and files are not retained.

How does Polymer process files on my SaaS platform?

Polymer processing is based on a serverless environment where all processing done is via on-demand servers using AWS Lambda. These ad-hoc servers spin up and self-destruct after processing is complete. Only the metadata derived and signed-URLs (that can only be opened via client authentications) are generated from this process and reported upon.

Where is Polymer hosted?

Polymer is currently hosted exclusively in AWS & GCP US data centers. We utilize multi-zone redundancy to maximize availability and uptime. All customer data is currently retained in the US.

What are Polymer’s policies regarding personally identifiable information (PII)?

Polymer retains the following PII information for the purpose of normal operation of the service: First name, last name, and email address. Polymer will also be provided an end user’s current public IP address when accessing the polymerhq.io website.

Where can I find more information about Polymer’s security practices?

Have security questions? Please set up time with our security and data privacy team by emailing us at info@polymehq.io