Polymer cannot view contents of customer files, chats & tickets

All data in transit and at rest is encrypted or hashed via automated on-demand processes. 

Service Organization Control (SOC) 2

Polymer is currently under audit by HBK and is slated to be SOC-2 certified by summer 2021

General Data Protection Regulation (GDPR)

Polymer adheres to GDPR guidelines to protect our customers’ personal data and privacy rights.

California Consumer Privacy Act (CCPA)

Polymer has implemented controls from the CCPA framework to support our customer’s rights over their personal data.


Frequently Asked Questions

Does Polymer store my files and messages?
Polymer does not persistently store user messages or files. Message meta data is retained by Polymer for reporting. However the underlying messages and files are not retained.
How does Polymer process files on my SaaS platform?
Polymer processing is based on a serverless environment where all processing done is via on-demand servers using AWS Lambda. These ad-hoc servers spin up and self-destruct after processing is complete. Only the metadata derived and signed-URLs (that can only be opened via client authentications) are generated from this process and reported upon.
Where is Polymer hosted?
Polymer is currently hosted exclusively in AWS & GCP US data centers. We utilize multi-zone redundancy to maximize availability and uptime. All customer data is currently retained in the US.
What are Polymer’s policies regarding personally identifiable information (PII)?
Polymer retains the following PII information for the purpose of normal operation of the service: First name, last name, and email address. Polymer will also be provided an end user’s current public IP address when accessing the website.
Where can I find more information about Polymer’s security practices?
Have security questions? Please set up time with our security and data privacy team by emailing us at