Polymer Search
Polymer's Data Handling & Storage
How Polymer handles your data
Data privacy and security are extremely important to Polymer. We built our system with data privacy front and center.
We take product security as our highest priority in Polymer. As security effort is applied throughout our release cycle, we tend to discover security issues far earlier in the process and address them rapidly.
Polymer uses continuous integration for all our services. By doing so, we can respond rapidly to any security and functional issue. We're continuously working on iteratively improving our DevOps practices.
Polymer uses continuous integration for all our services. By doing so, we can respond rapidly to any security and functional issue. We're continuously working on iteratively improving our DevOps practices.
Data uploaded to Polymer by its authorized users are considered confidential. It is protected in transit across public networks and encrypted at rest using AES-256 encryption. Data uploaded to Polymer is not authorized to exit our service environment, except in limited circumstances such as in resolving a customer request.
To protect customers' data and our secrets, we utilize encryption including encryption at rest (AES-256), KMS-based protections for secrets (passwords, access tokens, API keys, etc.), and GPG encryption.
We monitor our infrastructure for security and stability related events to prevent any data loss and leaks by utilizing open source and commercial technologies. Activities such as API calls are logged to a central logging system, which triggers alarms for the security team at any malicious activity.
To protect customers' data and our secrets, we utilize encryption including encryption at rest (AES-256), KMS-based protections for secrets (passwords, access tokens, API keys, etc.), and GPG encryption.
We monitor our infrastructure for security and stability related events to prevent any data loss and leaks by utilizing open source and commercial technologies. Activities such as API calls are logged to a central logging system, which triggers alarms for the security team at any malicious activity.
TLS Everywhere
All data transmitted between Polymer and its users are protected using Transport Layer Security (TLS) and HTTP Strict Transport Security (HSTS). If encrypted communication is interrupted, the Polymer application is inaccessible.
Single Source of Truth
Polymer has a philosophy of one source of truth vs making multiple copies of data in our system. This disallows sloppy passing around of data and avoids creating a large surface area around any data and potential loopholes.
First Layer — AWS/S3 Level Encryption
All datasets that are uploaded or connected to Polymer are persisted in an AWS S3 bucket as fully encrypted blobs. This encryption cannot be reverse engineered if someone gets access to the physical resources in the data center.
Second Layer — Application Level Encryption
On top of S3 provided encryption, we also add AES-256 application level encryption. This means that Polymer's backend is being passed encrypted data from S3. No user can access this data at rest and see its contents.
Third Layer — Decryption
All data is decrypted only when read into memory for data indexing and computing insights for Polymer's front end. Moreover, this decryption is done in chunks and then converted into an internal format by Polymer on the fly. This means that at no point is the entire data or any significant parts of it completely decrypted in memory. This adds a third layer of data security.
Deleting Data
All data can be easily deleted via the Polymer interface. Each dataset's delete does a deep delete in our system, which means not only is the underlying encrypted data removed but its meta data like filename, associated user, its size etc. are also deleted from our database. There is no way for us or anyone else to recover this data once deleted by the user.
Bring Polymer's Magic to your Data
Unparalleled data productivity for you and your team.