How Polymer handles data

Data privacy and security are extremely important to Polymer. We built our system with data privacy front and center.

We take product security as our highest priority in Polymer. As security effort is applied throughout our release cycle, we tend to discover security issues far earlier in the process and address them rapidly.

Polymer uses continuous integration for all our services. By doing so, we can respond rapidly to any security and functional issue. We're continuously working on iteratively improving our DevOps practices.

Data uploaded to Polymer by its authorized users are considered confidential. It is protected in transit across public networks and encrypted at rest using AES-256 encryption. Data uploaded to Polymer is not authorized to exit our service environment, except in limited circumstances such as in resolving a customer request.

To protect customers' data and our secrets, we utilize encryption including encryption at rest (AES-256), KMS-based protections for secrets (passwords, access tokens, API keys, etc.), and GPG encryption.

We monitor our infrastructure for security and stability related events to prevent any data loss and leaks by utilizing open source and commercial technologies. Activities such as API calls are logged to a central logging system, which triggers alarms for the security team at any malicious activity.

How we do it

TLS Everywhere

All data transmitted between Polymer and its users are protected using Transport Layer Security (TLS) and HTTP Strict Transport Security (HSTS). If encrypted communication is interrupted, the Polymer application is inaccessible.

Single Source of Truth

Polymer has a philosophy of one source of truth vs making multiple copies of data in our system. This disallows sloppy passing around of data and avoids creating a large surface area around any data and potential loopholes.

Deleting Data

All data can be easily deleted via the Polymer interface. Each dataset's delete does a deep delete in our system, which means not only is the underlying encrypted data removed but its meta data like filename, associated user, its size etc. are also deleted from our database. There is no way for us or anyone else to recover this data once deleted by the user.

How Polymer’s encryption works?

How Polymer’s Encryption Works?

01
FIRST LAYER

AWS/S3 Level Encryption

Polymer has a philosophy of one source of truth vs making multiple copies of data in our system. This disallows sloppy passing around of data and avoids creating a large surface area around any data and potential loopholes.

02
SECOND LAYER

Application Level Encryption

On top of S3 provided encryption, we also add AES-256 application level encryption. This means that Polymer's backend is being passed encrypted data from S3. No user can access this data at rest and see its contents.

03
THIRD LAYER

Decryption

All data is decrypted only when read into memory for data indexing and computing insights for Polymer's front end. Moreover, this decryption is done in chunks and then converted into an internal format by Polymer on the fly. This means that at no point is the entire data or any significant parts of it completely decrypted in memory. This adds a third layer of data security.

Understand your spreadsheets.
Start for free today!

Company

About Polymer

Careers

Terms of service

Privacy policy

Resources

Blog

Help center

Guides

Glossary

Contact us

Product

Pricing

Templates

Data privacy

API

For Agencies

For Marketers

For E-commerce

Service status

© 2024 Polymer Search
SOC 2 Type 2 Compliant