Security FAQs

Concerned about adding a bot to your team?

Your privacy and the security of your data is our top concern.  In order to install Polly into your workspace, you’ll need to authorize the addition of a bot. If you’re concerned by this, please continue to read other parts of this FAQ.


Does Polly read or store my team’s messages from Slack?

Polly cannot read any of your teams messages, with the following exceptions:

  • Messages that have explicitly tagged Polly with @polly 
  • Direct messages sent from a user to Polly (in the Polly DM channel only)
  • Messages that are posted by Polly (i.e. a survey)

We also do not store any messages in our database.

Can Polly read the history of the channel?

No - nor can we. The sole exception is the "Polly" Direct Message channel, in which cases a user will have sent the message to only Polly.

What Slack Scopes do you request?

"commands", "im:read", "im:write", "im:history", "team:read", "channels:read", "chat:write", "chat:write.public","groups:read", "mpim:read", "users:read", "", "app_mentions:read", "links:read"

How do you store your data?

All data is passed over HTTPS and stored in an encrypted database in AWS.

What security practices or certifications do you have?

Polly has the following:

  • SOC2 Type1 and Type2 certifications
  • EU/US Privacy Shield Certified
  • GDPR/CCPA Compliant
  • Annual 3rd party pentest and audits conducted
  • Business Continuity and Disaster Recovery Plan

    More details are available at

How do you use my team’s data?

Data generated through Polly by your team is only used to enhance your team’s services – to provide you and your team the ability to view, collect, and analyze survey results. For more details, please refer to our privacy policy.