Security at Polly

Your privacy and the security of your data is our top concern. Here at Polly, we build everything with customer trust and security in mind. We pride ourselves on taking the extra steps to ensure that we meet and exceed the industry standard to protecting your information.

Network and Application Security Features

Cloud Hosting

Cloud Hosting 

Polly's data and services are hosted with trusted Amazon Web Services (AWS) in US facilities, spread across multiple availability zones to ensure reliability and disaster recoverability.


Permissions and Authentication 

Access to customer data is limited to authorized employees whose job functions require it. Additionally, 2FA and strong password policies on all tools used internally are strictly implemented for all Polly employees to ensure third-party access to these cloud services are protected.

SSL Encryption

SSL and Encryption 

All data is transmitted over HTTPS, and any data stored is encrypted in transit and at rest using 256-bit encryption. Our application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.


Incident Response

Polly has a protocol in place for handling various security incidences, all of which employees are informed and trained on.

Polly Product Security Features


Single Sign On (SSO) and Two-Factor Authentication (2FA)

Polly inherits the same authentication method that you use for your Slack workspace, including SSO and 2FA.



Polly has different levels of permission settings within the app for your team. This includes app settings, user data, and billing.

Compliance Certifications



(Type I)
Trust Services Principles


EU/US Privacy Shield

Data Privacy Practices

Additional Security Features

Internal Security

Internal Security Policies 

Polly has a set of comprehensive security and awareness policies that cover a wide range of topics. These policies are updated as necessary and shared with all employees.




All employee contracts include a confidentiality agreement contingent on acceptance of employment.

PCI Compliance

 PCI Compliance

All payments to Polly are processed through our partner, Stripe. To learn more about their security setup and PCI compliance, you can visit Stripe's security page.

GDPR Compliance

GDPR Compliance

Commitment to EU General Data Protection Regulation (GDPR)

As of May 25th, 2018, Polly is GDPR compliant in how we handle customer data. To read more about our commitment to the GDPR, please visit our GDPR page.

Security Questions?

Feel free to contact us at [email protected]