Security at Polly

Your privacy and the security of your data is our top concern. Here at Polly, we build everything with customer trust and security in mind. We pride ourselves on taking the extra steps to ensure that we meet and exceed the industry standard to protecting your information.

Network and Application Security Features

Cloud Hosting

Cloud Hosting

Polly's data and services are hosted with trusted Amazon Web Services (AWS) in US facilities, spread across multiple availability zones to ensure reliability and disaster recoverability.

Permissions and Authentication

Permissions and Authentication

Access to customer data is limited to authorized employees whose job functions require it. Additionally, 2FA and strong password policies on all tools used internally are strictly implemented for all Polly employees to ensure third-party access to these cloud services are protected.

SSL and Encryption

SSL and Encryption

All data is transmitted over HTTPS, and any data stored is encrypted in transit and at rest using 256-bit encryption. Our application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

Incident Response

Incident Response

Polly has a protocol in place for handling various security incidences, all of which employees are informed and trained on.

Polly Product Security Features

Single Sign On (SSO) and Two-Factor Authentication (2FA)

Single Sign On (SSO) and Two-Factor Authentication (2FA)

Polly inherits the same authentication method that you use for your Slack workspace, including SSO and 2FA.

Permissions

Permissions

Polly has different levels of permission settings within the app for your team. This includes app settings, user data, and billing.

Compliance Certifications

SOC 2

SOC 2

(Type I)
Trust Services Principles

EU/US Privacy Shield

EU/US Privacy Shield

Data Privacy Practices

Additional Security Features

Internal Security Policies

Internal Security Policies

Polly has a set of comprehensive security and awareness policies that cover a wide range of topics. These policies are updated as necessary and shared with all employees.

 

Confidentiality

Confidentiality

All employee contracts include a confidentiality agreement contingent on acceptance of employment.

 PCI Compliance

PCI Compliance

All payments to Polly are processed through our partner, Stripe. To learn more about their security setup and PCI compliance, you can visit Stripe's security page.

 

GDPR Compliance

Commitment to EU General Data Protection Regulation (GDPR)

Commitment to EU General Data Protection Regulation (GDPR)

As of May 25th, 2018, Polly is GDPR compliant in how we handle customer data. To read more about our commitment to the GDPR, please visit our GDPR page.

Responsible Disclosure

 

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@polly.ai. We will acknowledge your email within ten business days. Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one month of disclosure. Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Polly service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we’d like you to refrain from

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Polly employees or contractors
  • Any attacks against Polly’s physical property or data centers

Security Questions?

Feel free to contact us at security@polly.ai