Security at Polly
Your privacy and the security of your data is our top concern. Here at Polly, we build everything with customer trust and security in mind. We pride ourselves on taking the extra steps to ensure that we meet and exceed the industry standard to protecting your information.
Network and Application Security Features
Cloud Hosting
Polly's data and services are hosted with trusted Amazon Web Services (AWS) in US facilities, spread across multiple availability zones to ensure reliability and disaster recoverability.
Permissions and Authentication
Access to customer data is limited to authorized employees whose job functions require it. Additionally, 2FA and strong password policies on all tools used internally are strictly implemented for all Polly employees to ensure third-party access to these cloud services are protected.
SSL and Encryption
All data is transmitted over HTTPS, and any data stored is encrypted in transit and at rest using 256-bit encryption. Our application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.
Incident Response
Polly has a protocol in place for handling various security incidences, all of which employees are informed and trained on.
Polly Product Security Features
Single Sign On (SSO) and Two-Factor Authentication (2FA)
Polly inherits the same authentication method that you use for your Slack workspace, including SSO and 2FA.
Permissions
Polly has different levels of permission settings within the app for your team. This includes app settings, user data, and billing.
Additional Security Features
Internal Security Policies
Polly has a set of comprehensive security and awareness policies that cover a wide range of topics. These policies are updated as necessary and shared with all employees.
Confidentiality
All employee contracts include a confidentiality agreement contingent on acceptance of employment.
PCI Compliance
All payments to Polly are processed through our partner, Stripe. To learn more about their security setup and PCI compliance, you can visit Stripe's security page.
GDPR Compliance
Commitment to EU General Data Protection Regulation (GDPR)
As GDPR takes effect on May 25th, 2018, Polly is focused on ensuring that we are compliant in how we handle customer data. During this period leading up to the deadline, we are re-evaluating the requirements and restrictions set forth by GDPR and are taking the necessary steps to be in full compliance.
To read more about our commitment to the GDPR, please visit our GDPR page.