How Polymer handles data

Data privacy and security are extremely important to Polymer. We built our system with data privacy front and center.

We take product security as our highest priority in Polymer. As security effort is applied throughout our release cycle, we tend to discover security issues far earlier in the process and address them rapidly.

Polymer uses continuous integration for all our services. By doing so, we can respond rapidly to any security and functional issue. We're continuously working on iteratively improving our DevOps practices.

Data uploaded to Polymer by its authorized users are considered confidential. It is protected in transit across public networks and encrypted at rest using AES-256 encryption. Data uploaded to Polymer is not authorized to exit our service environment, except in limited circumstances such as in resolving a customer request.

To protect customers' data and our secrets, we utilize encryption including encryption at rest (AES-256), KMS-based protections for secrets (passwords, access tokens, API keys, etc.), and GPG encryption.

We monitor our infrastructure for security and stability related events to prevent any data loss and leaks by utilizing open source and commercial technologies. Activities such as API calls are logged to a central logging system, which triggers alarms for the security team at any malicious activity.

How we do it

TLS Everywhere

All data transmitted between Polymer and its users are protected using Transport Layer Security (TLS) and HTTP Strict Transport Security (HSTS). If encrypted communication is interrupted, the Polymer application is inaccessible.

Single Source of Truth

Polymer has a philosophy of one source of truth vs making multiple copies of data in our system. This disallows sloppy passing around of data and avoids creating a large surface area around any data and potential loopholes.

Deleting Data

All data can be easily deleted via the Polymer interface. Each dataset's delete does a deep delete in our system, which means not only is the underlying encrypted data removed but its meta data like filename, associated user, its size etc. are also deleted from our database. There is no way for us or anyone else to recover this data once deleted by the user.

How Polymer’s encryption works?