Polytomic Security
1. Introduction
This page covers the security aspects of Polytomic's infrastructure. Please contact [email protected] with any questions.
2. Standards compliance
Polytomic is compliant with SOC 2 Type II, GDPR, HIPAA, and CCPA. Polytomic is regularly audited by third-party security auditors that employ industry best practices in their testing methodology.
Should you require Polytomic's SOC 2 Type II or penetration-testing reports, please submit your request to [email protected].
3. Encryption
Whether dealing with in-transit or at-rest data, Polytomic employs robust encryption as one of multiple defence mechanisms against unauthorized access of data.
AWS RDS encryption
Customer credentials are stored in Polytomic's encrypted AWS (Amazon Web Services) RDS database. The database is encrypted using AES-256 and envelope encryption. This ensures that customer credentials are stored with the utmost security.
AWS KMS
Polytomic's encryption keys are managed by AWS KMS (Key Management Service). This allows Polytomic to enable industry best-practices as well as centrally manage encryption keys and their policies.
In-transit data
Data-syncing is a major part of Polytomic's platform, thus Polytomic's encryption regime extends to all data in-transit being encrypted with TLS (Transport Layer Security).
4. Retention
Being a data-sync platform, Polytomic does not retain customer data. All customer data processing occurs for the duration of an active sync as initiated by the customer.
Polytomic has the ability to store sync history logs, however this ability is controlled by the customer. Should the customer turn on sync history logs, Polytomic will automatically delete them after 30 days. Log deletion cannot be overriden.