SOC 2 compliant
Polymr operates against the SOC 2 Trust Services Criteria covering security, availability, processing integrity, confidentiality, and privacy. SOC 2 report available under NDA.
Security & Trust
SOC 2 compliant. Customer data isolated. Full audit trail.
Polymr handles manufacturing operational data — drawings, BOMs, supplier commitments, pricing, and ERP transactions. We protect it with the controls enterprise IT and procurement teams expect.
Customer data is isolated
Each customer environment is logically isolated with per-tenant row-level security on every operational table. No cross-tenant query path exists in production.
Encryption everywhere
Data encrypted in transit (TLS 1.2+) and at rest (AES-256). Per-tenant encryption keys managed through cloud KMS. Document attachments encrypted with customer-scoped keys.
Full audit trail
Every workflow decision, recommendation, and ERP sync action is recorded with source-linked context. Audit log is append-only and queryable for compliance reviews.
Human-approved actions
No external system write happens without an explicit human approval step on configurable workflows. ERP sync, vendor outreach, and purchasing actions require approval signatures.
No model-training on customer data
Customer documents, BOMs, drawings, and operational data are never used to train shared models. All inference runs in customer-scoped contexts.
We protect customer data completely.
- No data sold, ever.
- No third-party tracking on customer-tenant surfaces.
- Documents and BOMs deleted on contract termination within 30 days.
- Access logs available to customer admins on request.
- Standard DPA + GDPR-aligned processor terms available.
- PII redacted from logs at ingestion.
Need our SOC 2 report or a vendor security questionnaire response?
Send a quick note — we route security reviews same-day to the right contact.