All data in transit is strongly encrypted. All requests are sent securely using TLS protocols, AES256 encryption, and SHA2 signatures. Passwords are salted and hashed. Access tokens are 256-bit and hashed when stored in the database.
Secure Data Infrastructure
Polimorphic’s cloud infrastructure is an ISO 27000/SOC 1 and SOC 2 compliant data center. Our data infrastructure is also NIST, FIPS, FISMA, and HIPAA compliant. Our servers and data stores are hosted in U.S. data centers to ensure FOIA compliance.
To minimize risks of organizational access and exposure, we adhere to least privilege principles. We limit access to servers to our CTO/CSO via AWS private keys. Both production and development database access is restricted and monitored.