Legal

Privacy Policy

This policy explains what data polimorf collects, why we collect it, how we use it, and the rights you have over it.

Last updated · 2026-05-19

Who we are

Polimorf ("we", "us") provides a multi-organization platform for building and operating the software a business runs on. This policy applies to the marketing website, the developer console, and the client workspace.

What we collect

Account data

When you create an account we collect your email, display name, password hash, and organization metadata. If you sign in via SSO, we receive the identifiers your identity provider releases.

Workspace data

Content you create inside an organization — schemas, entries, media, workflows, dashboards — is stored in an isolated Postgres schema per organization. We process this data only to operate the service.

Usage data

We log requests, errors, and performance metrics. Logs are retained for 30 days and contain IP addresses, user-agent strings, request paths, and response status codes.

Cookies

We use strictly necessary cookies for authentication. See our Cookie Policy.

Why we collect it

  • To provide and secure the service.
  • To bill and communicate about your account.
  • To improve product quality and reliability.
  • To comply with legal obligations.

Legal bases (GDPR)

  • Contract. to deliver the service you signed up for.
  • Legitimate interest. to keep the service secure and improve it.
  • Consent. for optional analytics or marketing communications.
  • Legal obligation. record-keeping and compliance.

Who we share with

Sub-processors operate parts of the service on our behalf. hosting, database, email delivery, error tracking. A current list is maintained in the Data Processing Agreement.

We do not sell personal data. We do not share workspace data with third parties for advertising.

Your rights

You may request:

  • Access to the personal data we hold.
  • Correction of inaccurate data.
  • Deletion of your account and associated personal data.
  • Export of your workspace data.
  • Restriction of processing or objection to it.

Send requests to privacy@polimorf.com. We respond within 30 days.

Retention

Account data is retained while your account is active and for up to 90 days after deletion. Backups roll off within 30 days. Audit and security logs are retained for 12 months.

International transfers

Where data is transferred outside the EEA / UK, we rely on Standard Contractual Clauses and supplementary measures as appropriate.

Changes to this policy

Material changes will be announced via email and in-app at least 30 days before they take effect.

Questions?

Reach the team at legal@polimorf.com or through the contact form.