Self-attestation logo

Last updated by the developer on:

General information

Information provided by Polly to Microsoft:

Information Response
App name Polly
ID 1542629c-01b3-4a6d-8f76-1938b779e48d
Capabilities Bot, Tab, Messaging Extension
Partner company name Polly
Physical address 100 S King Street, Suite 500, Seattle, WA
Contact information for this app contact@polly.ai
URL of partner website https://www.polly.ai
URL of Teams application info page https://www.polly.ai/help/msteams
URL of Privacy Policy https://www.polly.ai/privacy
URL of Terms of Use https://www.polly.ai/tos
Main telephone number 1 (206) 743-0987
Description of available licensing options, if any None
Licensing contact contact@polly.ai
Licensing telephone number 1 (206) 743-0987


Questions or updates to any of the information you see here? Contact us!

How the app handles data

Information provided by Polly on how this app collects and stores organizational data, and what control an organization has over this data.

Data access using Microsoft Graph

This application does not use Microsoft Graph.

Data access via bots

If this app contains a bot or a messaging extension, it can access the roster (first name, last name, display name, email address) of any team member in a team or chat it's added to. Does this app make use of this capability?

Access team/chat roster? Justification/Purpose Is any of this data stored in app database(s)?
Team/Chat Roster Providing list of users and channels All

Telemetry data

Does any organizational information, including EUII (end-user identifiable information) and OII (organizational identifiable information), appears in this application's telemetry/logs? If yes, describe what data is present and what controls/processes an organization has in place to archive and/or delete it. If no, describe the controls/processes in place to prevent EUII and OII from appearing in telemetry/logs.


Storing and securing organizational data

Describe where/how is this application's data is stored and how access to it is controlled. Is it encrypted? Who can access it? How do you ensure that only authorized systems/individuals can access it? Examples: 2FA for all admins, Privileged Access Management (PMA), partitioning service admin accounts from Azure AD/corporate user accounts, protected IP ranges between systems, etc.

Polly uses a SAS database provided by Mongo Atlas for production. Data is encrypted at rest using AES 256 encryption provided by the vendor. Access to the database is restricted to support personel while doing customer support or maintenance work, and is protected by 2FA and IP Address white listing for all admin accounts.

Organizational controls for data stored by partner

Describe any capabilities an organization's administrators have to control their information residing in partner systems, e.g. deletion, retention, auditing, archiving, end-user policy, etc.

Customers are able to control data retention and perform auditing as part of the Polly Enterprise service plan.


Questions or updates to any of the information you see here? Contact us!

Information from the Microsoft Cloud App Security catalog appears below.


Information from the Microsoft Cloud App Security catalog is based on a variety of sources. Microsoft works to keep the information current but makes no guarantees of the accuracy of all the data sources. Contact us if you believe information about an app is outdated.

View in a new tab


Questions or updates to any of the information you see here? Contact us!