This site runs best with JavaScript enabled

We take the security of your data and your borrowers' information seriously.

As part of Polly's ongoing commitment to provide best‑in‑class mortgage technology, our platform products are compliant with the internationally recognized auditing standard of System and Organization Controls (SOC) for Service Organizations designed by the American Institute of Certified Public Accountants (AICPA).
The SOC 2 Type 2 Report is an internal controls report that captures how a company safeguards users' data and how well those controls are operating. The SOC 2 Type 2 Report provides a description of a service organization's system and the suitability of design and operating effectiveness of the organization's controls. Companies that use cloud‑service providers such as Polly, use SOC 2 reports to assess and address the risks associated with their third‑party technology service providers. These reports are issued by independent third‑party auditors.
During a rigorous period of examination, an independent third‑party auditor assessed controls in place at Polly and determined that these controls satisfy the AICPA's Trust Services Security, Availability, and Confidentiality Criteria. This means that Polly's systems and controls adhere to the applicable Trust Services Criteria (TSC) that mortgage lenders, banks, credit unions, and other financial institutions desire from their technology service providers for regulatory compliance and governance requirements.
Please contact for more information on Polly's SOC 2 Report.

Responsible disclosures

As part of our ongoing commitment to security, we leverage independent third parties to help us strengthen our security.
If you believe you have discovered a security vulnerability or have a security incident to report, please disclose this information to our team immediately so we can take proper action.