Security and access

Polyteia provides comprehensive login protection and a finely tuned permission system to ensure security on the platform. Access to every resource - whether it's a workspace, file, report, or dataset - requires an explicit invitation.

This approach may seem restrictive at first, but it provides full control over who can view or edit which information.

Login methods

Polyteia supports three secure login procedures:

Recommendation:

For optimal security, we recommend activating all options:

• Password as an additional login method

• TOTP for strong two-factor protection

This combination ensures that access remains protected even if one method is compromised.

TOTP authentication

TOTP (time-based one-time code) generates new access codes every 30 seconds through an authenticator app such as:

TOTP is considered particularly secure because:

• Codes are generated offline on your device

• Each code is only valid for a short time

• Login without your device is not possible even if your password is stolen

You can activate TOTP under Settings → Account → Authenticator App.

Access by invitation only

Polyteia follows a strict invitation-based access model. A user account alone does not grant access.

Each resource requires explicit authorization. Examples:

This model minimizes risks and meets data protection requirements.

Polyteia's role system enables precise access control at all levels:

• Organization roles: Administrator and member roles for managing platform-wide settings

• Resource roles: Viewer, editor, and owner roles for datasets, evaluations, and other resources

• Sharing options: Grant access specifically to individuals or groups with appropriate permissions

Every action – whether viewing a chart or editing a dataset – is governed by roles. This implements the principle of least privilege and ensures traceability of all access rights.