Postman Content Policies

Effective Date: July 16, 2025

We understand that copyrighted, trademarked, or sensitive content may get published on the Postman platform, on the public Postman API Network, or in the Postman Community—either accidentally or on purpose—sometimes in workspaces that you do not own. Because the nature of this content varies, and because of different applicable laws, each category has its own, distinct reporting requirements outlined in Postman's policies.

If you'd like to request that content be removed from a Postman web site, the public Postman API Network, or the Postman services, please take some time to acquaint yourself with each of these policies and their respective reporting requirements before submitting a report. If we receive an incomplete report, we'll need to ask for clarifications or revisions and you'll need to re-submit a revised report.

Please note that Postman is not able to help you determine which policy is appropriate for your specific situation. If you've reviewed the policies below and still have questions about whether or not content should be reported as a username violation or an improper posting of copyrighted, trademarked, or sensitive data, we recommend consulting with your legal counsel.

Account names for the Postman API Network and Postman platform (including usernames and team domain names) are available on a first-come, first-served basis, and must be intended for immediate and active use.

If the username or team domain name you want has already been claimed, consider other names or unique variations. Using a number, hyphen, or an alternative spelling might help you identify a desirable username still available.

Keep in mind that not all activity on Postman is publicly visible; accounts with no visible activity may be in active use.

Name squatting is not allowed

Postman prohibits account name squatting, and account names may not be reserved or inactively held for future use. Accounts violating this name squatting policy may be removed or renamed without notice. Attempts to sell, buy, or solicit other forms of payment in exchange for account names are prohibited and may result in permanent account suspension.

What is a Postman trademark policy violation?

Using a company or business name, logo, or other trademark-protected materials in a manner that may mislead or confuse others with regard to its brand or business affiliation may be considered a trademark policy violation.

What is not a Postman trademark policy violation?

Using another's trademark in a way that has nothing to do with the product or service for which the trademark was granted is not necessarily a trademark policy violation. As stated above, Postman platform user names are available on a first come, first served basis and may not be reserved. A Postman account with a username that happens to be the same as a registered trademark is not, by itself, necessarily a violation of our trademark policy.

How does Postman respond to reported trademark policy violations?

When we receive reports of trademark policy violations from holders of federal or international trademark registrations, we review the account and may take the following actions:

• When there is a clear intent to mislead others through the unauthorized use of a trademark, Postman will suspend the account and notify the account holder.
• If Postman determines that an account appears to be confusing users, but is not purposefully passing itself off as the trademarked good or service, we give the account holder an opportunity to clear up any potential confusion. Postman may also release a username for the trademark holder's active use.

How do I report a trademark policy violation?

Holders of registered trademarks can report possible trademark policy violations to Postman by emailing help@postman.com. Please submit trademark-related requests using your company email address, put “Trademark Policy” in the subject line, and include all the information requested below in the body of your email to help expedite Postman's review and response. Also be sure to clearly describe to Postman why the account may cause confusion with your mark and/or how the account may dilute or tarnish your mark.

What information is required when reporting trademark policy violations?

• Username of the reported account
• Company name
• Company's Postman account (if there is one)
• Company website link
• Trademarked word, symbol, etc.
• Trademark registration number
• Trademark registration office (e.g., USPTO)
• Description of confusion (e.g., passing off as your company, including specific descriptions of content or behavior)
• Requested action (e.g., removal of violating account or transfer of trademarked username to an existing company account)
• Your physical or electronic signature

You must also review and include the following statements (indicating that you have read and understand your submission):

• "I have a good faith belief that use of the trademark described above is not authorized by the trademark owner, or its agent, or the law. I have taken nominative and other fair uses into consideration."
• "I swear, under penalty of perjury, that the information in this notification is accurate and that I am the trademark owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed."

Note: A federal or international trademark registration number is required. If the name you are reporting is not a registered mark (e.g., a government agency or non-profit organization), please let us know:

• Your first and last name
• Title
• Address
• Phone
• Email (must be from company domain)

The Online Copyright Infringement Liability Limitation Act of the Digital Millennium Copyright Act (17 U.S.C. § 512) ("DMCA"), established a process for addressing claims of copyright infringement. Postman's will respond to notices of alleged copyright infringement that comply with applicable law.

IPostman's form of notice set forth below is consistent with the form suggested by the DMCA statute, which can be found at the U.S. Copyright Office's official website: https://www.copyright.gov.

If you own a copyright or have authority to act on behalf of a copyright owner and want to report a claim that a third party is infringing that material on or through the Postman services or on a Postman web site, please send a written notice ("DMCA Notice") as set out below that includes all of the following items and we will expeditiously take appropriate action:

• A description of the copyrighted work that you claim is being infringed;
• A description of the material you claim is infringing and that you want removed or access to which you want disabled and the URL or other location of that material;
• Your name, postal address, telephone number, and email address;
• The following statement: "I have a good faith belief that the use of the copyrighted material I am complaining of is not authorized by the copyright owner, its agent, or the law (e.g., as a fair use)";
• The following statement: "The information in this notice is accurate and, under penalty of perjury, I am the owner, or authorized to act on behalf of the owner, of the copyright or of an exclusive right that is allegedly infringed"; and
• An electronic or physical signature of the owner of the copyright or a person authorized to act on the owner's behalf.

How to submit your copyright use complaint

The fastest way to get a response is to provide all required information listed above by email notification to Postman's designated copyright agent via dmca@postman.com with “DMCA Notice” in the subject line. Please include a plain-text version of your letter in the body of your message; you may also include an attachment if you'd like.

If you must send your notice by physical mail, you can do that, but it will take far longer for us to receive and respond to it. Notices Postman receives via plain-text email have a much faster turnaround than PDF attachments or physical mail. If you still wish to mail us your notice, mail to:

Postman, Inc.

1 Market Plaza, Ste 0800

Steuart Tower

San Francisco, CA 94105

USA

Important Requirements for DMCA Notices

If you fail to comply with all of the requirements of Section 512(c)(3) of the DMCA, your DMCA Notice may not be effective.

If you knowingly materially misrepresent that material or activity is infringing your copyright, you may be held liable for damages (including costs and attorneys' fees) under Section 512(f) of the DMCA.

Postman may, in appropriate circumstances, disable or terminate the accounts of users who may be repeat infringers.

This process does not limit Postman's ability to pursue any other remedies we may have to address suspected infringement.

Any user affected by your takedown notice may decide to submit a counter notice. If they do, Postman reserves the right to re-enable their content within 10-14 days unless you notify us, with related documentation, that you have initiated a legal action seeking to restrain the user from engaging in infringing activity relating to the content on Postman.

Postman exercises little discretion in the process other than determining whether the notices meet the minimum requirements of the DMCA. It is up to the parties (and their legal representatives) to evaluate the merit of their claims, bearing in mind that notices must be made under penalty of perjury.

This DMCA takedown policy is provided so as to comply with provisions of the DMCA and other applicable laws as are relevant to Postman; it is not intended and may not be taken as, or relied upon in any way as, legal advice. We encourage you to familiarize yourself with the requirements of the DMCA and other applicable laws, or to consult an attorney, before providing any notification or counter notification of any kind to us.

In the event that sensitive, security-related content is published on Postman's sites, Postman provides our sensitive data removal process to remove this data in certain exceptional circumstances where the DMCA process would not be applicable, such as when your security is at risk from exposed passwords and you do not own the copyright to the specific content that you need removed, or the content is not protectable by copyright. This section describes the information Postman needs from you in order to process a request to remove sensitive data from a workspace.

What is "sensitive data" for the purposes of this policy?

For the purposes of this sensitive data removal policy, "sensitive data" refers to content that (i) should have been kept confidential, and (ii) whose public availability poses a specific or targeted security risk to you or your organization.

Sensitive data removal requests are appropriate for:

• Access credentials, such as user names combined with passwords, access tokens, or other sensitive secrets that can grant access to your organization's server, network, or domain.
• AWS tokens and other similar access credentials that grant access to a third party on your behalf. You must be able to show that the token does belong to you.
• Documentation (such as network diagrams) that poses a specific security risk for an organization. Internal server names, IP addresses, and URLs, on their own, are not sufficiently sensitive; you must be able to show that the internal server name's use in a particular file or piece of code poses a security threat.

When a sensitive data removal request is not appropriate

Sensitive data removal requests are not appropriate for:

• Requests to remove content that may infringe your or your organization's copyright rights. If you have questions about how Postman handles copyright-related matters or would like to report potentially infringing content, please review the Copyright / DMCA Notice and Takedown section above.
• The sensitive data removal process is generally not intended for the removal of full files or workspaces—only for the specific pieces of sensitive data in those files. While there may be cases where files are filled entirely with sensitive information, you must justify the security risk for the removal of such files, and this may increase the time required to process your request.
• Trademark disputes. If you have questions about how Postman handles trademark-related matters or would like to report content containing your organization's trade or service marks, please review the Trademark policy section above.
• Mere mentions of your company's identity, name, brand, domain name, or other references to your company in files on Postman. You must be able to articulate why a use of your company's identity is a threat to your company's security posture before Postman will take action under this policy.
• Privacy complaints. If you have concerns about your own privacy or you are contacting us on behalf of your employees due to a privacy concern, please contact us at help@postman.com.
• Entire files or workspaces that do not pose a specific security risk, but you believe are otherwise objectionable.
• Content governed by our Postman Community Code of Conduct, or malware or general-purpose tools. If you have questions about our community code of conduct or believe that content on Postman might violate our guidelines, contact us at info@postman.com.

Preparing a request to remove sensitive data

Ask the user nicely first. A great first step before sending us a request to remove data is to try contacting the user directly. They may have listed contact information on their public profile page or in the workspace, or you could get in touch by creating an issue or pull request in the workspace. This is not strictly required, but it is appreciated.

No bots. You should have a trained professional evaluate the facts of every request you send. If you're outsourcing your efforts to a third party, make sure you know how they operate, and make sure they are not using automated bots to submit complaints in bulk. These complaints often include data that does not pose any security threats, and they do not include sufficient explanations, requiring additional back-and-forth and resulting in delays, even when the complaint is valid.

Send in the correct request. Postman offers this sensitive data removal process as an exceptional service only for high-risk content. We are not able to use this process to remove other kinds of content, such as potentially infringing content, and we are not able to process any other kinds of removal requests simultaneously while processing sensitive removal requests. Postman will be able to help you more quickly if you send in your sensitive data removal requests separately from any requests to remove potentially infringing content. If you are unsure whether your request involves only sensitive data or also involves other legal matters, please consult legal counsel.

Processing time. While Postman works to process sensitive data removal requests as quickly as possible, it may take some time for your request to be reviewed. Additional requests, or multiple requests from additional points of contact, may result in delays.

How does the process work?

• Concerned party, the “complainant,” investigates. It is up to the requesting party to conduct their own investigation and to provide us with the details Postman requires—most importantly, an explanation of how the data poses a security risk. Postman is not in a position to search for or make initial determinations about data on any individual's or organization's behalf.
• Complainant sends a sensitive data removal request. After conducting an investigation, the complainant prepares and sends a sensitive data removal request to Postman. If the request is not sufficiently detailed to demonstrate the security risk and for Postman to locate the data, we will reply and ask for more information.
• Postman takes content down. If the published workspace or documentation exposes sensitive data, Postman takes the content down and lets the data owner know that we unpublished it.
• User may dispute the request. If a user believes the content in question is not sensitive data subject to this policy, they may dispute it. If they do, we reserve the right to leave it up to the complainant to contact the user and work things out with them directly, within reason.
• Complainant reviews changes. If the user disputes the changes and makes changes themselves, the complainant must review them. If the changes are insufficient, the complainant must provide Postman with details explaining why. Postman may disable the workspace or give the user an additional chance to make the changes.

Keep forks in mind when considering scope of your request

One of the best features of Postman is the ability for users to "fork" collections within one another's public or private workspaces. Essentially, that means that users can make a copy of a collection on Postman so teams can work in parallel on the same collection. This makes it easy for teams to make changes and test them without risking the base collection. As the license or the law allows, users can then make changes to that fork to either push back to the main project or just keep as their own variation of a project. Each of these copies is a "fork" of the original collection, which in turn may also be called the "parent" of the fork.

Postman will not automatically disable forks when disabling a parent collection. This is because forks belong to different users and may have been altered in significant ways. Postman does not conduct any independent investigation into forks. We expect those sending sensitive data removal requests to conduct that investigation and, if they believe that the forks also contain sensitive data, expressly include forks in their removal request.

Being specific will help us process the sensitive data removal request

Due to the type of content and the way that content is managed, we need complaints to be as specific as possible. In order for Postman to verify that a user has removed reported sensitive data completely, we need to know exactly where to look.

These guidelines are designed to make the processing of requests to remove sensitive data as straightforward as possible.

Your request must include:

• A working, clickable link to each file containing the alleged sensitive data. (Note that we're not able to work from search results, examples, or screenshots.)
• Specific line numbers within each file containing the sensitive data.
• A brief description of how each item you've identified poses a security risk to you or your organization. It is important that you provide an explanation of how the data poses a security risk beyond merely stating that it does.
• If you are a third party acting as an agent for an organization facing a security risk, include a statement that you have a legal right to act on behalf of that organization.
• OPTIONAL: Let us know if your request is particularly urgent, and why. We respond to all sensitive data removal requests as quickly as possible. However, if this request is especially time-sensitive, such as a very recent credential exposure, please explain why.

How to submit your sensitive data removal request

You can submit your request to remove sensitive data to Postman by emailing help@postman.com. Please include a plain-text version of your request in the body of your message. Sending your request as an attachment may result in processing delays.

Postman currently maintains a website for Postman users to exchange ideas and information about best practices for use of the Postman products at community.postman.com (the "Postman Community"). Use of Postman Community is subject to the applicable provisions of Postman's Terms of Service and the Postman Community Code of Conduct.

If you are subject to—or a witness to—unacceptable behavior, or have any other concerns at any time about behaviors or activity within the Postman Community, please notify a Postman representative who is a moderator in the Community as soon as possible.

If Postman receives a take-down request for any of your content, Postman will take reasonable steps to determine the basis for such notice. If Postman concludes that it is legally obligated to comply with such request or that it is appropriate for Postman to comply with such request, it may, in its sole and absolute discretion (or, if you have your habitual residence in a Member State of the European Union, based on reasonable criteria), remove such content as set out in the above policies.

If you have received a trademark, copyright, or sensitive data removal request from us, you can dispute it by replying to our email help@postman.com and letting us know—in as much detail as possible—why you think the content in question is not sensitive data or infringing content subject to our policies described here.