Compliance certifications and regulations
Postman adheres to global privacy and security regulations to meet your compliance needs. Learn more below.
SOC 2 and 3
We validate our company's security posture and controls through rigorous evaluations. The System and Organization Controls (SOC2) Type II and SOC 3 assessments focus on our security, availability, and confidentiality practices.
We comply with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card information.
We have privacy controls to limit personal data collection. Such activities comply with global regulatory requirements, like the European Union's General Data Protection Regulation (GDPR), which governs data protection and privacy for EU and European Economic Area citizens.
We respect privacy and adhere to the California Consumer Privacy Act (CCPA), which gives customers control over their personal information.
The Cloud Security Alliance's STAR Registry
We have a CSA Security, Trust, Assurance, and Risk (STAR) Level 1 attestation. The self-assessment evaluates and documents the security controls and practices of cloud-computing providers.