The 2023 State of the API survey is open!

Make your voice heard in the world's biggest API survey

The 2023 State of the API survey is open! Share your thoughts on APIs and take the survey →

X
← Trust Center

Compliance at Postman

We believe in a solid security foundation based on industry standards and regulatory compliance to secure our company and customer data.

Postmanaut showing A P I platform graphic. Illustration.

Compliance certifications and regulations

Postman adheres to global privacy and security regulations to meet your compliance needs. Learn more below.

SOC 2 and 3

We validate our company's security posture and controls through rigorous evaluations. The System and Organization Controls (SOC2) Type II and SOC 3 assessments focus on our security, availability, and confidentiality practices.

PCI DSS

We comply with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card information.

GDPR

We have privacy controls to limit personal data collection. Such activities comply with global regulatory requirements, like the European Union's General Data Protection Regulation (GDPR), which governs data protection and privacy for EU and European Economic Area citizens.

CCPA

We respect privacy and adhere to the California Consumer Privacy Act (CCPA), which gives customers control over their personal information.

The Cloud Security Alliance's STAR Registry

We have a CSA Security, Trust, Assurance, and Risk (STAR) Level 1 attestation. The self-assessment evaluates and documents the security controls and practices of cloud-computing providers.

Security Portal

Access Postman's security and compliance documents on our Security Portal, such as penetration testing and audit reports.

Visit Security Portal

Frequently asked questions

Does a third-party auditor assess Postman's corporate security and privacy practices?

We undergo annual third-party compliance assessments during our SOC2 and Microsoft's Supplier Security and Privacy Assurance (SSPA), ensuring customers and prospects that they can trust us as a provider.

Does Postman have a Data Processing Agreement?

Yes, we provide Data Processing Agreement to customers with a regulatory requirement.

How can I access Postman's SOC 2 and 3 reports?

You can download these reports on our Security Portal.

Additional resources

Postman's New SOC 2 Type 2 Report: How (and Why) We Did It

Read blog →

Introducing the Secret Variable Type in Postman

Read blog →

Introducing the Super Admin Role: Manage All Your Team's Users and Resources

Read blog →

500,000 companies use Postman

Many of the world's top organizations, including 98% of the Fortune 500, are using the Postman API Platform today.

Buy NowContact Sales