The 2023 State of the API survey is open!
Make your voice heard in the world's biggest API survey
The 2023 State of the API survey is open! Share your thoughts on APIs and take the survey →
Compliance at Postman
We believe in a solid security foundation based on industry standards and regulatory compliance to secure our company and customer data.
Compliance certifications and regulations
Postman adheres to global privacy and security regulations to meet your compliance needs. Learn more below.
SOC 2 and 3
We validate our company's security posture and controls through rigorous evaluations. The System and Organization Controls (SOC2) Type II and SOC 3 assessments focus on our security, availability, and confidentiality practices.
PCI DSS
We comply with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card information.
GDPR
We have privacy controls to limit personal data collection. Such activities comply with global regulatory requirements, like the European Union's General Data Protection Regulation (GDPR), which governs data protection and privacy for EU and European Economic Area citizens.
CCPA
We respect privacy and adhere to the California Consumer Privacy Act (CCPA), which gives customers control over their personal information.
The Cloud Security Alliance's STAR Registry
We have a CSA Security, Trust, Assurance, and Risk (STAR) Level 1 attestation. The self-assessment evaluates and documents the security controls and practices of cloud-computing providers.
Security Portal
Access Postman's security and compliance documents on our Security Portal, such as penetration testing and audit reports.
Frequently asked questions
Does a third-party auditor assess Postman's corporate security and privacy practices?
We undergo annual third-party compliance assessments during our SOC2 and Microsoft's Supplier Security and Privacy Assurance (SSPA), ensuring customers and prospects that they can trust us as a provider.
Does Postman have a Data Processing Agreement?
Yes, we provide Data Processing Agreement to customers with a regulatory requirement.
How can I access Postman's SOC 2 and 3 reports?
You can download these reports on our Security Portal.
500,000 companies use Postman
Many of the world's top organizations, including 98% of the Fortune 500, are using the Postman API Platform today.