Compliance at Postman
We believe in a solid security foundation based on industry standards and regulatory compliance to secure our company and customer data.
Compliance certifications and regulations
Postman adheres to global privacy and security regulations to meet your compliance needs. Learn more below.
SOC 2 and 3
We validate our company's security posture and controls through rigorous evaluations. The System and Organization Controls (SOC2) Type II and SOC 3 assessments focus on our security, availability, and confidentiality practices.
PCI DSS
We comply with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card information.
GDPR
We have privacy controls to limit personal data collection. Such activities comply with global regulatory requirements, like the European Union's General Data Protection Regulation (GDPR), which governs data protection and privacy for EU and European Economic Area citizens.
CCPA
We respect privacy and adhere to the California Consumer Privacy Act (CCPA), which gives customers control over their personal information.
The Cloud Security Alliance's STAR Registry
We have a CSA Security, Trust, Assurance, and Risk (STAR) Level 1 attestation. The self-assessment evaluates and documents the security controls and practices of cloud-computing providers.
Postman Security and Trust Portal
Access Postman's security and compliance documents on our Security and Trust Portal, such as penetration testing and audit reports.
500,000 companies use Postman
Many of the world's top organizations, including 98% of the Fortune 500, are using the Postman API Platform today.
June 3 & 4, 2025 in Los Angeles, CA
Step into the future of APIs and AI at POST/CON 25. Join developers, architects, and tech leaders to build smarter, faster, and more secure APIs in the age of generative AI.
