Postman Trust Center
More than 20 million developers and 500,000 organizations world-wide trust Postman as an API platform. We've created comprehensive practices and policies to earn and keep your trust.
Trust your APIs
The Postman Trust Center provides information on our product security, privacy, compliance, and reliability. We aim to give you transparency about our practices and policies in place to ensure a secure corporate environment.
Security is a priority in every stage of our product development, enabling us to layer protections early and often.
Postman complies with global industry standards on data security and privacy, including the European Union's General Data Protection Regulation and the California Consumer Privacy Act.
We respect your privacy preferences and give you control over your data. We also have privacy controls to limit personal data collection, and such activities comply with global regulatory requirements.
You depend on Postman products for your API lifecycle. We design with reliability in mind so you and your team can confidently use Postman.
Compliance certifications and regulations
We comply with industry-standard certifications and regulations to ensure the security of our company and customer data.
General Data Protection Regulation (EU GDPR)
System & Organization Controls (SOC 2 & SOC 3)
Payment Card Industry Data Security Standard (PCI DSS)
CSA STAR Level One
Postman shared responsibility model
Postman maintains security and regulatory compliance standards. We ensure our products and services are safe and secure to use. However, you also serve a role in securing your data and following safe practices with the information you store within Postman.
Reach out to Postman Security
Our security team ensures the security of data stored with Postman and helps you keep your APIs secure by providing security-aware features, workshops, and content.
If you find a vulnerability in our service or website or want additional information about our security policies, you can contact us at firstname.lastname@example.org. You can use our PGP public key to encrypt your communications with us.
If you are reporting security vulnerabilities or if you are a security researcher, review our security reporting guidelines and policy.
We want to answer your questions and inform your security decisions about our product.