Postman Trust Center
We're building the most trusted API platform backed by the most trusted organization. More than 30 million developers and 500,000 organizations worldwide trust Postman.
Sustaining a partnership of trust
The Postman Trust Center provides information on our product security, privacy, compliance, and reliability. We aim to give you transparency around our practices, standards, and policies in place to secure our corporate environment.
Security is a priority in every stage of our product development, enabling us to layer protections early and often.
Postman complies with global industry standards on data security and privacy, including the European Union's General Data Protection Regulation and the California Consumer Privacy Act.
We respect your privacy preferences and give you control over your data. We also have privacy controls to limit personal data collection, and such activities comply with global regulatory requirements.
You depend on Postman products for your API lifecycle. We design with reliability in mind so you and your team can confidently use Postman.
Security content hub
Access reports, blogs, and resources from Postman's global team on topics including API security, product safety and trust.
Regulatory compliance and standards
We comply with industry standards and regulations to protect our corporate and customer data.
General Data Protection Regulation (EU GDPR)
System & Organization Controls (SOC 2 & SOC 3)
Payment Card Industry Data Security Standard (PCI DSS)
CSA STAR Level One
Postman shared responsibility model
Data security is a shared responsibility between Postman and users. Please explore our guide covering the best practices you should follow to secure your data and credentials in Postman.
Contact Postman Security
Postman Security protects your data and helps secure your APIs. We provide security and governance features, workshops, and trusted information.
If you find a vulnerability in our service or website or want additional information about our security policies, contact us at firstname.lastname@example.org. You can use our PGP public key to encrypt your communications with us.
Also, security researchers should review our security guidelines and policy for reporting security vulnerabilities through our bug bounty program.