Compliance at Postman

We believe in a strong security foundation based on industry standards, compliance, and regulations. Postman adheres to GDPR, CCPA, and other privacy and security regulations to meet your compliance needs.

Postmanaut showing A P I platform graphic. Illustration.

Compliance certifications and regulations

We comply with current industry-standard regulations to ensure the security of our company and customer data.

SOC 2

The SOC2 (System and Organization Controls) Type II report focuses on the security, availability, and confidentiality of a cloud service and is audited annually at Postman.

SOC 3

The SOC3 (System and Organization Controls) report focuses on the security, availability, and confidentiality of a cloud service and is audited annually at Postman.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card information.

GDPR

The European Union's General Data Protection Regulation governs data protection and privacy for all individual citizens of the European Union and the European Economic Area.

CSA STAR Level One

CSA STAR Level One Self-Assessment documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering using.


Security Portal

Access Postman’s security and compliance documents on our Security Portal, such as penetration testing and audit reports.

Visit Security Portal

Frequently asked questions

Is Postman audited by a third-party auditor to ensure compliance with their policies?

Yes, we work with third-party compliance auditors which include our SOC2 (Systems and Organizations Controls) and Microsoft SSPA (Supplier Security Privacy & Assurance) audits.


Is Postman GDPR compliant?

Yes, we are compliant with the European Union's General Data Protection Regulation (GDPR), which governs data protection and privacy for all individuals and citizens of the European Union and the European Economic Area.


Does Postman have a Data Processing Agreement?

Yes, we provide Data Processing Agreement to customers with a regulatory requirement.


How can I view Postman's SOC 2 and 3 reports?

You can download these reports on our Security Portal.



500,000 companies use Postman

Many of the world's top organizations, including 98% of the Fortune 500, are using the Postman API Platform today.