Compliance at Postman

We believe in a solid security foundation based on industry standards and regulatory compliance to secure our company and customer data.

Postmanaut showing A P I platform graphic. Illustration.

Compliance certifications and regulations

Postman adheres to global privacy and security regulations to meet your compliance needs. Learn more below.

SOC 2 and 3

We validate our company's security posture and controls through rigorous evaluations. The System and Organization Controls (SOC2) Type II and SOC 3 assessments focus on our security, availability, and confidentiality practices.


We comply with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for organizations that handle credit card information.


We have privacy controls to limit personal data collection. Such activities comply with global regulatory requirements, like the European Union's General Data Protection Regulation (GDPR), which governs data protection and privacy for EU and European Economic Area citizens.


We respect privacy and adhere to the California Consumer Privacy Act (CCPA), which gives customers control over their personal information.

The Cloud Security Alliance's STAR Registry

We have a CSA Security, Trust, Assurance, and Risk (STAR) Level 1 attestation. The self-assessment evaluates and documents the security controls and practices of cloud-computing providers.

Postman Security and Trust Portal

Access Postman's security and compliance documents on our Security and Trust Portal, such as penetration testing and audit reports.

Visit our Security and Trust Portal

500,000 companies use Postman

Many of the world's top organizations, including 98% of the Fortune 500, are using the Postman API Platform today.

Postman v11 is here!

It's jam-packed with updates to help you collaborate on your APIs, augment yourself with AI, and more.