It is always a priority to preserve the confidentiality, integrity, and availability of our customer’s data. Businesses like Cisco, Fivetran, and Seismic trust Postal to safeguard their data and processes.
We protect the confidentiality of all our data, backups, and tokens via AES 256-bit encryption.
Postal’s application offers flexible data retention policies designed to fit your requirements.
Both internal and external resources monitor the Postal environment to ensure that malicious actors are unsuccessful in gaining unauthorized access to our platform.
Passwords are hashed and salted to shield them from password cracking methods, such as rainbow-table attacks.
All communications between your browser and Postal’s website are encrypted via HTTPS/TLS v1.3 minimum.
Distributed Denial of Service (DDoS) protection is deployed as a default control for all customers to maintain the uptime of our service against volumetric attacks.
Add an additional layer of security to protect fraudulent access to your account. Postal.io’s application supports several identity providers (IDP).
To detect and prevent unusual or suspicious activity on our platform; Postal.io utilizes industry-leading cybersecurity technology to build intelligent models of normal/expected behavior.
Postal strives to gain and maintain the trust of our customers. A comprehensive compliance program built around continuous testing and accreditation is critical to this mission.
SOC 2 Type 2
Postal is SOC 2 Type 2 certified, which means the design and operating effectiveness of our security controls are continuously audited.
Postal engages in annual SOC 2 audits that are conducted by an independent; third-party firm. Contact us to request the latest copy of our SOC 2 audit report.
Postal is compliant with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018, and applies to citizens of the European Union.
Please contact us to have an in-depth conversation about Postal’s approach to GDPR and to receive our Data Processing Addendum (DPA).
Postal is compliant with the Payment Card Industry Data Security Standard (PCI DSS) as a “Level 4” merchant.
Level 4 applies to merchants that process fewer than 20,000 Visa or Mastercard e-commerce transactions per year or up to 1 million total Visa or Mastercard credit card transactions and that have not suffered a data breach or attack that compromised card or cardholder data.
Postal is compliant with California Consumer Privacy Act (CCPA) regulations, which went into effect January 1st, 2020.
CCPA applies to California residents and is enforceable for any company with revenues larger than $25 million and has more than 50,000 people or devices in its database. Please contact us to have an in-depth conversation about Postal’s approach to CCPA.
The Postal application, network, and assets undergo regular penetration testing by independent third parties to ensure that our enterprise is secure and your data is protected.
The Postal Platform has encrypted automatic backups utilizing Write Once Read Many (WORM) storage which renders the backups tamperproof.