Security
It is always a priority to preserve the confidentiality, integrity, and availability of our customer’s data. Businesses like Cisco, Fivetran, and Seismic trust Postal to safeguard their data and processes.
Data Encryption
We protect the confidentiality of all our data, backups, and tokens via AES 256-bit encryption.
Data Retention
Postal’s application offers flexible data retention policies designed to fit your requirements.
24/7 Monitoring
Both internal and external resources monitor the Postal environment to ensure that malicious actors are unsuccessful in gaining unauthorized access to our platform.
Password Protection
Passwords are hashed and salted to shield them from password cracking methods, such as rainbow-table attacks.
Network Security
All communications between your browser and Postal’s website are encrypted via HTTPS/TLS v1.3 minimum.
Availability
Distributed Denial of Service (DDoS) protection is deployed as a default control for all customers to maintain the uptime of our service against volumetric attacks.
Multi-Factor Authentication
Add an additional layer of security to protect fraudulent access to your account. Postal.io’s application supports several identity providers (IDP).
Threat Prevention
To detect and prevent unusual or suspicious activity on our platform; Postal.io utilizes industry-leading cybersecurity technology to build intelligent models of normal/expected behavior.
Compliance
Postal strives to gain and maintain the trust of our customers. A comprehensive compliance program built around continuous testing and accreditation is critical to this mission.
SOC 2 Type 2
Postal is SOC 2 Type 2 certified, which means the design and operating effectiveness of our security controls are continuously audited.
Postal engages in annual SOC 2 audits that are conducted by an independent; third-party firm. Contact us to request the latest copy of our SOC 2 audit report.
GDPR Compliant
Postal is compliant with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018, and applies to citizens of the European Union.
Please contact us to have an in-depth conversation about Postal’s approach to GDPR and to receive our Data Processing Addendum (DPA).
PCI Compliant
Postal is compliant with the Payment Card Industry Data Security Standard (PCI DSS) as a “Level 4” merchant.
Level 4 applies to merchants that process fewer than 20,000 Visa or Mastercard e-commerce transactions per year or up to 1 million total Visa or Mastercard credit card transactions and that have not suffered a data breach or attack that compromised card or cardholder data.
CCPA Compliant
Postal is compliant with California Consumer Privacy Act (CCPA) regulations, which went into effect January 1st, 2020.
CCPA applies to California residents and is enforceable for any company with revenues larger than $25 million and has more than 50,000 people or devices in its database. Please contact us to have an in-depth conversation about Postal’s approach to CCPA.
Penetration Testing
The Postal application, network, and assets undergo regular penetration testing by independent third parties to ensure that our enterprise is secure and your data is protected.
Data Backups
The Postal Platform has encrypted automatic backups utilizing Write Once Read Many (WORM) storage which renders the backups tamperproof.
Click here to read the Postal Privacy Policy.