Privacy first

Over the last few years there has been a focused initiative by federal authorities and regulatory bodies on how organizations manage and store data subjects’ personal information. Here at Posh, our privacy controls and processes detail how we comply with these laws and standards.

Robust, resilient, and proactive security

Privacy-driven culture

As a B2B organization, we do not manage or transact directly with a data subject's Personal Identifiable Information(PII). We have processes in place to ensure when our customers leverage the Posh platform and collect some form of PII data, our Data Loss Prevention (DLP) systems performs activities to ensure this information is not persisted. As part of our privacy-by-design approach, we currently do not persist PII and make every effort to use alternate identifiers which do not directly identify a data subject. Our Data Protection Impact Assessment (DPIA) procedure ensures we adhere to data minimization controls where possible.

Confidentiality, integrity, and availability

Privacy security controls

As part of Posh’s privacy awareness standards, we implement a privacy-by-design methodology by embedding privacy within the design of our product and processes through a data protection impact assessment. By recognizing our customers' requirements to ensure we keep their information confidential, we have implemented TLS >=1.2+ and registered our top-level domain on the HSTS preload list to secure data in transit. These defense in-depth controls build trust and confidence in our company and products.

Our partners

Dedicated data privacy assessments

Our security experts operate independently from product development. Prior to a new product initiative, Posh’s security team works in collaboration with our cross-functional teams to ensure we adhere to the latest privacy standards, follow our privacy policy and perform data protection impact assessments.

Internal & external audits

Identity and access management

Access controls are crucial—particularly when limiting access to confidential or restricted.

When accessing internal systems, Posh users authenticate using a company-owned device, which features numerous security controls. Best practices like multi-factor authentication, end-point encryption and VPN enforcement.

Secure data disposal