Security By Design

Our teams are focused on keeping Posh systems and our client data secure, compliant, and available through a number of security-by-design controls, processes, and procedures.

We earn our clients' trust by implementing role-based access controls, the latest encryption standards, high transport security standards, and a number of other risk and threat mitigation controls.

Robust, resilient, and proactive security

Confidentiality, integrity, and availability

Our security philosophy is grounded in Confidentiality, Integrity, and Availability (CIA) principles. We take a comprehensive approach to security to ensure that your data remains confidential and accessible when you need it—and completely protected at all times.

Application security

Posh follows a secure SDLC process whereby our development takes into consideration security vulnerabilities identified through the OWASP Top Ten or the CIS Top 20 benchmarks. The development team keeps abreast of growing and changing security trends to help them implement secure coding practices and ensure the platform is protected from client-side and server-side attacks. An example of this practice can be found in our blog related to CSRF tokens.

As an organization our development and security teams work together and communicate regularly to ensure we are well informed and understand changing trends in attack chains and threat intel feeds. To read our security overview click here.

Confidentiality, integrity, and availability

Our partners

Posh partners with Google Cloud. Google’s dedicated audit team adheres to the latest compliance and regulatory standards. For example, here’s how Google manages the secure encryption of your data. Most of our customers ask how their data is deleted once they make a data deletion request. One of the key reasons we use Google is due to how they handle data destruction, which can be found here. To learn more about our sub-processor and PaaS partner, you can go here.

Learn More
Our partners

Compliance audits

Posh’s security team keeps up to date with growing compliance, legal, and regulatory standards which help introduce controls, processes, and procedures to mitigate risk and enhance our security posture. You can learn more about the compliance standards we follow here.

Learn More
Internal & external audits

Encryption and cryptography

As a leading Fintech organization in the conversational AI space, we follow strict standards as we process, transmit, and store customer data. Many of our current customers are interested in how we handle their data, including the security standards we use to ensure their data remains confidential. For data in transit, we leverage TLS >=1.2+ with secure and strong ciphers. For data at rest, we leverage AES256. It should be noted that for data at rest, Posh does not have access to the DEKs (Google managed Data Encryption Keys).

Secure data disposal