Trust at Posh

We're passionate about earning your trust

Posh’s security, privacy and compliance philosophy is based on a robust, resilient, and proactive approach. We take things very seriously.

Things we take very seriously

This isn’t some generic CMS. The in-house Posh content system lets you match your language to the unique needs of your financial community.

Security

Security

We invest heavily in security to keep our platform secure and aware of potential threats.

Security
Privacy

Privacy

Our Privacy By Design process evaluates every major product release to ensure proper implementation of the best privacy practices.

Privacy
Compliance

Compliance

For banks and credit unions, compliance is an essential consideration—and compliance shouldn’t be optional for service providers.

Compliance

Security

Our teams are focused on keeping Posh systems and our client data secure, compliant, and available through a number of security-by-design controls, processes, and procedures.

We earn our clients' trust by implementing role-based access controls, the latest encryption standards, high transport security standards, and a number of other risk and threat mitigation controls. Posh AI assistants enable financial institutions to improve communication with their customers. Through our confidentiality controls and data integrity processes, we protect, secure, and encrypt those conversations based on our core security principles.

Our security team

Security is a priority throughout our organization and is built into our culture. We maintain an experienced and skilled security team who conduct security assessments, promote secure coding practices, operation activities, perform risk assessments, conduct penetration tests, and ensure we adhere to the latest regulatory and compliance standards.

Confidentiality, integrity, and availability

At Posh, we build our security philosophy on the CIA triad. Here are some examples of how we enforce these principles:

Confidentiality

Through strong encryption, cryptography, and tokenization standards.

Integrity

Using tools and controls to mitigate the ability to alter data or unauthorized access to data. These tools include FIM, Key Management controls, and secure management of secrets and keys.

Availability

Geographic redundant Google zones support our ability to ensure Posh maintains high availability for the platform. Regular backs-up and semi-annual DR tests enhance our ability to provide attractive SLAs for our product.

Incident response planning

Posh conversational AI bots enable financial institutions to improve communication with their customers. Through our confidentiality controls and data integrity processes, we protect, secure, and encrypt those conversations based on our core security principles. Posh’s security team runs red/blue team events that are conducted multiple times a year to ensure the effectiveness of their incident response plans against new and emerging attack vectors.

Application security

Posh follows a secure SDLC process whereby our development takes into consideration security vulnerabilities identified through the OWASP Top Ten or the CIS Top 20 benchmarks. The development team keeps abreast of growing and changing security trends to help them implement secure coding practices and ensure the platform is protected from client-side and server-side attacks.

Privacy security controls

By recognizing our customers' requirements to ensure we keep their information confidential, we have implemented TLS >=1.2+ and registered our top-level domain on the HSTS preload list to secure data in transit. These defense in-depth controls build trust and confidence in our company and products.

Dedicated data privacy assessments

Our security experts operate independently from product development. Prior to a new product initiative, Posh’s security team works in collaboration with our cross-functional teams to ensure we adhere to the latest privacy standards, follow our privacy policy and perform data protection impact assessments.

Identity and access management

Access controls are crucial—particularly when limiting access to confidential or restricted data. When accessing internal systems, Posh users authenticate using a company-owned device, which features numerous security best practice controls, such as, multi-factor authentication, end-point encryption and VPN enforcement.

Encryption and cryptography

As part of Posh’s privacy awareness standards, we implement a privacy-by-design methodology by embedding privacy within the design of our product and processes through a data protection impact assessment. 

As a leading Fintech organization in the conversational AI space, we follow strict standards as we process, transmit, and store customer data. Many of our current customers are interested in how we handle their data, including the security standards we use to ensure their data remains confidential. For data in transit, we leverage TLS >=1.2+ with secure and strong ciphers. For data at rest, we leverage AES256. It should be noted that for data at rest, Posh does not have access to the DEKs (Google managed Data Encryption Keys)

Privacy

We have processes in place to ensure when our customers leverage the Posh platform and collect some form of PII data, our Data Loss Prevention (DLP) systems performs activities to ensure this information is not persisted. As part of our privacy-by-design approach, we currently do not persist sensitive PII and make every effort to use alternate identifiers which do not directly identify a data subject. Our Data Protection Impact Assessment (DPIA) procedure ensures we adhere to data minimization controls where possible. Visit our Trust Center to learn more.