We’re passionate about earning your trust

Posh’s security philosophy is based on a robust, resilient, and proactive approach.

Robust, resilient, and proactive security

Things we take very seriously

This isn’t some generic CMS. The in-house Posh content system lets you match your language to the unique needs of your financial community.


We invest heavily in security to keep our platform secure and aware of potential threats. See our Security Whitepaper for more information.

A Secure Platform


Our Privacy By Design process evaluates every major product release to ensure proper implementation of the best privacy practices. Click here to learn more.

Privacy by Design


For banks and credit unions, security compliance is an essential consideration—and compliance shouldn’t be optional for service providers.

Dedicated to Compliance

Security culture

Posh conversational AI bots enable financial institutions to improve communication with their customers. Through our confidentiality controls and data integrity processes, we protect, secure, and encrypt those conversations based on our core security principles.

Employee security training

Trained annually

Every Posh team member undergoes security and privacy awareness training during orientation or on an annual basis. Through security awareness training, we maintain our proactive approach to threat and risk mitigation.

Our security team

Dedicated security experts.

Security is a priority throughout our organization and is built into our culture. We maintain an experienced and skilled security team who conduct security assessments, promote secure coding practices, operation activities, perform risk assessments, conduct penetration tests, and ensure we adhere to the latest regulatory and compliance standards.

Internal & external audits

Confidentiality, integrity, and availability

At Posh, we build our security philosophy on the CIA triad. Here are some examples of how we enforce these principles:


Through strong encryption, cryptography, and tokenization standards.


Using tools and controls to mitigate the ability to alter data or unauthorized access to data. These tools include FIM, Key Management controls, and secure management of secrets and keys.


Geographic redundant Google zones support our ability to ensure Posh maintains high availability for the platform. Regular backs-up and semi-annual DR tests enhance our ability to provide attractive SLAs for our product.

Internal & external audits

Incident response planning

Posh conducts red team/blue team exercises on an annual basis as part of our incident response planning policy and procedure. The scenarios are based on the Mitre Att&ck framework and fintech-specific threat intel feeds which provide a prioritized list of risk-based table-top exercises to aid us in mitigating potential security incidents.

Data classification

Posh follows four data classification categories when classifying data: Restricted, Confidential, Private, and Public. All personal identifiable information is considered restricted data and other customer information is considered confidential. Access controls, data leakage controls, and policies enforce who at Posh have privileges to read this content.

Change management

Changes are fully vetted and peer reviewed prior to every production release going out. We have robust test and rollback plans in place to ensure releases are deployed in a manner which follows our confidentiality, integrity, and availability security principles, but in the same manner adheres to our segregation of duties for our releases to production.