You're trusting Postlytix with data from across your business. Here's how we protect it.
The short version: your data is encrypted, your workspace is isolated, we request the minimum access needed, and we never use your data to train AI models or share it with other customers.
Data is encrypted in transit (TLS) and at rest. Credentials and secrets are stored in a dedicated secrets manager, never in plain text.
Each brand's data lives in a logically isolated workspace. One customer's data is never accessible to another.
We request the narrowest scopes needed for the work you ask for, and you can revoke any connected tool at any time.
Your data is used only to deliver the Service to you. We do not use it to train AI models, and we minimize what is shared with AI providers.
Postlytix never acts on its own. Every action is presented for your explicit approval first, and every executed action is written to an audit log you can review and rely on. You can pause or stop an execution at any step.
API keys and OAuth tokens you provide are encrypted and used only to perform the analyses and approved actions you request. You can rotate or revoke them at any time, and we recommend scoping credentials to the minimum permissions Postlytix needs.
We rely on a small set of vetted infrastructure and AI providers to host and process data on our behalf. Each operates under contractual confidentiality and security obligations. We can provide our current subprocessor list on request.
We build to recognized security practices and support customer rights under the GDPR and CCPA/CPRA. Formal third-party certifications such as SOC 2 are on our roadmap and will be pursued as we grow and as customer needs require; we do not currently hold a SOC 2 attestation. We're happy to share our current security posture and practices with prospective design partners under NDA.
If you believe you've found a security vulnerability, please email [email protected] with the details. We'll acknowledge your report and work with you to resolve it. Please give us a reasonable window to fix the issue before any public disclosure.
Security or data-handling questions before connecting your stack? Email [email protected] — we'll walk you through it.
This page describes Postlytix's security approach in good faith and will evolve as the product matures. It is informational and not a contractual commitment; specific obligations are governed by your agreement with Postlytix.