postern

Product

All features AI assistant Conditional content soon Tablet editor soon Templates soon Integrations soon

For

Marketers Developers Agencies Enterprise

Resources

Security Book a demo Documentation soon Blog soon Changelog soon

Compare

vs Stripo vs Beefree vs Mailchimp
Pricing About Sign in Sign up free

For enterprise

Email composition with the controls IT actually wants.

SOC 2 Type II underway. 99.9% SLA. GDPR data residency in eu-west-1 or us-east-1. Dedicated CSM. Built for teams whose security review is the gating step, not the formality.

Request a demo Security overview

Where your data lives

  • us-east-1 — N. Virginia (default)
  • eu-west-1 — Ireland (EU customers)
  • apac-southeast-1 — Singapore (Phase 3)

No cross-region transfer without explicit consent. Encryption keys never leave the region.

Security commitments

Your security. Our responsibility.

Enterprise email touches subscriber lists, campaign archives, and customer communications. Treating that lightly costs trust and sometimes costs business.

We publish a DPIA, a sub-processor list, and a control matrix before you ask. Your counsel can read those before the first call. The first call becomes about fit, not about whether the foundation exists.

Where we are not yet (SOC 2 Type II, ISO 27001) we say so plainly, with target quarters. Marketing pages that promise certifications still in audit are how customers get burned.

What you get

SLA, support, residency.

99.9% uptime SLA.

Forty-three minutes per month of allowed downtime. We refund pro-rata if we miss. The SLA is in the contract, not in the marketing page.

Your CSM. Your Slack channel.

Enterprise customers get a named Customer Success Manager and a shared Slack channel. P1 issues respond within two hours during business hours; on-call after that.

GDPR-compliant data residency.

Your data lives in us-east-1 or eu-west-1 — your call at provisioning. Encryption keys never leave the region. Annual third-party audits.

Compliance + audit

We speak audit language.

Each item is either shipped today or has a target date in the contract. Nothing here is aspirational marketing.

SOC 2 Type II

Audit underway, GA target Q3 2026. Type I report available under NDA today.

GDPR

Full compliance, data residency support, DPA template signed without negotiation tax.

CCPA / CPRA

California compliance with documented data-deletion workflows.

Penetration testing

Annual, third-party firm. Redacted report shared with enterprise customers under NDA.

ISO 27001 is on the Phase 2 roadmap. Compliance audit access (read-only log + config) is available to enterprise tier from day one.

Scaling without surprises

Grows with you. Stability promised.

  1. No usage surprises. Flat monthly rate. No per-email overage charges. Unlimited templates, seats, and sends within your tier.
  2. Infrastructure for scale. AWS ECS Fargate, RDS multi-AZ, ElastiCache failover. If we are down, it makes the news. It does not make our planning calendar.
  3. Disaster recovery. RPO 15 minutes. RTO 4 hours. Continuous backups, tested quarterly.

Procurement kit

Documents your security team will ask for.

  • DPIA Data Protection Impact Assessment for AI features.
  • DPA Standard form, signs without legal renegotiation.
  • Sub-processors Live list with regions and notification SLA.
  • SOC 2 Type I Available under NDA today; Type II Q3 2026.
  • Pen-test summary Latest annual test, redacted P1 / P2 / P3 counts.
  • Control matrix Maps your control questionnaire to our controls.

Need something else for the review? security@postern.io — usually answered within one business day.

Coming soon

Enterprise customer quotes land here once the first cohort has cleared procurement. We are not faking testimonials — your CISO would notice.

Want to be the first quote? Email us — we are hand-onboarding the first three enterprise accounts.

FAQ

Questions procurement teams ask.

  • Do you sign DPAs without negotiation?

    Yes. Our DPA covers GDPR, CCPA, sub-processor disclosure, breach notification SLAs, and data-deletion workflows. Most legal teams sign as-is. If your counsel wants edits, we negotiate but the base form rarely needs them.

  • Can you do on-prem or single-tenant?

    Phase 2 (single-tenant in shared AWS). Phase 3 (true on-prem in your VPC) is on the roadmap and is a contract conversation. If you need it sooner, talk to us — early enterprise customers shape the roadmap.

  • What happens during a security incident?

    Twenty-four-hour breach notification SLA to affected customers. Third-party forensics. A public post-mortem follows once analysis is complete. We have not had a breach, but the playbook is written and the contacts are pre-warmed.

  • How long does procurement usually take?

    Two to four weeks for security review, contract redlines, and onboarding. We publish enough security documentation upfront that most of the first week is your team reading rather than emailing us. Faster timelines available with executive sponsorship.

  • Do you support custom contracts and AUPs?

    Yes for Enterprise tier ($1,500+/mo). MSA, custom SLAs, indemnification thresholds, and acceptable-use policies are all negotiable. Our default contract is shaped by previous enterprise customers, so most clauses already match what your counsel expects.

Let’s talk about your requirements.

Enterprise sales is personal. We walk through compliance, integration, and pricing together. Slacks, decks, and a thirty-minute call are enough to know whether this fits.

Request a demo Send security questions