postern

Product

All features AI assistant Conditional content soon Tablet editor soon Templates soon Integrations soon

For

Marketers Developers Agencies Enterprise

Resources

Security Book a demo Documentation soon Blog soon Changelog soon

Compare

vs Stripo vs Beefree vs Mailchimp
Pricing About Sign in Sign up free

Security & trust

Built with security at the core , not as an afterthought.

Multi-tenant Row-Level Security at the database. Encryption everywhere. AI cost ceilings that prevent surprise bills. We publish what we have, where we are headed, and the dates we are committing to.

Send security questions Procurement kit

Shipped today

  • GDPR compliance Data residency, signed DPA, deletion workflows
  • CCPA / CPRA compliance California-specific data-rights flows
  • AES-256 at rest Customer data + AWS Secrets Manager keys
  • TLS 1.3 in transit Strict transport security on all surfaces
  • Annual penetration testing Third-party firm; redacted report under NDA
  • PostgreSQL Row-Level Security Defence-in-depth multi-tenant isolation

In progress (with dates)

  • SOC 2 Type II Audit underway, GA target Q3 2026
  • ISO 27001 Phase 2 roadmap; gap analysis Q4 2026
  • FedRAMP Moderate Only if government customers materialise

We do not list certifications we have not earned. "In progress" means the audit is paid for, scoped, and on the calendar — not aspirational.

How we protect your data

Three layers, all visible.

Data residency

Choose us-east-1 (N. Virginia) or eu-west-1 (Ireland) at provisioning. No cross-region transfer without consent. Encryption keys never leave the region.

Encryption

AES-256 at rest for customer data; keys in AWS Secrets Manager scoped to the deploy. TLS 1.3 in transit, HSTS preload, certificate transparency.

Access control

PostgreSQL Row-Level Security on every tenant-scoped table. API auth via Sanctum keys (server) or RS256 JWT (widget). Audit logs on every data access.

AI safety

AI you can put on a security review.

Most "AI safety" pages are vague. Ours points at specific controls. Threat model, prompt audit, and DPIA available under NDA via security@postern.io.

No training on your emails.

Customer template content and prompt history never enter our model training. Anthropic and AWS Bedrock both run under no-training data agreements; signed DPAs available to enterprise customers.

Cost ceilings per tenant.

Hard generation caps per tenant per month. Free tier hits 50; paid tiers track but never charge overages — you cannot run up a surprise AI bill on us.

BYOK for enterprise.

Bring your own Anthropic or Bedrock key. Generations bill against your account, not ours. Your data routes through your contract.

Prompt-injection protections.

Layered defence: prompt sandboxing, output content moderation, refusal of tool-call requests outside the editor scope. Documented threat model on request.

If something goes wrong

Breach response, written down.

We have not had a breach. The playbook is written and the contacts are pre-warmed anyway. Reading "we will figure it out" in a vendor review is how teams end up with a bad week.

  1. Containment within one hour. Affected system isolated; suspect credentials rotated.
  2. Forensics by a third party. External firm runs the analysis; we publish the redacted report.
  3. Customer notification within 24 hours. Detailed timeline, scope, remediation, and what we are changing.
  4. Public post-mortem. Once the analysis settles. The point is collective immunisation, not just damage control.

Infrastructure

How we stay up.

99.9% SLA

Forty-three minutes per month of allowed downtime. Pro-rata refund if missed; documented in the contract.

Multi-AZ failover

us-east-1a goes down, traffic auto-routes to us-east-1b. Database replicas across availability zones. Customers do not notice.

Disaster recovery

RPO 15 minutes. RTO 4 hours. Continuous backups, tested quarterly against a real restore.

Sub-processors

Who else touches your data.

Production sub-processors as of 2026-05-05:

  • AWS — compute, storage, CDN, transactional email (us-east-1; eu-west-1 for EU customers)
  • Anthropic — Claude API for AI generation (zero-data-retention enabled)
  • Stripe — billing and Stripe Tax (Europe + US)
  • Resend — transactional email for marketing forms (US)
  • Plausible — privacy-first website analytics (EU)
  • PostHog — product analytics (only after analytics consent)
  • Sentry — error tracking with PII redaction
  • Intercom — customer support

New sub-processors are announced 30 days in advance. Full registry, DPAs, and SCCs available on request from security@postern.io.

Compliance documentation

What you can request.

  • DPIA Data Protection Impact Assessment for AI features.
  • DPA Data Processing Agreement, signs without legal renegotiation.
  • Sub-processor list Live registry with regions and notification SLA.
  • SOC 2 Type I Available under NDA today; Type II Q3 2026.
  • Pen-test summary Latest annual test, redacted P1 / P2 / P3 counts.
  • Threat model STRIDE-aligned, scoped to multi-tenant editor + AI surface.

Need something else? security@postern.io — usually answered within one business day.

Ask the hard questions.

Security teams are the first line of trust. We treat the questionnaire like the most important customer touchpoint we have. Bring a hard one.

Email security@ Enterprise overview