Postman has discontinued option to have Collections locally and forcing people to move all the data into your cloud, which includes API calls, username, passwords and lots of other confidential data.
How is this data stored and who can see it? Can some government agency require you to show this data? Is this encrypted, what kind of encryption is used, how is this encryption implemented?
If data was sync from person, who is working for a company, which latter found that passwords or internal confidential info is stored on Postman servers, how can they request removal of this and how can they be sure this is not stored in your DR, backup and archive solutions? How can we be sure, it was not exported somewhere to be used for some internal AI/ML building or sent by email?
To address the questions raised here, we have created an FAQ section on the blog post announcing the new lightweight Postman API client.
This contains information about how Postman protects your data and it provides a link to our Security & Trust Portal, where you will find additional details about our product security, privacy, compliance, and reliability information.
If you’re still prevented from using Postman in a signed in state by your company’s security policies, you can reach out to our technical architects and solution engineers at [email protected] for further assistance.
Security and trust portal doesn’t reply to my questions, on how do you encrypt my passwords, are they encrypted when they travel from my PC to your Cloud, are they backed up, replicated and how can we request deletion.
If you are hacked, and passwords are not encrypted, do you understand what will happen to Postman as company and your reputation? You will be sued by all the companies, since you endangered their internal data.
You are obviously not aware of what you are doing?
I am sure there are many companies, which might not be even aware of this…so, it would be good to show this info to everybody…
With V11 of Postman, we have introduced the Postman Vault (Store secrets in your Postman Vault | Postman Learning Center), which allows you to store your sensitive data in an encrypted local vault that is not synced with the Postman Cloud. Also, we have added multiple security features to help prevent accidental exposure of your API credentials.