Data access and handling

Postman Insights practices responsible data access and storage. This means that the Postman Insights Agent does not access or store more data than it needs to perform its function.

The Insights Agent client drops all data values from the observed traffic before sending it to Postman. All data-format inference happens on the client side, before the data is removed. The Postman cloud doesn't see the initial values. Uploads of the obfuscated data to Postman are performed over HTTPS using TLS.

Next, you'll learn how and why Postman accesses, processes, transmits, and stores the data generated during tests.

Access

The Postman Insights Agent monitors raw network traffic between services to generate API specifications. This data is only visible to the Postman Insights Agent and never leaves the host. No network traffic is shared; the Postman cloud only receives the results of the inspection.

Processing

The Postman Insights Agent processes witnesses locally, on the host or test worker. The Postman Cloud then processes and analyze the witnesses producing API definitions and endpoint insights.

Transmission

All communication between the Postman Insights Agent and the Postman Cloud is done over HTTPS with TLS 1.2. Authentication and authorization is handled by JWT tokens issued from Postman Insights.

Storage

All test witnesses and artifacts are stored in the Postman Cloud using on-disk encryption and are only accessed using secure methods and encryption whenever possible. Data deletion or purging of sensitive information is available upon request. The Postman Insights team provides a five-business-day SLA for all deletion requests.