As a B2B organization, we do not manage or transact directly with a data subject's Personal Identifiable Information(PII). We have processes in place to ensure when our customers leverage the Posh platform and collect some form of PII data, our Data Loss Prevention (DLP) systems performs activities to ensure this information is not persisted. As part of our privacy-by-design approach, we currently do not persist PII and make every effort to use alternate identifiers which do not directly identify a data subject. Our Data Protection Impact Assessment (DPIA) procedure ensures we adhere to data minimization controls where possible.
As part of Posh’s privacy awareness standards, we implement a privacy-by-design methodology by embedding privacy within the design of our product and processes through a data protection impact assessment. By recognizing our customers' requirements to ensure we keep their information confidential, we have implemented TLS >=1.2+ and registered our top-level domain on the HSTS preload list to secure data in transit. These defense in-depth controls build trust and confidence in our company and products.
Access controls are crucial—particularly when limiting access to confidential or restricted.
When accessing internal systems, Posh users authenticate using a company-owned device, which features numerous security controls. Best practices like multi-factor authentication, end-point encryption and VPN enforcement.