We’re passionate about earning your trust

Posh’s security philosophy is based on a robust, resilient, and proactive approach.

Robust, resilient, and proactive security

Things we take very seriously


We invest heavily in security to keep our platform secure and aware of potential threats. See our Security Whitepaper for more information.

Learn More


Our Privacy By Design process evaluates every major product release to ensure proper implementation of best privacy practices.

Learn More


For a list of our compliance certifications, click here.

Learn More

Security culture

Posh conversational AI bots enable financial institutions to improve communication with their customers. Through our confidentiality controls and data integrity processes, we protect, secure, and encrypt those conversations based on our core security principles.

  • Employee security training

    Every Posh team member undergoes security and privacy awareness training during orientation or on an annual basis. Through security awareness training, we maintain our proactive approach to threat and risk mitigation.

  • Our security team

    Dedicated security experts.

    Security is a priority throughout our organization and is built into our culture. We maintain an experienced and skilled security team who conduct security assessments, promote secure coding practices, operation activities, perform risk assessments, conduct penetration tests, and ensure we adhere to the latest regulatory and compliance standards.

  • Confidentiality, integrity, and availability

    At Posh, we build our security philosophy on the CIA triad. Here are some examples of how we enforce these principles:

    Confidentiality—Through strong encryption, cryptography, and tokenization standards.
    Integrity—Using tools and controls to mitigate the ability to alter data or unauthorized access to data. These tools include FIM, Key Management controls, and secure management of secrets and keys. 
    Availability—Geographic redundant Google zones support our ability to ensure Posh maintains high availability for the platform. Regular backs-up and semi-annual DR tests enhance our ability to provide attractive SLAs for our product.

Incident response planning

Posh conducts red team/blue team exercises on an annual basis as part of our incident response planning policy and procedure. The scenarios are based on the Mitre Att&ck framework and fintech-specific threat intel feeds which provide a prioritized list of risk-based table-top exercises to aid us in mitigating potential security incidents.

  • Data classification

    Posh follows four data classification categories when classifying data: Restricted, Confidential, Private, and Public. All personal identifiable information is considered restricted data and other customer information is considered confidential. Access controls, data leakage controls, and policies enforce who at Posh have privileges to read this content.

  • Change management

    Changes are fully vetted and peer reviewed prior to every production release going out. We have robust test and rollback plans in place to ensure releases are deployed in a manner which follows our confidentiality, integrity, and availability security principles, but in the same manner adheres to our segregation of duties for our releases to production.