As a B2B organization, we do not manage or transact directly with a data subject's Personal Identifiable Information(PII). We have processes in place to ensure when our customers leverage the Posh platform and collect some form of PII data, our Data Loss Prevention (DLP) systems performs activities to ensure this information is not persisted. As part of our privacy-by-design approach, we currently do not persist PII and make every effort to use alternate identifiers which do not directly identify a data subject. Our Data Protection Impact Assessment (DPIA) procedure ensures we adhere to data minimization controls where possible.
As part of Posh’s privacy awareness standards, we implement a privacy-by-design methodology by embedding privacy within the design of our product and processes through a data protection impact assessment. By recognizing our customers' requirements to ensure we keep their information confidential, we have implemented TLS >=1.2+ and registered our top-level domain on the HSTS preload list to secure data in transit. These defense in-depth controls build trust and confidence in our company and products.
Our security experts operate independently from product development. Prior to a new product initiative, Posh’s security team works in collaboration with our cross-functional teams to ensure we adhere to the latest privacy standards, follow our privacy policy and perform data protection impact assessments.
Access controls are crucial—particularly when limiting access to confidential or restricted.
When accessing internal systems, Posh users authenticate using a company-owned device, which features numerous security controls. Best practices like multi-factor authentication, end-point encryption and VPN enforcement.
