Postmark's primary data and servers are hosted at
ServerCentral's data center (located outside of Chicago). It is the most sophisticated facility in the Midwest. We provide multiple levels of backups and redundancy to ensure uptime and peace of mind.
- Fully redundant servers for the API, SMTP, Inbound and Web interface.
- Secure protocols (SSL / TLS) across the web, api and smtp endpoints.
- Separately hosted Help system and Public site
- 256-bit SSL encryption on the web app and payment processing.
- All passwords are encrypted on servers and databases.
- We run a dedicated environment behind redundant firewalls and switches.
- Hardened, patched OS with frequent security updates.
- External monitoring and audits by highly respected security firms.
We host our servers in one of the most impressive data centers in the country. A DuPont Fabros facility, the ServerCenter data center is Type 2 SSAE 16 SOC 1 accredited and includes keycard protocols, biometric scanning protocols and round-the-clock surveillance. Our environment is colocated, meaning we have full control of the physical environment and only our policies affect the access and use of the hardware, network and software. We provide multiple levels of backups and redundancy to ensure uptime and peace of mind. Data transferred from our customers to our servers is encrypted via SSL that is configured to meet or exceed all industry standards. Cold data at rest is encrypted with 2048-bit RSA.
To learn more about the data center, read all about it on ServerCentral's website.
Data communication, security and retention
All access to the Postmark interface is secured over SSL (HTTPS), ensuring the information is encrypted. Our SSL configurations are regularly and automatically scanned to ensure we can quickly remediate any vulnerabilities discovered, such as Heartbleed. Additionally, we provide both TLS and HTTPS connections to the Postmark SMTP and API services, ensuring emails sent to the service are encrypted. Account passwords are encrypted in the Postmark database, preventing even our own staff from viewing them. We offer a method to recycle API keys at anytime in the Postmark interface.
All customer data resides behind a secure, redundant infrastructure, hosted at Server Central. The servers are fully owned and managed by Postmark. Please see above for full details on the physical security.
Redundancy and backups
Postmark contains redundancy in as many areas as possible to avoid and recover from failure. This includes a load balanced and clustered environment with automatic recovery on physical hardware failures. Our data center includes redundancy across all aspects of potential failure including network transit, routing, and power.
Customer data is stored across redundant disk arrays with high availability failover protection. Backups are performed continuously and transferred offsite in accordance to our disaster recovery plan.
Reporting a security issue:
If you have discovered a security issue, please report it through our responsible disclosure process.