Built to verify, not to execute.
Read-only by default
Postcept confirms refunds, credits, cancellations, and tickets with scoped read access. It never gets the write access required to move money or change a record.
Least privilege by design
Access is scoped to the systems and objects required for a given postcondition, nothing more. Connection credentials are encrypted at rest and revocable; agent API keys are scoped and can be set to expire.
Signed, tamper-evident receipts
Every receipt is signed over its full contents. Any later modification is detectable, and each signed check records the value expected and the value found in the system of record.
Encryption in transit and at rest
All data is encrypted in transit (TLS 1.2+) and at rest. Secrets and credentials are stored in a dedicated, access-controlled vault.
Human review routing
Failed and ambiguous outcomes are routed to your review and recovery workflows rather than acted on automatically.
Auditable by construction
Receipts and the verification ledger are designed to help you produce audit evidence for finance, compliance, and customer trust.
Compliance
Postcept is building toward SOC 2 Type II and will publish its status and reports here as they are completed. We don’t claim certifications we don’t yet hold, if compliance is a gating requirement for you, talk to us about where we are. The third-party services we rely on are listed on our sub-processors page.
Responsible disclosure
If you believe you’ve found a security issue, please email security@postcept.com with details and steps to reproduce. We investigate every report, will acknowledge receipt promptly, and will not pursue action against good-faith research. For anything else, reach us via contact.
Add Proof-of-Completion without adding risk.
Keep your agent stack, approvals, and recovery process. Postcept verifies completion on top, read-only by default.