Skip to content
Postcept
Security

Built to verify, not to execute.

Postcept’s entire value is trust, so the product is built to earn it. We verify high-risk agent actions with the least access possible, and every result is a signed, tamper-evident receipt you can audit.

Read-only by default

Postcept confirms refunds, credits, cancellations, and tickets with scoped read access. It never gets the write access required to move money or change a record.

Least privilege by design

Access is scoped to the systems and objects required for a given postcondition, nothing more. Connection credentials are encrypted at rest and revocable; agent API keys are scoped and can be set to expire.

Signed, tamper-evident receipts

Every receipt is signed over its full contents. Any later modification is detectable, and each signed check records the value expected and the value found in the system of record.

Encryption in transit and at rest

All data is encrypted in transit (TLS 1.2+) and at rest. Secrets and credentials are stored in a dedicated, access-controlled vault.

Human review routing

Failed and ambiguous outcomes are routed to your review and recovery workflows rather than acted on automatically.

Auditable by construction

Receipts and the verification ledger are designed to help you produce audit evidence for finance, compliance, and customer trust.

Compliance

Postcept is building toward SOC 2 Type II and will publish its status and reports here as they are completed. We don’t claim certifications we don’t yet hold, if compliance is a gating requirement for you, talk to us about where we are. The third-party services we rely on are listed on our sub-processors page.

Responsible disclosure

If you believe you’ve found a security issue, please email security@postcept.com with details and steps to reproduce. We investigate every report, will acknowledge receipt promptly, and will not pursue action against good-faith research. For anything else, reach us via contact.

Add Proof-of-Completion without adding risk.

Keep your agent stack, approvals, and recovery process. Postcept verifies completion on top, read-only by default.