Security

Encryption

PostLab uses several layers to ensure your data is only available to you. PostLab, Drive, and our Drive partners LucidLink and Wasabi all have independent pen-tested encryption protocols in place. All authentication layers are required to work together simultaneously before PostLab's contents can be accessed.

All communication between PostLab's client and server clusters is fully encrypted and runs over HTTPS. At rest, all data is encrypted.

Access

Assets on Drive can only be accessed by:

• Team Members

• Drop Off and Pick Up services

• The PostLab Support account, added on-demand, by invitation only.

If you require complete control over when PostLab's system administrators and services may access your Drive, we can set up Drive to use with your own S3 object store, enabling you to allow or revoke access on your own terms.

The Details

PostLab Drive

Drive utilizes LucidLink's Filespaces technology, which uses authenticated encryption (AES-256 in GCM mode) for data in transit and at rest. As an added layer of security, a Drive cannot be mounted without first having authenticated as a PostLab user, and then team.

Hedge Internal Policies

PostLab and Drive are products of Hedge. Hedge Team Members incorporate information security best practices to keep company data secure, including...

• Encrypted contents of local workstations

• Encrypted password and token management

• Enabling two-factor authentication (2FA) on all external services

Employee access to all shared resources is tracked and monitored.

No financial data or credit information is stored in any system owned or maintained by Hedge. Paddle and Stripe are used to manage billing and payments.

If a data breach occurs, we are transparent about its extent and impact, taking all necessary measures to secure and recover any data.