Security Policy

Commitment to Security

PebblePost is committed to keeping your data safe and secure. We have implemented several internal processes, systematic safeguards and automated tests to evaluate and protect our data storage and processing servers. Further, PebblePost only works with industry leading cloud infrastructure providers like Digital Ocean and Amazon Web Services who share our commitment to maintaining a secure environment.

The PebblePost infrastructure team works with each of our software vendors and infrastructure providers to constantly evaluate and review any potential 3rd party vulnerabilities. Our team also regularly reads IT security publications to stay up-to-date on any newly discovered risks. As discoveries are made, we immediately move to patch, update or replace all software and services affected.

In the extremely rare case that your data was put at risk by us or our partners, the PebblePost infrastructure team will immediately notify you of the potential breach and work with your IT contacts to provide a full assessment of the possible impact.

If you have discovered a potential vulnerability, we would greatly appreciate your contacting We will work with you to assess and understand the scope of your proposed issue and assess the impact on your data. Any security related notification brought to our attention is treated as a priority and immediately forwarded to our entire engineering staff.

Cloud Server Security

PebblePost only works with the secure cloud infrastructure vendors. You may read more about their security policies here:

Digital Ocean -

Amazon Web Services -

All companies listed adhere to strict virtual server security and physical data center security policies.

If you have any questions relating to cloud security, we will be happy to work with our providers to provide you with answers.

Shared-responsibility Virtual Server Security

PebblePost servers are protected from unauthorized access by Firewalls. Any server, which does not require a connection to external Internet traffic, only allows connections from internal IPs.

Internally, our servers only allow remote logins using SSH. Additionally, we use Fail2Ban to prevent any unwanted connections.

We regularly review connection logs and automated intrusion detection systems like Tripwire to monitor any unauthorized access.

Individual Data Security

PebblePost protects your customer data by distributing the storage of customer records. In the unlikely event of a security breach, the unauthorized party would not be able to reconstruct a single view of your customer. Each postal address, phone number or email address is stored separately and can only be linked to a name using a private key known only to our systems.

In cases where PebblePost connects to your e-commerce platform or CMS via an API, PebblePost always uses the most secure method of connection and data transfer available through your provider.

Application Level Security

Your PebblePost application password is encrypted. No one, including a PebblePost employee, may access your password. You must use our automated system to retrieve or change forgotten passwords.

Your application login is protected against brute force attempts with our automated lockout system. If you find yourself locked out of your account, please contact

All login pages (from our website) and every application page passes data via SSL.

Internal IT Policy

PebblePost offices are secured by card access and monitored by ADT. Employee computers are protected by mandatory passwords and communications are transmitted via SSL (HTTPS). PebblePost employees will never store your business or customer information locally.

Should you require a more secure method of communication for API keys, please let us know by contacting


Should you have any questions unanswered by this document or comments about our security policies and practices, please feel free to contact us at

Get in touch with PebblePost

Let's talk about your marketing goals.

What's your call to action?

Get started