What kind of internal controls does EasyPost have for accessing servers or customer data?

Customer data can be accessed by employees for legitimate business purposes through several custom-developed and open-source tools. All such tools are accessed either through SSH or TLS-protected HTTPS connections.

All administrative HTTPS connections are authenticated through a delegated SSO system and are limited to TLS 1.2 with PFS cipher suites. SSH is restricted to public key authentication.