Startup Diligence
Diligence report API platform, developer tooling, enterprise API governance, and workflow automation Late-stage private enterprise software and developer-infrastructure company

Postman

Postman Public-Source Startup Diligence Report

The most attractive public thesis is that Postman has evolved from an API client into a workflow platform spanning design, testing, collaboration, publishing, governance, CLI, Native Git, and AI/agent features. The main counter-thesis is that this breadth may conceal valuation staleness, product-sprawl risk, and limited visibility into revenue quality, customer concentration, and team capacity.

Company profile

Postman Public-Source Startup Diligence Report

Postman looks like a credible and still-private category leader in API workflow software from public sources: the product surface is broad, the developer/economy scale signals are real, and the enterprise-control layer is meaningfully documented. The balancing issue is that the public record remains far stronger on product and ecosystem narrative than on financial quality, customer economics, or workforce depth.

Website
www.postman.com
Sector
API platform, developer tooling, enterprise API governance, and workflow automation
Geography
United States headquartered with India roots, additional Tokyo footprint, and global developer / enterprise reach
Stage
Late-stage private enterprise software and developer-infrastructure company
Known aliases
Postman API Platform
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • Official docs support that Postman now spans design, testing, collaboration, automation, and governance rather than only request sending.
  • Enterprise controls such as Private API Network, organizations, audit logs, service accounts, Secret Scanner, and BYOK are publicly documented.
  • AI and agentic workflow expansion is clearly visible in current public docs and help materials.
  • GitHub integration, Native Git, CLI, and API Catalog all support a real DevOps and governance workflow story.
  • Postman is still publicly treated as a private unicorn, with the latest visible public valuation anchor remaining $5.6B.

Risks

  • Public financial disclosure is too thin to judge revenue quality, burn, margin, or debt.
  • Named customers are public, but customer concentration and renewal quality remain opaque.
  • Postman competes across multiple categories at once, including local-first challengers and governance suites.
  • Product breadth is a moat only if the company can execute without diffusing focus or economics.
  • Team depth, current headcount, and attrition are largely private despite strong founder continuity.

Gaps

  • Three years of audited financials, ARR, gross margin, burn, and debt schedules were not publicly available.
  • Top-customer concentration, renewal, and expansion metrics were not publicly available.
  • Current cap table, option pool, and security terms were not publicly available.
  • Current employee count, attrition, executive compensation, and full executive bench were not publicly available.
  • Full litigation inventory, insurance coverage, and regulator correspondence were not publicly available.

Recommended next steps

  • Request audited financial statements, current operating model, and cap-table / debt documentation.
  • Request the top-15 customer list, concentration schedule, GRR/NRR, and by-product revenue mix.
  • Run reference calls with at least one named enterprise customer and one heavy public-workspace publisher.
  • Request the current org chart, headcount by function/location, and executive compensation / retention data.
  • Review litigation memos, IP schedules, privacy/security audit evidence, and any regulator correspondence.

Risk register

high high likelihood

R-001: Financial transparency gap

Public sources reveal funding and product breadth but not audited revenue, margin, burn, cash runway, debt, or segment economics.

Diligence request: Request three years of audited financials, current cash, burn, debt, ARR, NRR, and by-product gross margin.

high high likelihood

R-004: Competitive pressure across platform, client, and marketplace layers

Postman competes simultaneously with lifecycle platforms (SwaggerHub), API clients (Insomnia, Bruno), and API hubs/marketplaces (RapidAPI).

Diligence request: Run win/loss analysis, pricing comparisons, and workflow benchmarks against top competitors in the buyer’s environment.

high medium likelihood

R-003: Customer-concentration and monetization opacity

Named customers and ecosystem scale are public, but customer concentration, contract values, expansion rates, and retention quality are not.

Diligence request: Request the top-15 customer list, >5% concentration schedule, renewal cohorts, expansion/contraction, and pipeline coverage.

medium high likelihood

R-002: Valuation staleness risk

The latest visible public valuation anchor remains the August 2021 Series D / current unicorn-list context, which may be stale relative to 2026 market conditions.

Diligence request: Request the latest board-approved 409A / internal valuation memo, recent secondary pricing, and investor-mark history.

medium medium likelihood

R-005: Execution complexity from product sprawl

The product surface spans client, specs, mocks, flows, AI, CLI, Native Git, and enterprise governance, which can deepen moat or diffuse focus.

Diligence request: Request product-line usage, roadmap prioritization, support burden, and attach-rate data by module.

medium medium likelihood

R-006: Security and compliance features are partly gated and partly bounded

Important enterprise controls exist, but several are gated to Enterprise or add-ons, and BYOK coverage explicitly excludes some synced data types.

Diligence request: Request current control matrices, audit reports, add-on uptake, and control gaps for regulated workloads.

medium medium likelihood

R-007: Operational and third-party dependency risk

Postman relies on a large cloud service surface and third-party integrations, and BYOK explicitly depends on AWS KMS.

Diligence request: Request architecture diagrams, cloud/provider commitments, RTO/RPO metrics, major subprocessor list, and outage postmortems.

medium medium likelihood

R-008: Workforce opacity risk

Founders and office locations are public, but current headcount, attrition, executive bench depth, and compensation structure are not.

Diligence request: Request org chart, headcount by function/location, attrition, key-hire/departure list, and executive employment agreements.

Chapter 01

01Financial Information

Public sources make Postman’s financing milestones and private-unicorn status fairly visible, but they do not make the business underwritable. The strongest evidence is the 2020 $150M Series C, the 2021 $225M Series D at $5.6B, and the current CB Insights unicorn-list row. Revenue, margin, burn, debt, customer concentration, and detailed capital structure remain mostly private.

I.A Annual and quarterly financial information for the past three years

not publicly verifiable confidence: low

No audited public income statement, balance sheet, cash-flow, backlog, or AR-aging package was verified in-session. Public materials are strong on user scale, product breadth, and financing milestones, but weak on accounting-quality detail.

Evidence gaps

  • Three-year audited financial statements were not publicly available.
  • Revenue by product, geography, and customer was not publicly disclosed.
  • No accounts receivable aging schedule or backlog report was verified.

Hidden risks

  • Marketing-authored scale metrics can overstate monetization quality if free usage is high.
  • Cloud-heavy product surfaces can hide weak unit economics if usage outpaces pricing.

Follow-up questions

  • What are current ARR, gross margin, burn, and cash runway?
  • How much revenue comes from plans, add-ons, usage resources, and enterprise services?
Public revenue, ARR, and unit-economic disclosure status
metricpublic signalsource windowverification statusdiligence request
Revenue / ARRNo audited revenue or ARR figure was verified in accessible public sources.Funding posts, billing docs, and plan docsnot_publicly_verifiableProvide audited revenue, ARR, growth, gross margin, and cash-flow statements.
Debt / bank linesNo debt facility or venture-debt schedule was verified in-session.Funding and company-summary sourcesnot_publicly_verifiableProvide all debt instruments, bank lines, security interests, and covenant packages.
Unit economicsPublic docs show monetization surfaces such as plan tiers, add-ons, and usage-based resources, but not gross margin, CAC payback, or burn efficiency.About plans, resource usage, and Postbot help pagespartially_verifiedProvide CAC, payback, cloud gross margin, support burden, and burn by module.
Customer concentration / revenue mixNamed customers are public, but no percentage-of-revenue disclosure by account, product, geography, or channel was verified.Series D and Public API Network blog postsnot_publicly_verifiableProvide top-account concentration, product/channel mix, and geographic revenue split.

Public sources are much stronger on adoption and workflow breadth than on accounting quality.

I.B Financial Projections

partially verified confidence: medium

No public three-year projection model was verified. What can be observed publicly is that Postman now has multiple monetization levers—plan tiers, usage-based resources, AI add-ons, and enterprise governance features—but not the internal forecast math behind them.

Evidence gaps

  • No capex, hiring, or financing-assumption model was public.
  • No FX, international-risk, or scenario analysis was public.

Hidden risks

  • A plan reset can improve pricing power or create migration friction; public sources do not show which is happening.
  • AI add-ons may improve ARPU but also increase inference cost or support burden.

Follow-up questions

  • What are the 2026-2028 revenue, margin, and capex assumptions?
  • What attach rates are assumed for Team, Enterprise, and security/AI add-ons?

I.C Capital Structure

partially verified confidence: medium

Public sources identify the founders, the private-company/unicorn status, and a set of major investors, but not the current cap table, option pool, debt stack, or dilution schedule.

Evidence gaps

  • No public stockholder list, share count, debt schedule, or dilutive-security schedule was verified.

Hidden risks

  • Private-company governance terms can materially differ from the simple investor list visible in blog posts.
  • A 2021 valuation anchor says little about current preference stack complexity.

Follow-up questions

  • What are the current fully diluted share count, option pool, and liquidation preferences?
  • Are there any venture debt lines, SAFEs, or side letters still outstanding?
Capital structure and ownership snapshot from public sources
stakeholderpublic positionpublic evidenceverification statusdiligence caveat
Abhinav Asthana, Ankit Sobti, Abhijit KaneCo-founders still publicly tied to leadership; exact equity ownership is not publicFounder blog and Wikipedia identify the founders and current leadership continuity.partially_verifiedNeed cap table, founder vesting, secondary sales, and board-rights schedules.
Institutional investorsInsight, CRV, Nexus, Coatue, Battery, and BOND are publicly named investorsSeries C, Series D, and Wikipedia list the major investor set.verifiedNo ownership percentages, liquidation preferences, or reserved-matter rights were publicly disclosed.
Current company statusPrivately held unicorn; no public listing was verifiedCB Insights, the unicorn list, and the current Wikipedia page all treat Postman as private.verifiedStill request the latest charter, cap table, SAFEs/notes, and any IPO-readiness materials.
Debt, options, warrants, and dilution scheduleNo public schedule was verified in-sessionAccessible public materials did not disclose debt facilities, option pools, warrant terms, or other dilution schedules.not_publicly_verifiableRequest current option, warrant, SAFE, note, and debt schedules with exercise prices and maturity profiles.

I.D Other financial information

partially verified confidence: medium

The best-publicly-verifiable financial facts are the 2020 Series C, the 2021 Series D at $5.6B, and the continued 2026 unicorn-list context. Tax positions, revenue-recognition detail, and debt/off-balance-sheet items were not public.

Evidence gaps

  • Tax positions and revenue-recognition policy were not verified in-session.

Hidden risks

  • Historical financing success can mask current-market valuation compression.
  • A stale unicorn-list value should not be mistaken for a 2026 fair-market mark.

Follow-up questions

  • What is the latest board-approved valuation and what financing instruments remain open?
  • How is revenue recognized across plan subscriptions, usage resources, and enterprise services?
Public funding-round history and valuation context
dateround or eventamount usd millionsvaluation usd billionsinvestors or contextpublic evidenceverification status
2015-05Seed1Seed round summarized on the current Wikipedia company pageWikipedia says Postman raised a $1 million seed round in May 2015.partially_verified
2020-06-11Series C150Led by Insight Partners with CRV and Nexus Venture PartnersOfficial company blog announced a $150 million Series C round.verified
2021-08-18Series D2255.6Insight, Coatue, Battery Ventures, BOND, CRV, Nexus, plus two individual investorsOfficial company blog announced a $225 million Series D at a $5.6 billion valuation.verified
2026-06-17Current unicorn-list context5.6Current CB Insights row still lists Postman as a private unicornCB Insights current unicorn list shows Postman at $5.60B.verified

No later priced round or internal mark was verified in-session.

Postman public funding timeline Timeline of the clearest public financing events identified in-session.
Latest public valuation trajectory Bar chart of publicly visible valuation anchors across major financing events.
Chapter 02

02Products

Accessible official docs support a broad product story: Postman is no longer just an API client. The public surface spans requests, collections, tests, Vault, Spec Hub, mock servers, workspaces, API Network, Flows, AI/Agent Mode, CLI, Native Git, and enterprise controls like API Catalog and Private API Network. Pricing-page dollars were blocked, but plan structure and feature gating are still visible in docs.

II.A Description of each product

verified confidence: high

Official docs show a genuinely broad platform covering design, testing, collaboration, automation, governance, and AI-assisted workflows. The main public-source caveat is that pricing-page amounts were blocked and module-level usage or profitability was not disclosed.

Evidence gaps

  • Public sources do not disclose module-level adoption, churn, or profitability.
  • Current list prices and enterprise discounting were not verified because the pricing page itself was blocked.

Hidden risks

  • Product breadth can deepen moat or dilute focus and support complexity.
  • Enterprise-only governance features may narrow the addressable audience for premium controls.

Follow-up questions

  • Which products drive the highest gross margin and NRR?
  • How many customers actively use governance, AI, or Flows rather than only the API client?
Product and workflow matrix
product or surfaceprimary userpublic capabilitysourceverification status
API requests and collectionsIndividual developers and API teamsSend requests, group them in collections, secure data with Vault, and write tests.Docs overviewverified
Spec Hub and specificationsAPI designers and platform teamsDesign APIs in OpenAPI, AsyncAPI, protobuf, GraphQL, or Smithy and generate collections.Design docsverified
Mock serversDevelopers and QA teamsSimulate endpoints and dynamic responses before production readiness.Design docsverified
Workspaces and collaborationInternal teams and external collaboratorsUse workspaces, live sessions, sharing, comments, and changelogs.Collaboration docsverified
Postman FlowsAutomation builders and API teamsCreate low-code workflows and deploy them as cloud endpoints.Flows docsverified
AI features and Agent ModeDevelopers and platform engineersUse Agent Mode, compare models, test MCP servers, and build MCP servers.AI docsverified
API NetworkAPI publishers and consumersDiscover, publish, and consume public workspaces, collections, APIs, and flows.API Network blog and collaboration docsverified
API CatalogEnterprise platform teamsCentralized governance, runtime analytics, scorecards, and discovered-service views.API Catalog docsverified
CLI and Native GitCI/CD and developer teamsRun tests, mocks, monitors, governance checks, SDK generation, and local Git-backed workflows.CLI and Native Git docsverified
Current plan structure and feature gating
plan or add onpublic positioningnotable public features or limitsevidenceverification status
FreeSingle-user entry pointOne user; no team collaboration; core workflow and built-in AI surfaces; Postbot trial availableAbout plans and Free/Solo docs describe Free as single-player and limited to one member.verified
SoloAdvanced individual-user planSingle-player experience with higher AI credits and automation capabilities for individualsAbout plans describes Solo as a new individual-user offering with higher AI/automation access.verified
TeamPaid collaboration planReplaces Basic; enables team management and collaboration features beyond Free/SoloAbout plans and team-management docs describe Team as the paid collaboration path.verified
EnterpriseHighest-control organizational planOrganizations, Private API Network, service accounts, audit logs, BYOK, and Advanced Security Administration optionsMultiple docs explicitly gate these features to Enterprise.verified
Add-onsUsage and security upsellsPostbot add-on, Advanced Security Administration, Simple Security, Premium Support, and usage-linked resourcesAbout plans, resource-usage docs, Secret Scanner docs, and Postbot help page describe add-ons and limits.verified

The public pricing page itself was blocked by the proxy, so this matrix relies on accessible official billing/docs pages.

Postman platform architecture from official docs Public-doc abstraction of Postman’s current platform surface.
Chapter 03

03Customer Information

Public sources show real customer and ecosystem traction, but not customer economics. Named enterprise customers include Salesforce, Stripe, Kroger, Cisco, and PayPal, and the API Network post adds Stripe, Microsoft, Twilio, Twitter, and Cisco DevNet as publisher references. What is missing is the classic diligence core: top-15 customer list, concentration, renewal, and supplier spend exposure.

III.A Top customers by application

partially verified confidence: medium

Public sources do name enterprise customers and ecosystem publishers, but mostly as proof points rather than as a structured top-customer schedule with timing, spend, or use-case depth.

Evidence gaps

  • No top-15 customer schedule, purchase timing, or product-level customer mix was public.
  • Most named customers lacked quantified case-study outcomes in the accessible source set.

Hidden risks

  • Logo-heavy evidence can overstate monetization quality if contracts are small, dormant, or pilot-stage.
  • Publisher relationships on the API Network are not necessarily the same thing as paying enterprise accounts.

Follow-up questions

  • Which of the named accounts are top-10 ARR contributors?
  • What use cases and contract sizes correspond to each named enterprise account?
Publicly disclosed customers and ecosystem references
customer or publisherpublic relationshipuse case or contextsourceverification status
StripeNamed enterprise customer and public API Network publisherStripe said the Public API Network helps educate team members and improve developer testing experiences.Series D blog and API Network blogpartially_verified
SalesforceNamed enterprise customerSpecific use case not publicly disclosed in the accessible source set.Series D blogpartially_verified
PayPalNamed enterprise customerSpecific use case not publicly disclosed in the accessible source set.Series D blogpartially_verified
KrogerNamed enterprise customerSpecific use case not publicly disclosed in the accessible source set.Series D blogpartially_verified
Cisco / Cisco DevNetNamed enterprise customer and public API publisher referenceNamed both in Series D enterprise-customer list and in the Public API Network publisher list.Series D blog and API Network blogpartially_verified

Public sources name customers but do not disclose contract value, current spend, or renewal status.

Customer concentration disclosure gap Placeholder bar chart showing that named customers are public but revenue weight is not.

III.B Strategic relationships

partially verified confidence: high

Public docs make the integration and ecosystem layer visible—especially GitHub, Slack, Microsoft Teams, and public API publishers—but do not reveal partner economics, exclusivity, or sourced revenue.

Evidence gaps

  • No partner-sourced pipeline or revenue contribution data was public.
  • No contract-rights or termination-rights summary was public.

Hidden risks

  • Heavy workflow dependence on partner tools can raise both stickiness and platform dependency.
  • Public publisher relationships may not convert into meaningful direct revenue.

Follow-up questions

  • Which integrations drive the most activation or enterprise expansion?
  • What revenue or usage concentration exists across partner channels?
Strategic relationships, integrations, and ecosystem channels
partner or surfacerelationship typepublic evidenceverification statusgap
GitHubProduct integration / workflow bridgePostman says it can back up collections to GitHub repositories and sync APIs with GitHub.verifiedNeed commercial terms, usage depth, and enterprise adoption data.
SlackWorkflow notifications and Agent Mode on CloudIntegrations docs say Slack can subscribe to monitors, workspace changes, personal notifications, and Agent Mode on Cloud workflows.verifiedNeed attachment rates and workflow criticality by paid segment.
Microsoft TeamsWorkflow notifications and collaborationIntegrations docs say Microsoft Teams can subscribe to monitors, workspace changes, and notifications.verifiedNeed attachment rates and enterprise usage data.
Public API publishers (e.g., Microsoft, Twilio, Twitter, Stripe, Cisco DevNet)Ecosystem distribution / discovery channelAPI Network blog names these organizations as public workspace publishers.partially_verifiedNeed data on conversion from API Network publishing to paid expansion or partner-sourced revenue.

III.C Revenue by customer

not publicly verifiable confidence: low

Customer-revenue concentration remains a public blind spot. The company’s public sources demonstrate adoption and logos, but not any account-level revenue schedule.

Evidence gaps

  • No public >5% revenue customer disclosure was verified.
  • No renewal, expansion, or churn schedule by account was public.

Hidden risks

  • Concentration risk cannot be cleared from logo lists alone.

Follow-up questions

  • How many customers account for 25%, 50%, and 75% of ARR?
  • What is the renewal profile of the largest 20 accounts?
Customer concentration and revenue-disclosure status
disclosure itempublic statusevidenceverification statusdiligence request
Top 15 customers by revenueNot publicly disclosed in accessible sourcesPublic sources name customers but do not rank them by revenue.not_publicly_verifiableProvide customer rankings, contract value, and purchase timing.
Customers above 5% of revenueNot publicly disclosed in accessible sourcesNo concentration schedule was found in funding posts, docs, or current public materials.not_publicly_verifiableProvide concentration schedule and exposure by customer and parent entity.
Renewal and expansion ratesNot publicly disclosed in accessible sourcesNamed-customer and ecosystem metrics do not include renewal behavior.not_publicly_verifiableProvide GRR, NRR, logo churn, seat expansion, and downgrade data.
Pipeline by customer or segmentNot publicly disclosed in accessible sourcesAccessible public sources focus on adoption and workflow breadth rather than booked or forecast pipeline.not_publicly_verifiableProvide pipeline coverage, stage aging, and conversion metrics by segment.

III.D Significant relationships severed within the last two years

inconclusive confidence: low

No severed customer, partner, or supplier relationship was verified in the accessible source set. Because the search was not exhaustive across news, courts, and contract disclosures, this remains inconclusive rather than clean.

Evidence gaps

  • Broader news and contract review was not completed.
  • Public customer references do not show whether logos remained active after the cited posts.

Hidden risks

  • A lack of public severance evidence is not proof of relationship stability.

Follow-up questions

  • Have any top customers, publishers, or suppliers materially reduced usage or left since 2024?
  • Are any strategic integrations subject to notice of termination or changing economics?

III.E Top suppliers

partially verified confidence: medium

The accessible public record shows several named dependency surfaces—AWS KMS, GitHub, Slack, Microsoft Teams, and a public sub-processor list—but not the ranked supplier-spend schedule typical of diligence.

Evidence gaps

  • No ranked supplier list with spend, renewal dates, or concentration percentages was public.
  • Sub-processor detail pages were not fully fetched in-session.

Hidden risks

  • Named dependency points can matter operationally even without a formal spend-concentration schedule.
  • Sub-processor existence without extracted vendor detail limits dependency assessment.

Follow-up questions

  • Provide the top-10 suppliers by spend and their roles in service delivery.
  • Provide cloud commitments, KMS dependency scope, and sub-processor change logs.
Supplier, cloud, and infrastructure dependency signals
vendor or dependencyrolepublic evidenceverification statusconcentration risk
AWS Key Management Service (KMS)Customer-managed encryption key store for BYOKBYOK docs explicitly say the feature uses AWS KMS.verifiedNamed dependency for a premium security feature; key-management outage or relationship issues could affect regulated customers.
GitHubRepository backup and API sync; local Git-backed workflow bridgeGitHub integration and Native Git docs tie Postman workflows to Git repositories.verifiedWorkflow stickiness rises with GitHub adoption, but dependency on external repo availability and auth flows also rises.
Slack / Microsoft TeamsNotification and workflow integrationsIntegrations docs describe notifications and AI workflow surfaces via Slack and Teams.verifiedOperationally important for embedded workflows, but commercial criticality is unclear from public sources.
Sub-processor footprintPrivacy and data-processing dependency surfacePostman AI Resources page publicly links a sub-processor list, but the underlying detail page was not fully fetched in-session.partially_verifiedA third-party processing footprint clearly exists, but vendor list completeness and spend concentration remain unverified.
Chapter 04

04Competition

Postman’s public positioning sits at the intersection of several competitive categories: API client, API design/governance suite, collaboration platform, low-code automation layer, and API hub. The clearest public competitors in this session were Insomnia, SwaggerHub, Bruno, and RapidAPI. That breadth is an advantage, but it also means Postman fights on multiple fronts with different buying criteria and pricing expectations.

IV.A Competitive landscape by market segment

verified confidence: high

Public competitor pages show that Postman is no longer just fighting other API clients. Insomnia attacks on open/free and local/Git workflows, SwaggerHub on governed design and catalog, Bruno on local-only anti-platform simplicity, and RapidAPI on API discovery/marketplace depth.

Evidence gaps

  • No public win/loss data or pricing-discount comparisons were verified in-session.

Hidden risks

  • The more categories Postman participates in, the harder clear positioning and pricing become.
  • Local-first challengers can win where enterprises distrust cloud sync or prefer repo-native artifacts.

Follow-up questions

  • What is the win rate against Insomnia, SwaggerHub, Bruno, and RapidAPI by segment?
  • Which feature families most often drive competitive displacement?
Competitor comparison matrix
competitorpublic positioningoverlap with postmandifferentiation signalpublic owner or funding signalsource
PostmanBroad API lifecycle platform with collaboration, governance, AI, CLI, and API network surfacesN/ACombines client, design, mocks, workspaces, API Network, governance, and AI/agent workflows in one surfacePrivate unicorn; latest public valuation anchor $5.6BPostman docs, blog, CB Insights
InsomniaAI-native API collaboration platformAPI client, mocking, testing, governance, Git workflowsOpen-source/free tier and explicit local, Git, or cloud workflow claims with Kong Konnect tie-inKong-branded product surfaceInsomnia homepage
SwaggerHubGoverned API design, catalog, documentation, and mock APIsSpec design, catalog, governance, docs, mocksStyle guides and design-centric governance emphasisSmartBear product surfaceSwaggerHub homepage
BrunoGit-native, local-only, open-source API clientRequest sending, collections, developer workflowsLocal-only / not-a-platform positioning directly attacks SaaS platform complexityOpen-source challenger with strong GitHub emphasisBruno homepage
RapidAPI API HubPublic and enterprise API marketplace / hubAPI discovery, publishing, testing, and hub surfacesMarketplace-centric rather than end-to-end team workflow depthMarketplace / hub product surfaceRapidAPI homepage
Basis-of-competition scoring from public positioning
axispostman positioncompetitor reference pointsevidencerisk implication
Lifecycle breadthHighSwaggerHub and Insomnia are broad; Bruno is intentionally narrow; RapidAPI is hub-centricPostman docs span design, test, collaboration, flows, AI, CLI, and API catalog.Breadth can be a moat, but also raises product-sprawl and execution risk.
Collaboration and governanceHighSwaggerHub is governance-strong; Insomnia emphasizes collaboration; Bruno is weaker by designWorkspaces, Private API Network, roles, API Catalog, and audit/security controls are public.Governance strength helps enterprise upsell but may be harder to explain to self-serve users.
Local-first developer controlMediumBruno and Insomnia push harder on local/Git-first controlNative Git mitigates cloud-only objections, but Postman still syncs to Postman Cloud and sells broader SaaS governance.Local-first competitors can win on privacy, simplicity, or developer preference.
API discovery and publishingHighRapidAPI is marketplace-heavy; SwaggerHub and Insomnia are less hub-centricPostman API Network and publisher workflows are public; RapidAPI emphasizes a marketplace hub.Discovery/network advantages can drive distribution, but monetization linkage must be tested.
Enterprise admin/securityHighSwaggerHub and Insomnia show strong governance stories, but Postman publicly exposes more admin/security feature detail in the accessible setOrganizations, service accounts, audit logs, Secret Scanner, and BYOK are all documented.Enterprise controls are differentiating, but attach rates and control depth require private diligence.
Competitive market map Qualitative market map of Postman and selected public competitors.
Chapter 05

05Marketing, Sales, and Distribution

Postman’s public GTM picture looks strongly developer-led: single-user entry points, deep docs and education surfaces, public API Network distribution, and workflow integration into Git/GitHub/CI. The visible enterprise motion sits on top of this through Team and Enterprise plans, governance features, and security/admin controls. Public sources do not reveal the commercial conversion, sales productivity, or budget behind the motion.

V.A Strategy and implementation

partially verified confidence: high

Accessible public materials support a PLG-first but increasingly enterprise-governed GTM story. The most visible acquisition and distribution surfaces are Free/Solo, docs, API Network, public workspaces, integrations, and repo-adjacent workflows like Native Git and CLI.

Evidence gaps

  • No public CAC, channel mix, or marketing-budget data was verified.
  • No country-by-country channel performance or distributor economics were public.

Hidden risks

  • A stricter single-user Free plan can improve conversion or hurt organic collaboration growth.
  • Large public-scale metrics do not prove efficient paid acquisition or sales productivity.

Follow-up questions

  • What portion of new ARR is self-serve versus sales-assisted?
  • How did the March 2026 plan change affect activation and team creation?
Distribution channels and GTM motions
channelpublic evidencelikely motionverification statusrisk or limit
Free and Solo self-serveOfficial docs frame Free/Solo as individual-user entry points with built-in AI and no team collaboration.Top-of-funnel developer acquisition and trial motionverifiedPublic sources do not disclose Free-to-paid conversion or support burden.
Team and Enterprise expansionOfficial docs gate collaboration, organizations, Private API Network, and admin features to paid tiers.PLG-to-team-to-enterprise upsell ladderverifiedPublic sources do not disclose seat growth, enterprise sales-cycle length, or discounting.
API Network and public workspacesAPI Network supports public discovery, publisher promotion, and free browsing of public APIs/workspaces.Community-led discovery, activation, and publisher distributionverifiedPublic sources do not quantify paid conversion from API Network exposure.
Docs, learning, and community surfacesDocs home highlights Academy, templates, videos, support, and community/forum resources.Education-led developer acquisition and retentionverifiedPublic sources do not quantify content CAC efficiency or channel attribution.
GitHub / Native Git / CLIGitHub integration, Native Git, and CLI create repo-adjacent workflow touchpoints.Developer workflow embed and CI/CD expansionverifiedPublic sources do not disclose repo-attachment or CI-seat expansion rates.
Public marketing and community signals
signalpublic metric or artifactdate or recencysourceverification status
Developer scale17 million developers and 60 million app downloads2021-08-18Series D blogpartially_verified
Ecosystem scale17 million users, 500,000 organizations, 75,000 APIs, 35,000 collections, 20,000 workspaces2021-08-12Public API Network blogpartially_verified
Learning and enablement surfacesDocs home promotes Academy, templates, video content, support, and community resourcescurrent docs captureDocs homeverified
Publisher and brand haloPublic API Network highlights publishers such as Stripe, Salesforce, Microsoft, Twilio, Twitter, and Cisco DevNet2021-08-12Public API Network blogpartially_verified
Packaging resetMarch 2026 plans simplified to Free/Solo/Team/Enterprisecurrent billing docsAbout plansverified

Most growth metrics are historical and company-authored rather than independently audited.

Public scale and distribution proxies Bar chart of the strongest public-scale signals visible in official company posts.

V.B Major Customers

partially verified confidence: medium

Named customers and publisher quotes show credible enterprise traction, but public sources do not reveal whether those relationships are small, large, expanding, or at risk.

Evidence gaps

  • No contract value, NRR, or pipeline data was public.

Hidden risks

  • Logo lists can materially overstate revenue depth.

Follow-up questions

  • Which named logos have expanded in the last 12 months?
  • How many top accounts buy only the API client versus broader platform modules?

V.C Principal avenues for generating new business

verified confidence: high

The clearest public new-business avenues are Free/Solo self-serve, Team/Enterprise upgrades, API Network exposure, GitHub/Native Git/CLI workflow embed, and integration-led activation through tools like Slack and Microsoft Teams.

Evidence gaps

  • No public sourced-pipeline or partner-sourced ARR breakdown was verified.

Hidden risks

  • Indirect partner and community channels may boost reach but can be hard to monetize cleanly.

Follow-up questions

  • Which channels generate the highest-converting enterprise opportunities?
  • What share of new enterprise landings start from public workspaces or Git-backed workflows?

V.D Sales force productivity model

not publicly verifiable confidence: low

No public sales compensation, quota, cycle-length, or new-hire productivity model was verified. This is a classic data-room-only area.

Evidence gaps

  • No public sales productivity model was verified.
  • No public hiring or ramp assumptions were verified.

Hidden risks

  • Without quota and ramp data, it is impossible to test whether the enterprise motion is efficient or subsidy-heavy.

Follow-up questions

  • What are quotas, attainment, pay mix, and sales-cycle benchmarks by segment?
  • How many reps or AEs are supported by the current pipeline?
Sales productivity and pipeline disclosure status
metricpublic disclosure statusevidenceverification statusdiligence request
Sales compensationNot publicly disclosed in accessible sourcesPublic plan and feature docs do not disclose compensation structures.not_publicly_verifiableProvide sales comp plans, accelerators, and quota retirement assumptions.
Average quotaNot publicly disclosed in accessible sourcesNo quota data was found in official docs, blog posts, or current public materials.not_publicly_verifiableProvide quota by segment, ramp assumptions, and attainment history.
Sales cycleNot publicly disclosed in accessible sourcesPublic customer references and plan docs do not disclose cycle length or procurement complexity.not_publicly_verifiableProvide sales-cycle distribution by plan and customer segment.
New-hire plan and pipeline coverageNot publicly disclosed in accessible sourcesNo current public headcount or sales-hiring plan was verified in-session.not_publicly_verifiableProvide hiring plan, territory coverage, and pipeline coverage metrics.

V.E Ability to implement marketing plan with current and projected budgets

not publicly verifiable confidence: low

Marketing budgets and forward spend plans were not publicly disclosed. Publicly visible reach is substantial, but execution efficiency cannot be assessed without private spend and attribution data.

Evidence gaps

  • No public marketing budget, spend mix, or projected plan was verified.

Hidden risks

  • Scale signals without spend efficiency data can lead to false confidence.

Follow-up questions

  • What are marketing spend, CAC by channel, and payback periods?
  • How much of growth is organic/community versus paid or sales-assisted?
Chapter 06

06Research and Development

Public evidence supports the view that Postman maintains both proprietary platform development and an active public technical footprint. Current docs show roadmap surfaces around AI, Agent Mode, Flows, API Catalog, and governance. Public repos such as Newman, Runtime, Collection SDK, and Code Generators show long-running developer infrastructure work, though internal engineering organization depth remains mostly private.

VI.A Description of R&D organization

partially verified confidence: medium

The accessible public record shows founding technical leadership and a significant public repo surface, but not a detailed current R&D org chart. The open-source layer does, however, indicate sustained investment in collections, runtime, CLI-adjacent workflows, and code generation.

Evidence gaps

  • No detailed current R&D org chart or team-by-team headcount was public.
  • Broader engineering-leadership bench beyond the founders was not normalized in-session.

Hidden risks

  • Open-source activity can coexist with thin internal team depth if key closed-source layers are under-resourced.
  • Public repos do not reveal internal dependency risk or bus-factor concentration.

Follow-up questions

  • What is the current R&D org by function and geography?
  • Which repos or closed-source components are mission-critical but understaffed?
Public R&D leadership and technical stewardship signals
name or grouppublic rolepublic evidenceverification statusnotes
Abhinav AsthanaCo-founder and CEOWikipedia and founder blog identify Asthana as a co-founder and CEO.partially_verifiedAlso serves as author of key company-history and funding posts.
Ankit SobtiCo-founder and CTOWikipedia says the three co-founders lead the company and that Ankit serves as CTO.partially_verifiedPublic broader engineering-leadership bench was not fully verified in-session.
Abhijit KaneCo-founderFounder blog and Wikipedia identify Kane as a co-founder who still publicly appears in the founding narrative.partially_verifiedCurrent operating remit beyond co-founder status was not verified in-session.
Postman Labs public repositoriesOpen-source stewardship surfacePublic repos for Newman, Runtime, Collection SDK, and Code Generators remain active.verifiedThis is an institutional—not individual—R&D signal.
Public open-source R&D assets
assetpublic rolestars or scalelatest public activityverification status
postmanlabs/newmanCommand-line collection runner for Postman7,230 GitHub starsUpdated 2026-06-17verified
postmanlabs/postman-runtimeLow-level runtime backbone for collection running and request sending252 GitHub starsPushed 2026-06-11verified
postmanlabs/postman-collectionCollection SDK for working with Postman Collections496 GitHub starsUpdated 2026-06-05verified
postmanlabs/postman-code-generatorsRequest-to-code generation library across many languages1,045 GitHub starsPushed 2026-03-10verified
R&D portfolio map from public repos and current docs Architecture-style map of Postman’s public technical portfolio.

VI.B New Product Pipeline

partially verified confidence: high

The clearest public pipeline themes are AI/agent workflows, Local View → Git → Cloud development, API Catalog governance, CLI automation, and Flows-based workflow deployment. Cost-of-development and roadmap prioritization remain private.

Evidence gaps

  • No public roadmap prioritization, R&D budget, or expected ship-date schedule was verified.
  • No public cost-of-development or capex burden for AI features was verified.

Hidden risks

  • AI and workflow automation can expand product reach while increasing compute, support, and governance complexity.

Follow-up questions

  • Which roadmap items are monetization-critical in the next 12 months?
  • How are AI inference costs and governance obligations being budgeted?
Public product and research pipeline signals
initiativepublic statuswhy it matterssourceverification status
Agent Mode (local and cloud)Current feature surfacePushes Postman into AI-assisted execution and cloud-run engineering tasks.AI docs and Agent Mode docsverified
AI model and MCP server testingCurrent feature surfaceExpands Postman from API tooling into agent tooling and model evaluation.AI docsverified
Flows cloud endpointsCurrent feature surfaceMoves Postman into low-code automation and workflow execution.Flows docsverified
API Catalog scorecards and governance groupsCurrent enterprise feature surfaceStrengthens governance and API operations depth.API Catalog docsverified
CLI-based SDK generation and governance checksCurrent feature surfaceDeepens CI/CD integration and code-artifact portability.CLI docsverified
Native Git and local/cloud dual viewCurrent feature surfaceResponds to local-first workflow pressure from lighter-weight competitors.Native Git docsverified
Chapter 07

07Management and Personnel

Public management visibility is materially thinner than product visibility. The source set verifies the founders, CEO/CTO continuity, and office-location footprint, but not current employee count, function-by-function headcount, executive compensation, attrition, or workforce issues. This chapter therefore carries heavier evidence-gap weight than most others.

VII.A Organization Chart

partially verified confidence: medium

Only a minimal founding-layer org chart could be built from accessible public sources. Broader executive and departmental reporting lines were not normalized in-session.

Evidence gaps

  • No public full org chart was verified.
  • Broader executive reporting lines were not public in the accessible source set.

Hidden risks

  • Thin public org visibility can hide bench-depth or succession risk.

Follow-up questions

  • Provide a current org chart down to VP level.
  • Which functions report directly to the CEO and CTO?
Public leadership org chart Minimal org chart using only publicly verified leadership roles.

VII.B Historical and projected headcount by function and location

not publicly verifiable confidence: low

Accessible public sources support only a sparse set of workforce anchors: the founder count, the office-location footprint, and the 2017 HQ move. A current total employee count and projected hiring plan were not verified.

Evidence gaps

  • Current total employee count, hiring plan, and function-by-function headcount were not public.
  • Projected headcount by location was not public.

Hidden risks

  • Without current headcount or attrition, org-capacity risk is hard to judge.

Follow-up questions

  • What is headcount by function and geography today and in the next 12 months?
  • What percentage of the workforce sits in engineering versus GTM and support?
Workforce and location signals from public sources
signaldate or periodpublic valuesourceverification status
Initial builder count2012Started as Abhinav Asthana side projectFounder blog / Wikipediapartially_verified
Founding leadership count2014+Three co-founders publicly identified as leading the companyFounder blog / Wikipediapartially_verified
Headquarters2017 onwardCorporate headquarters moved from Bengaluru to San Francisco in 2017Wikipediapartially_verified
Current office footprintcurrent public pageSan Francisco HQ plus Tokyo and Bengaluru officesWikipediapartially_verified
Current total employee count2026-06-18 reviewNot publicly disclosed in accessible sources reviewed in-sessionAccessible public-source gapnot_publicly_verifiable

This is thinner than ideal because LinkedIn, careers, and several third-party headcount surfaces were inaccessible or blocked.

Public workforce anchor points Bar chart of the thin public workforce anchors available in-session.

VII.C Senior management biographies

partially verified confidence: medium

The founders are clearly identifiable in public materials, but the broader executive bench is not. This is enough for a founding narrative, not enough for full management diligence.

Evidence gaps

  • CFO, CRO, general counsel, security, and people leadership were not normalized in-session.

Hidden risks

  • Founder continuity can be a strength but also a concentration risk if bench depth is thin.

Follow-up questions

  • Provide bios and tenure history for the full executive team and board observers.
  • What prior-company experience do non-founder executives bring?
Senior management roster from public sources
nameroletenure signalsourceverification status
Abhinav AsthanaCo-founder and CEOFounding leader from the original 2012 side project through current public materialsFounder blog and Wikipediapartially_verified
Ankit SobtiCo-founder and CTOCo-founder and current CTO per public founder/company page summaryWikipediapartially_verified
Abhijit KaneCo-founderCo-founder still referenced as part of the company’s public founding leadershipFounder blog and Wikipediapartially_verified
Broader executive benchNot fully verified in-sessionCurrent CFO/CRO/legal/security bench not normalized from accessible public sourcesAccessible public source gapnot_publicly_verifiable

VII.D Compensation arrangements

not publicly verifiable confidence: low

No public executive compensation package, severance agreement, or benefit-plan summary was verified.

Evidence gaps

  • No public employment agreements or bonus plans were verified.

Hidden risks

  • Compensation misalignment can create retention and acquisition-integration risk.

Follow-up questions

  • Provide executive employment agreements, severance terms, and annual incentive plans.

VII.E Incentive stock plans

not publicly verifiable confidence: low

No public stock-plan schedule or option-grant summary was verified.

Evidence gaps

  • No public equity-incentive plan details were verified.

Hidden risks

  • Hidden dilution and weak retention design can materially change buyer economics.

Follow-up questions

  • Provide option-pool size, vesting structure, and recent executive or broad-based grants.

VII.F Significant employee relations problems, past or present

inconclusive confidence: low

No employee-relations problem was verified from the accessible public source set, but labor, arbitration, and state-court review was not exhaustive.

Evidence gaps

  • No exhaustive labor or arbitration sweep was completed.

Hidden risks

  • Absence of accessible public evidence is not proof of a clean HR record.

Follow-up questions

  • Provide any threatened or active employment disputes, settlements, and HR remediation workstreams.

VII.G Personnel Turnover

not publicly verifiable confidence: low

Public sources show founding-leadership continuity but not turnover metrics, regretted attrition, or retention-program performance.

Evidence gaps

  • No two-year turnover schedule or benefit-plan retention data was verified.

Hidden risks

  • A stable founding team does not guarantee healthy broader retention.

Follow-up questions

  • Provide two-year attrition by function/location and key-leader departures.
Workforce disclosure gaps, continuity, and turnover visibility
itempublic signalverification statusdiligence requestrisk note
Leadership continuityFounders still publicly appear as active leaders, with Asthana as CEO and Sobti as CTOpartially_verifiedConfirm current full leadership roster and recent executive changes.Continuity is positive, but it does not prove bench depth or succession readiness.
Executive compensationNo public executive compensation packages or employment agreements were verifiednot_publicly_verifiableProvide executive comp, severance, change-in-control, and bonus plans.Comp misalignment can materially affect retention and acquisition outcomes.
Incentive stock plansNo public stock-plan schedule or option-grant summary was verifiednot_publicly_verifiableProvide option-pool size, grant practices, and dilution impact.Equity overhang and retention economics are opaque.
Attrition and turnoverNo public attrition or turnover metric was verified in-sessionnot_publicly_verifiableProvide two-year attrition by function/location and regretted-loss analysis.Attrition can flag org stress even when product metrics are strong.
Employee relations disputesNo public employee-relations issue was verified from the accessible source set, but court and labor-database review was incompleteinconclusiveProvide litigation/arbitration list, HR issue history, and whistleblower process summary.Incomplete public coverage means absence of evidence should not be over-read.
Chapter 08

08Legal and Related Matters

Public legal visibility was mixed. The strongest specific signal is a 2024 patent-infringement suit by WebSock that was terminated in March 2025 after a stipulation of dismissal. Public trademark-search results show software-related POSTMAN marks filed in 2018, and current docs/help expose privacy, AI-terms, sub-processor, audit-log, Secret Scanner, and BYOK surfaces. A broader regulatory and litigation sweep still requires deeper public-database work.

VIII.A Pending lawsuits against the Company

partially verified confidence: high

One accessible public lawsuit was identified: WebSock Global Strategies LLC v. Postman, Inc., a patent case filed in September 2024 and terminated in March 2025 after a stipulation of dismissal. No public merits analysis or settlement economics were visible from the accessible docket extract.

Evidence gaps

  • No full PACER review, outside-counsel memo, or reserve analysis was available.

Hidden risks

  • Even quickly terminated IP suits can signal nuisance-settlement or freedom-to-operate exposure.
  • One public case does not clear the broader litigation landscape.

Follow-up questions

  • What was the commercial outcome of the WebSock dispute?
  • Are there other unverified patent, contract, or employment disputes not captured by the accessible search?
Public lawsuits against the company identified in accessible sources
casecourtfiled datestatuspublic evidenceverification status
WebSock Global Strategies LLC v. Postman, Inc., 1:24-cv-01010D. Del. / CourtListener public docket summary2024-09-04Terminated 2025-03-17 after stipulation of dismissalCourtListener shows a patent infringement complaint, later a stipulation of dismissal, and case termination.verified

No merits or settlement economics were available from the public docket excerpt.

Legal and regulatory timeline Timeline of the clearest public legal and compliance artifacts surfaced in-session.

VIII.B Pending lawsuits initiated by Company

inconclusive confidence: medium

No company-initiated lawsuit was verified from the narrow exact-match CourtListener query used in-session, so this section remains inconclusive rather than clean.

Evidence gaps

  • Broader federal, state, and arbitration review was not completed.

Hidden risks

  • Exact-match legal searches can miss variant party names or non-federal matters.

Follow-up questions

  • Has Postman initiated any IP, contract, employment, or collection action in the last five years?
  • What matters are pending under alternate entity names or counsel styles?
Public lawsuits initiated by the company — exact-match search status
search or casecourt or sourcedate observedstatuspublic evidenceverification status
Exact-match query: "Postman, Inc. v."CourtListener search results2026-06-180 exact-match results shown at captureThe narrow CourtListener search returned zero exact-match results.inconclusive

This is not proof that Postman has never initiated litigation; broader query variants and state-court review are still required.

VIII.C Environmental and employee safety issues and liabilities

inconclusive confidence: low

No environmental or employee-safety issue was verified from accessible public sources. For a software company like Postman, the more relevant public compliance surfaces were privacy, AI governance, and secret-management controls.

Evidence gaps

  • No dedicated environmental or employee-safety database sweep was completed.

Hidden risks

  • A software company can still carry office, contractor, and data-center policy exposure even without classic environmental liabilities.

Follow-up questions

  • Provide incident logs, workplace-safety policies, and any regulatory notices related to workplace or data-center operations.

VIII.D Material patents, copyrights, licenses, and trademarks

partially verified confidence: medium

Public trademark-search results and repo-license data show a mixed IP surface: Postman protects its brand with software-related POSTMAN marks while also maintaining multiple Apache-2.0 public repositories; the software itself is described as proprietary in Wikipedia. Patent depth beyond the WebSock complaint reference was not normalized.

Evidence gaps

  • Full trademark status, patent portfolio, and assignment history were not normalized in-session.

Hidden risks

  • Open-source breadth can improve ecosystem reach while complicating IP-governance and dependency management.

Follow-up questions

  • Provide trademark registration certificates, patent schedule, copyright/assignment record, and OSS policy.
Material IP, trademarks, licenses, and public-repo license posture
assetjurisdiction or repopublic statuspublic evidenceverification status
POSTMAN word markJustia serial 87831311Filed 2018-03-13; owned by Postman Inc.Justia search results show a POSTMAN software-related mark owned by Postman Inc.verified
POSTMAN word markJustia serial 87831318Filed 2018-03-13; owned by Postman Inc.Justia search results show a second POSTMAN software-related mark owned by Postman Inc.verified
POSTMAN word markJustia serial 87831297Filed 2018-03-13; owned by Postman Inc.Justia search results show a third POSTMAN software-related mark owned by Postman Inc.verified
Postman softwareWikipedia product summaryDescribed as proprietary softwareWikipedia lists the software license as proprietary software.partially_verified
Postman Runtime licensepostmanlabs/postman-runtimeApache-2.0 public repositoryGitHub metadata and README show a public runtime repo under Apache-2.0.verified
Postman Collection SDK licensepostmanlabs/postman-collectionApache-2.0 public repositoryGitHub metadata and README show a public SDK repo.verified
Postman code generators licensepostmanlabs/postman-code-generatorsApache-2.0 public repositoryGitHub metadata and README show a public code-generation repo.verified

Trademark registration status details and any patent portfolio beyond public lawsuit references were not fully normalized in-session.

VIII.E Insurance coverage and material exposures

not publicly verifiable confidence: low

No public insurance coverage schedule or reserve analysis was verified. Publicly visible exposures still include IP claims, privacy/AI governance, and dependency-driven service risk.

Evidence gaps

  • No public D&O, cyber, E&O, or general liability coverage details were verified.

Hidden risks

  • Insurance gaps can turn moderate legal or outage events into materially larger balance-sheet problems.

Follow-up questions

  • Provide insurance schedule, limits, retentions, exclusions, and claims history.

VIII.F Material contracts

partially verified confidence: medium

Public sources show workflow-critical relationships—GitHub integration, Native Git, service accounts for automation, and AWS KMS for BYOK—but not the underlying commercial contracts, SLAs, or termination rights.

Evidence gaps

  • No material contract list or SLAs were public.
  • No cloud-commitment or reseller/partner agreement schedule was public.

Hidden risks

  • Critical workflow dependencies can create hidden renewal, termination, or minimum-commitment risk.

Follow-up questions

  • Provide material contracts for GitHub, cloud providers, key integrations, and enterprise security add-ons.
  • What notice, termination, or indemnity clauses matter most?

VIII.G Regulatory agency problems

inconclusive confidence: medium

No regulator action was verified from the accessible public-source set used in-session, but the company does publicly surface AI terms, privacy, sub-processor, audit-log, Secret Scanner, and BYOK materials. That is a better signal of compliance readiness than of regulatory cleanliness.

Evidence gaps

  • Direct FTC, state AG, EU DPA, and other regulator sweeps were not exhaustively completed.

Hidden risks

  • Compliance-surface publication does not prove that controls are complete or that regulators have never raised issues.

Follow-up questions

  • Provide any regulator correspondence, privacy complaints, or incident/remediation summaries.
  • What independent security or compliance audits are current and customer-shareable?
Regulatory and compliance surface from public sources
surface or agencypublic signaldate or recencysourceverification status
AI Terms / Privacy Policy / Sub-Processor ListCurrent help page links all three artifacts as live public resourcescurrent help page capturePostman AI Resources help pageverified
Audit logsEnterprise feature with 180 days of retention and API accesscurrent docs captureAudit logs docsverified
Secret ScannerAll-plan scanning for public workspaces/docs; advanced dashboards and API for enterprise add-oncurrent docs captureSecret Scanner docsverified
BYOK encryptionEnterprise add-on feature using AWS KMS with explicitly limited scopecurrent docs captureBYOK docsverified
Public agency-action sweepNo agency action was verified from the accessible public-source set used in-session2026-06-18 reviewAccessible-source limitation rather than a formal clean search resultinconclusive

The final row is a stub artifact reflecting evidence thinness, not proof that no regulator has ever contacted the company.

Postman risk heatmap Heatmap of the principal diligence risks supported by public evidence.

Evidence

Evidence claims
IDClaimStatusSources
EC-001 CB Insights currently lists Postman as a unicorn at a $5.60B valuation, joined on 2020-06-11 with Nexus Venture Partners, CRV, and Insight Partners shown as select investors. verified high SRC-001
EC-002 Wikipedia’s current unicorn list still lists Postman at $5.6B with an August 2021 valuation date and India / United States footprint. verified medium SRC-002
EC-003 Wikipedia’s Postman company page describes Postman as privately held, identifies major investors, and says the company raised a $1 million seed round in May 2015 and a $225 million Series D at a $5.6 billion valuation in August 2021. partially verified medium SRC-003
EC-004 Postman officially announced a $150 million Series C round led by Insight Partners with CRV and Nexus Venture Partners participating on 2020-06-11. verified high SRC-005
EC-005 Postman officially announced a $225 million Series D round at a $5.6 billion valuation on 2021-08-18, led by Insight Partners with Coatue, Battery Ventures, BOND, CRV, and Nexus participating. verified high SRC-006
EC-006 In its Series D announcement, Postman said it had 17 million developers on the platform, 60 million app downloads, and enterprise customers including Salesforce, Stripe, Kroger, Cisco, and PayPal. partially verified medium SRC-006
EC-007 Abhinav Asthana wrote in April 2021 that Postman had passed 17 million developers and 50 million active Postman Collections, and that the early Chrome app had reached nearly half a million users before the company was formed. partially verified medium SRC-004
EC-008 Postman said in August 2021 that the Public API Network had 17 million users, 500,000 organizations, over 75,000 APIs, more than 35,000 collections, and over 20,000 workspaces. partially verified medium SRC-007
EC-009 Current official docs describe Postman’s core workflow as sending requests, grouping them in collections, securing data with Postman Vault, writing tests, using Spec Hub, collaborating in internal workspaces, and deploying Postman at team scale. verified high SRC-008
EC-010 Current official docs say Postman supports Spec Hub, OpenAPI, AsyncAPI, protobuf 2/3, GraphQL, Smithy 2.0, generated collections, and mock servers. verified high SRC-009
EC-011 Current collaboration docs describe workspaces, changelogs, Private API Network, public API Network, live sessions, and roles/permissions for sharing APIs internally and externally. verified high SRC-010
EC-012 Postman Flows is described as a visual, low-code editor that can build API-first apps, connect systems, and deploy flows to the Postman Cloud as API endpoints. verified high SRC-011
EC-013 Current official AI docs say Postman offers Agent Mode, AI model and MCP server testing, Flows AI, and an MCP Generator. verified high SRC-012
EC-014 Private API Network is an Enterprise-plan feature for discovering and curating an organization’s internal APIs by team. verified high SRC-013
EC-015 Current official admin docs state Postman Organizations and advanced roles/permissions are available on Enterprise plans, while team management supports distinct roles, product access, and internal workspaces. verified high SRC-014SRC-015
EC-016 Official billing docs say Postman changed plan offerings in March 2026 from legacy Free/Basic/Professional/Enterprise to Free/Solo/Team/Enterprise, with Team replacing Basic. verified high SRC-016
EC-017 Official docs say Free and Solo are single-player experiences and that the Free plan now allows only one member and no team collaboration. verified high SRC-017
EC-018 Official docs say plan limits govern monthly resources such as Postman API calls, monitor and scheduled-run requests, Cloud Agent requests, integrations, and storage. verified high SRC-019
EC-019 Postbot is free to try on all plans and capped at 50 monthly activities per user unless purchased as an add-on. verified high SRC-020
EC-020 Official integration docs say Postman supports plan-dependent third-party integrations; Slack and Microsoft Teams can subscribe to monitors, workspace changes, and notifications, and Slack also supports Agent Mode on Cloud workflows. verified high SRC-021
EC-021 Official GitHub integration docs say Postman can back up collections to GitHub repositories and sync APIs with GitHub. verified high SRC-022
EC-022 Official Native Git docs say Postman can author API artifacts locally in Git and sync them through a Local View → Git → automated CI sync → Cloud View pipeline. verified high SRC-024
EC-023 Official CLI docs say the Postman CLI can authenticate, test requests, run collections, start mock servers and monitors, deploy flows, check governance rules, and generate SDKs; official CI docs say the CLI replaces legacy CI integrations in Postman v12 and later. verified high SRC-023SRC-025
EC-024 The API Catalog is an Enterprise feature that aggregates runtime analytics from Postman CLI runs, CI/CD pipelines, and spec linting results into scorecards and governance groups. verified high SRC-026
EC-025 Service accounts are Enterprise features that provide non-human identities for automation, integrations, and system-to-system interactions. verified high SRC-027
EC-026 Audit logs are Enterprise features with 180 days of retention and API access for SIEM-style integration. verified high SRC-028
EC-027 Secret Scanner scans public workspaces and published documentation on all plans; Enterprise customers with the Advanced Security Administration add-on get dashboards, analytics, and API access. verified high SRC-029
EC-028 BYOK Encryption is available on Enterprise with the Advanced Security Administration add-on, uses AWS KMS, and covers only certain synced data classes rather than workspaces and collections. verified high SRC-030
EC-029 Postman’s AI help page publicly links Postman AI Terms, the Sub-Processor List, the privacy policy, and the Postman Agent page. verified high SRC-031
EC-030 The current status page shows Postman Browser/Desktop, Login, Monitors, Mocks, API, API Network, Newman, Integrations, Postbot, VS Code extension, API Builder, API Specifications, Collection Runner, CLI, and Agent Mode as operational with 100% uptime over the prior 90 days at capture. verified high SRC-032
EC-031 GitHub metadata describes Newman as a public command-line collection runner for Postman with 7,230 stars and updates through 2026-06-17. verified high SRC-033
EC-032 GitHub metadata and README describe postman-runtime as the low-level backbone for collection running, request sending, monitoring, and Newman, with public activity through 2026-06-11. verified high SRC-034SRC-037
EC-033 GitHub metadata and README describe postman-collection as a JavaScript module/SDK for working with Postman Collections and exporting artifacts consumed by Postman apps and CLI runtimes. verified high SRC-035SRC-038
EC-034 GitHub metadata and README describe postman-code-generators as a public repository that converts Postman requests to code snippets in many languages, with 1,045 stars. verified high SRC-036SRC-039
EC-035 Accessible public materials reviewed in-session disclosed funding milestones and usage scale, but did not disclose audited revenue, ARR, debt schedules, or customer concentration. not publicly verifiable medium SRC-005SRC-006SRC-016SRC-019
EC-036 Accessible public materials reviewed in-session disclosed founders and office locations, but did not disclose a current employee count, attrition rate, or executive compensation package. not publicly verifiable medium SRC-003SRC-004SRC-015SRC-017
EC-037 CourtListener docket extracts show WebSock Global Strategies LLC sued Postman, Inc. for patent infringement on 2024-09-04 and the case was terminated on 2025-03-17 after a stipulation of dismissal. verified high SRC-040
EC-038 An exact-match CourtListener query for “Postman, Inc. v.” returned 0 results at capture, so no company-initiated lawsuit was verified from that narrow public query. inconclusive medium SRC-041
EC-039 Justia trademark search results show three POSTMAN software marks owned by Postman Inc., each filed on 2018-03-13 with software-related goods descriptions. verified medium SRC-042
EC-040 Insomnia positions itself as an AI-native API collaboration platform with local, Git, and cloud workflows, native Kong Konnect integration, and a free/open-source tier. verified high SRC-043
EC-041 SwaggerHub positions itself around governed API design, centralized catalog, comments, style guides, multi-spec support, integrations, and instant mock APIs. verified high SRC-044
EC-042 Bruno positions itself as a Git-native, local-only, open-source API client and explicitly contrasts itself with “platform” tools. verified high SRC-045
EC-043 RapidAPI positions API Hub as a public and enterprise API marketplace for discovery, publishing, building, and testing APIs. verified high SRC-046
Sources
IDPublisherTitleAccessed
SRC-001 CB Insights CB Insights — The Complete List of Unicorn Companies 2026-06-18
SRC-002 Wikipedia Wikipedia — List of unicorn startup companies 2026-06-18
SRC-003 Wikipedia Wikipedia — Postman (software) 2026-06-18
SRC-004 Postman Postman Blog — How we built Postman—the product and the company 2026-06-18
SRC-005 Postman Postman Blog — Postman’s Series C Funding and the Future of APIs 2026-06-18
SRC-006 Postman Postman Blog — Postman’s Series D Funding and the API-First World 2026-06-18
SRC-007 Postman Postman Blog — Postman Public API Network Is Now the World’s Largest Public API Hub 2026-06-18
SRC-008 Postman Postman Docs — Get started in Postman 2026-06-18
SRC-009 Postman Postman Docs — Design and build your APIs in Postman 2026-06-18
SRC-010 Postman Postman Docs — Collaborate in Postman 2026-06-18
SRC-011 Postman Postman Docs — Postman Flows overview 2026-06-18
SRC-012 Postman Postman Docs — About Postman AI features 2026-06-18
SRC-013 Postman Postman Docs — Private API Network overview 2026-06-18
SRC-014 Postman Postman Docs — Define roles and permissions within Postman 2026-06-18
SRC-015 Postman Postman Docs — Organization and team management overview 2026-06-18
SRC-016 Postman Postman Docs — About plans 2026-06-18
SRC-017 Postman Postman Docs — Free and Solo experience 2026-06-18
SRC-018 Postman Postman Docs — Billing overview 2026-06-18
SRC-019 Postman Postman Docs — About resource usage 2026-06-18
SRC-020 Postman Postman Help — Is Postbot usage limited? 2026-06-18
SRC-021 Postman Postman Docs — Integrate Postman with third-party solutions 2026-06-18
SRC-022 Postman Postman Docs — Integrate GitHub with Postman 2026-06-18
SRC-023 Postman Postman Docs — Integrate CI tools in Postman 2026-06-18
SRC-024 Postman Postman Docs — About Native Git 2026-06-18
SRC-025 Postman Postman Docs — Explore Postman’s command-line companion 2026-06-18
SRC-026 Postman Postman Docs — About the API Catalog 2026-06-18
SRC-027 Postman Postman Docs — Manage service account identities for automation and integrations 2026-06-18
SRC-028 Postman Postman Docs — Audit logs 2026-06-18
SRC-029 Postman Postman Docs — Postman Secret Scanner 2026-06-18
SRC-030 Postman Postman Docs — BYOK Encryption 2026-06-18
SRC-031 Postman Postman Help — Postman AI Resources 2026-06-18
SRC-032 Postman Postman Status 2026-06-18
SRC-033 GitHub GitHub repository metadata — postmanlabs/newman 2026-06-18
SRC-034 GitHub GitHub repository metadata — postmanlabs/postman-runtime 2026-06-18
SRC-035 GitHub GitHub repository metadata — postmanlabs/postman-collection 2026-06-18
SRC-036 GitHub GitHub repository metadata — postmanlabs/postman-code-generators 2026-06-18
SRC-037 GitHub GitHub README — postmanlabs/postman-runtime 2026-06-18
SRC-038 GitHub GitHub README — postmanlabs/postman-collection 2026-06-18
SRC-039 GitHub GitHub README — postmanlabs/postman-code-generators 2026-06-18
SRC-040 CourtListener CourtListener — WebSock Global Strategies LLC v. Postman, Inc., 1:24-cv-01010 2026-06-18
SRC-041 CourtListener CourtListener search results — "Postman, Inc. v." 2026-06-18
SRC-042 Justia Justia Trademarks search results for "postman" 2026-06-18
SRC-043 Kong / Insomnia Insomnia homepage 2026-06-18
SRC-044 SmartBear SwaggerHub homepage 2026-06-18
SRC-045 Bruno Bruno homepage 2026-06-18
SRC-046 RapidAPI RapidAPI API Hub homepage 2026-06-18

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.