This is their reply when I contacted them earlier asking if they collect HTTP request payload:
Thank you for writing in. Sure - If you do not create an account or use Postman without signing in then we will not collect any of the data. We will only store the actual requests that are sent when the user signs into the application. That said - the data is encrypted in rest and in transit using industry best standard encryption algorithms. Hope this clarifies!
Under "Information you provide to us":
Content you provide through our products: The Services include the Postman products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include: we collect feedback you provide directly to us through the product and we collect clickstream data about how you interact with and use features in the Services.
Like I said in my other post, I don't use postman. Your HN post reads like they are doing this without your permission and secretly: akin to say, finding out that facebook records your microphone to sell you ads or whatever. This is what I am reacting to, that they are doing it without your permission.
So what actually is going on then, is that postman has a feature that you don't have to use, that you know about, that you know requires it stores request / response data, and it is doing just that.
I'm not saying that they are hiding, but I believe most people saw this page and felt Postman does not collect request data under any circumstances. It felt like a sudden twist of story after I've contacted them and realized they have the sync feature. If I did not contact them then I would not have know they do collect request data when user is signed in.
Thank you for writing in. Sure - If you do not create an account or use Postman without signing in then we will not collect any of the data. We will only store the actual requests that are sent when the user signs into the application. That said - the data is encrypted in rest and in transit using industry best standard encryption algorithms. Hope this clarifies!
https://www.postman.com/licenses/privacy/
Under "Information you provide to us": Content you provide through our products: The Services include the Postman products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include: we collect feedback you provide directly to us through the product and we collect clickstream data about how you interact with and use features in the Services.