[SCdF]

OK top level post to highlight something lower level. sbtmuller (OP) points out this feature:

https://learning.postman.com/docs/postman/launching-postman/...

So then, if you create a postman account so that you can sync data between different computers you use, it will do exactly that, including request and response history.

If you don't create a postman account it doesn't do that.

They are NOT collecting your payloads unless you ask them to, and they are NOT doing it secretly as might be implied by the phrasing OP used with "they admitted".

It's also worth mentioning it sounds like Insomnia has the exact same feature: https://support.insomnia.rest/category/31-cloud-account

[sbtmuller]

My apologies and I should have used a different word and my point is just to remind people that data is synced when signed in.

I had a feeling of a twist just because initially I found https://support.getpostman.com/hc/en-us/articles/203815791-W... which gave me impression that they do not collect payload under any circumstances.

I would hope that they add a clarification in that page because if I did not contact them then I would not have know about the sync feature and also would not have thought anything about GDPR issue. This is just a reminder note, not saying that Postman is hiding about it.

[SCdF]

Yah, understandable.

It sounds like they have moved some stuff around recently too, because you can no longer disable sync: https://support.getpostman.com/hc/en-us/articles/203492852-H...

So I guess the story here is: if you use postman for anything sensitive don't use an account as well, as the sync feature can no longer be disabled.

It's also worth pointing out that AFAICT Insomnia's equivalent feature may be more secure though I haven't dug into it: it sounds like all that data is encrypted by the client and not recoverable by the Insomnia team if you lose your password.