MILITARY-GRADE SECURITY

GDPR Compliance

We put security, privacy, and data protection at the core of our product. We are GDPR-compliant and constantly strive to go above the minimum regulatory standards.

You can read more at Reetro GDPR

ISO-27001 Compliance

At Reetro, we are officially ISO-27001 certified and implement the security guidelines set by ISO-27001 committee. ISO-27001 defines the criteria for managing customer data based on security, availability, processing integrity, confidentiality, and privacy.

End-to-End Encryption

Reetro uses end-to-end encryption, which means all of your retrospective data, usernames and passwords are encrypted in a database.

Secure Browsing via HTTPS

When you visit the Reetro website or use Reetro the app, the transmission of information between your device and our servers is protected using 256-bit TLS encryption.

Network Security

Reetro application servers are hosted on Heroku and are located in Frankfurt, Germany.

Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

- ISO 27001

- SOC 1 and SOC 2/SSAE 16/ISAE 3402

- PCI Level 1

- FISMA Moderate

Data Segregation & Security

Each company's data on the Reetro platform is saved within its own block, and cannot be accessed or mixed with another customers data or areas of the system.

All the rest API calls are protected by user specific JWT (JASON web token). No unauthorized user can access another users data.

Data Privacy

Your data is yours. Reetro does not sell or rent any customer data or information to anyone. It is our guarantee that we will never share or sell your data or information. For more information, please review our Privacy Policy and Terms and Conditions pages.

At any time, you may export data from Reetro to CSV or Text files or can contact us to securly destroy it.

Reetro Application Security

We undergo penetration tests, vulnerability assessments, and source code reviews regularly to assess the security of our application, architecture, and implementation.

Issues found in the Reetro application are risk-ranked, prioritized and assigned to the person responsible for remediation.

Access Control

Reetro staff does not access or interact with customer data as part of normal operations. There may be cases where Reetro is requested to interact with customer data at the request of the customer for support purposes.

Customer data is access-controlled and all access by Reetro staff is accompanied by customer approval.

Secure Development Practices

We use Agile development methodology and apply coding standards along with the latest best practices in security to develop Reetro.

Our software goes through following stages:

- Creation of backlog, planning & grooming

- Sprint execution

- Testing and bug management

- Security Audit

- Release & DevOps

- Reflection (Ofcourse by using Reetro)

Backups

Reetro databases are automatically backed up as part of the deployment process on secure storage systems. We only keep the latest backup and remove any old backup files regularly.

Incident Management

According to the guidelines set by GDPR, we have setup internal processes to handle any incidents that may occur.

All the communication with customers regarding incidents is done through email and our system status page at: Incident Status