At Reetro, nothing is more important to us than the privacy of our customer’s data. Trust is a core principle of Reetro. It’s this commitment to customer privacy and inspiring trust that directs the decisions we make on a daily basis. Trust is the responsibility of each and every employee and supplier and we take it seriously.
We put security, privacy, and data protection at the core of our product. We are GDPR-compliant and constantly strive to go above the minimum regulatory standards.
You can read more at Reetro GDPR
At Reetro, we follow the security guidelines set by Soc-2 compliance. SOC-2 defines the criteria for managing customer data based on security, availability, processing integrity, confidentiality, and privacy.
We are not officially certified, but we implement the security guidelines set by SOC-2
Reetro uses end-to-end encryption, which means all of your retrospective data, usernames and passwords are encrypted in a database.
When you visit the Reetro website or use Reetro the app, the transmission of information between your device and our servers is protected using 256-bit TLS encryption.
Reetro application servers are hosted on Heroku and are located in Frankfurt, Germany.
Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402
- PCI Level 1
- FISMA Moderate
Each company's data on the Reetro platform is saved within its own block, and cannot be accessed or mixed with another customers data or areas of the system.
All the rest API calls are protected by user specific JWT (JASON web token). No unauthorized user can access another users data.
At any time, you may export data from Reetro to CSV or Text files or can contact us to securly destroy it.
We undergo penetration tests, vulnerability assessments, and source code reviews regularly to assess the security of our application, architecture, and implementation.
Issues found in the Reetro application are risk-ranked, prioritized and assigned to the person responsible for remediation.
Reetro staff does not access or interact with customer data as part of normal operations. There may be cases where Reetro is requested to interact with customer data at the request of the customer for support purposes.
Customer data is access-controlled and all access by Reetro staff is accompanied by customer approval.
We use Agile development methodology and apply coding standards along with the latest best practices in security to develop Reetro.
Our software goes through following stages:
- Creation of backlog, planning & grooming
- Sprint execution
- Testing and bug management
- Security Audit
- Release & DevOps
- Reflection (Ofcourse by using Reetro)
Reetro databases are automatically backed up as part of the deployment process on secure storage systems. We only keep the latest backup and remove any old backup files regularly.
According to the guidelines set by GDPR, we have setup internal processes to handle any incidents that may occur.
All the communication with customers regarding incidents is done through email and our system status page at: Incident Status