Military Grade Security

We understand that the privacy and security of your data is vital, so we are committed to providing a highly secure and reliable environment you can trust.


Reetro’s Commitment to Trust & Security

At Reetro nothing is more important to us than the privacy of our customer’s data. Trust is a core principle of Reetro. It’s this commitment to customer privacy and inspiring trust that directs the decisions we make on a daily basis. Trust is the responsibility of each and every employee and supplier and we take it seriously.

reetro gdpr compliance

GDPR Compliance

We put security, privacy, and data protection at the core of our product. We are GDPR compliant and constantly strive to go above the minimum regulatory standards.

You can read more at Reetro GDPR


SOC 2 Compliance

We at Reetro follow the security guidelines set by Soc-2 compliance. SOC 2 defines criteria for managing customer data based on security, availability, processing integrity, confidentiality and privacy.

We are not officially certified, But we implement the security guidelines set by SOC 2

reetro soc2 compliance
reetro access control

End-To-End Encryption

Reetro uses End-to-End encryption, which means all of your retrospective data, usernames and passwords are encrypted in the database.


Secure Browsing Via HTTPS

When you visit the Reetro website or use Reetro app, the transmission of information between your device and our servers is protected using 256-bit TLS encryption.

reetro secure browsing
network security

Network Security

Reetro application servers are hosted on Heroku and are located in Frankfurt, Germany. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

- ISO 27001

- SOC 1 and SOC 2/SSAE 16/ISAE 3402

- PCI Level 1

- FISMA Moderate


Data Segregation & Security

Each company data on the Reetro platform is saved within its own block and cannot be accessed/ mixed with other customers data or areas of the system.

All the rest API calls are protected by user specific JWT (JASON web token). No unauthorized user can access other users data.

reetro user data segrgation
Data privacy

Data Privacy

Your data is yours. Reetro does not sell or rent any customer data or information to anyone. It is our guarantee that we will never share or sell your data/information. For more information, please review our Privacy Policy and Terms and Conditions pages

At any time, you may export data from Reetro to CSV/ Text files or can contact us to destroy it.


Reetro Application Security

We undergo penetration tests, vulnerability assessments, and source code reviews to assess the security of our application, architecture, and implementation.

Issues found in Reetro application are risk ranked, prioritized and assigned to the person responsible for remediation.

reetro application security
Reetro encryption

Access Control

Reetro staff does not access or interact with customer data as part of normal operations. There may be cases where Reetro is requested to interact with customer data at the request of the customer for support purposes.

Customer data is access controlled and all access by Reetro staff is accompanied by customer approval.


Secure Development Practices

We use Agile development methodology and apply coding standards and latest security best practices to develop Reetro.

Our software goes through following stages.

- Creation of backlog, planning & grooming

- Sprint execution

- Testing and bug management

- Security Audit

- Release & DevOps

- Reflection (Off course by using Reetro)

development best practices
retrospective backups


Reetro Databases are automatically backed up as part of the deployment process on secure storage. We only keep the latest backup and remove any old backup files.


Incident Management

According to guidelines set by GDPR, we have setup internal processes to handle incidents

All the communication with customers regarding incidents is done through email and our system status page at: Incident Status

reetro incident handling


Use Reetro Today And Take Your Retrospectives from Good To Great

© 2020 Reetro