At Reetro nothing is more important to us than the privacy of our customer’s data. Trust is a core principle of Reetro. It’s this commitment to customer privacy and inspiring trust that directs the decisions we make on a daily basis. Trust is the responsibility of each and every employee and supplier and we take it seriously.
We put security, privacy, and data protection at the core of our product. We are GDPR compliant and constantly strive to go above the minimum regulatory standards.
You can read more at Reetro GDPR
We at Reetro follow the security guidelines set by Soc-2 compliance. SOC 2 defines criteria for managing customer data based on security, availability, processing integrity, confidentiality and privacy.
We are not officially certified, But we implement the security guidelines set by SOC 2
Reetro uses End-to-End encryption, which means all of your retrospective data, usernames and passwords are encrypted in the database.
When you visit the Reetro website or use Reetro app, the transmission of information between your device and our servers is protected using 256-bit TLS encryption.
Reetro application servers are hosted on Heroku and are located in Frankfurt, Germany. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402
- PCI Level 1
- FISMA Moderate
Each company data on the Reetro platform is saved within its own block and cannot be accessed/ mixed with other customers data or areas of the system.
All the rest API calls are protected by user specific JWT (JASON web token). No unauthorized user can access other users data.
At any time, you may export data from Reetro to CSV/ Text files or can contact us to destroy it.
We undergo penetration tests, vulnerability assessments, and source code reviews to assess the security of our application, architecture, and implementation.
Issues found in Reetro application are risk ranked, prioritized and assigned to the person responsible for remediation.
Reetro staff does not access or interact with customer data as part of normal operations. There may be cases where Reetro is requested to interact with customer data at the request of the customer for support purposes.
Customer data is access controlled and all access by Reetro staff is accompanied by customer approval.
We use Agile development methodology and apply coding standards and latest security best practices to develop Reetro.
Our software goes through following stages.
- Creation of backlog, planning & grooming
- Sprint execution
- Testing and bug management
- Security Audit
- Release & DevOps
- Reflection (Off course by using Reetro)
Reetro Databases are automatically backed up as part of the deployment process on secure storage. We only keep the latest backup and remove any old backup files.
According to guidelines set by GDPR, we have setup internal processes to handle incidents
All the communication with customers regarding incidents is done through email and our system status page at: Incident Status