We understand that the privacy and security of your data is vital, so we are committed to providing a highly secure and reliable environment you can trust.

secure retrospective tool


At Reetro, nothing is more important to us than the privacy of our customer’s data. Trust is a core principle of Reetro. It’s this commitment to customer privacy and inspiring trust that directs the decisions we make on a daily basis. Trust is the responsibility of each and every employee and supplier and we take it seriously.

reetro GDPR compliance

GDPR Compliance

We put security, privacy, and data protection at the core of our product. We are GDPR-compliant and constantly strive to go above the minimum regulatory standards.


You can read more at Reetro GDPR


SOC-2 Compliance

At Reetro, we follow the security guidelines set by Soc-2 compliance. SOC-2 defines the criteria for managing customer data based on security, availability, processing integrity, confidentiality, and privacy.


We are not officially certified, but we implement the security guidelines set by SOC-2

reetro COS-2 compliance
Reetro encryption

End-to-End Encryption

Reetro uses end-to-end encryption, which means all of your retrospective data, usernames and passwords are encrypted in a database.


Secure Browsing via HTTPS

When you visit the Reetro website or use Reetro the app, the transmission of information between your device and our servers is protected using 256-bit TLS encryption.

reetro secure browsing https
network security

Network Security

Reetro application servers are hosted on Heroku and are located in Frankfurt, Germany.


Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology.


Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

- ISO 27001

- SOC 1 and SOC 2/SSAE 16/ISAE 3402

- PCI Level 1

- FISMA Moderate


Data Segregation & Security

Each company's data on the Reetro platform is saved within its own block, and cannot be accessed or mixed with another customers data or areas of the system.


All the rest API calls are protected by user specific JWT (JASON web token). No unauthorized user can access another users data.

reetro user data segregation
Data privacy

Data Privacy

Your data is yours. Reetro does not sell or rent any customer data or information to anyone. It is our guarantee that we will never share or sell your data or information. For more information, please review our Privacy Policy and Terms and Conditions pages.


At any time, you may export data from Reetro to CSV or Text files or can contact us to securly destroy it.


Reetro Application Security

We undergo penetration tests, vulnerability assessments, and source code reviews regularly to assess the security of our application, architecture, and implementation.


Issues found in the Reetro application are risk-ranked, prioritized and assigned to the person responsible for remediation.

reetro application security
Access control

Access Control

Reetro staff does not access or interact with customer data as part of normal operations. There may be cases where Reetro is requested to interact with customer data at the request of the customer for support purposes.


Customer data is access-controlled and all access by Reetro staff is accompanied by customer approval.


Secure Development Practices

We use Agile development methodology and apply coding standards along with the latest best practices in security to develop Reetro.

Our software goes through following stages:

- Creation of backlog, planning & grooming

- Sprint execution

- Testing and bug management

- Security Audit

- Release & DevOps

- Reflection (Ofcourse by using Reetro)

Secure development
retrospective backups


Reetro databases are automatically backed up as part of the deployment process on secure storage systems. We only keep the latest backup and remove any old backup files regularly.


Incident Management

According to the guidelines set by GDPR, we have setup internal processes to handle any incidents that may occur.


All the communication with customers regarding incidents is done through email and our system status page at: Incident Status

reetro incident management


  SIGN UP - It's Free Forever
© 2021 Reetro