Security

GDPR Compliance

We put security, privacy, and data protection at the core of our product. We are GDPR compliant and constantly strive to go above the minimum regulatory standards.

SOC 2 Compliance

SOC 2 Type II (pending audit), ISO/IEC 27001 (pending audit)

Penetration Testing

GoRetro undergoes black box penetration testing, conducted by an independent, third-party agency, twice a year. Information about any security vulnerabilities successfully exploited through penetration testing is used to set mitigation and remediation priorities. GoRetro will provide a summary of penetration test findings upon request.

End to End Encryption

GoRetro provides data encryption in transfer via 256 bit Secure Socket Layer (SSL) technology. We use Google Cloud Platform to store all our data and it has default encryption at rest using either AES256 or AES128 technology. You can read more about Google Cloud encryption here: https://cloud.google.com/
security/encryption-at-rest/.

Data Privacy

GoRetro does not sell or rent any customer data or information. For more information, please review our Privacy Policy and Terms and Conditions pages GoRetro respects your right to be forgotten and supports full data deletion upon request.

Password Encryption

Our passwords are stored securely by using bcrypt technology provided by Google Cloud. We also enforce strong passwords.

Email verification

Users are required to verify the ownership of the account email via a link provided in an automated email prior to creating data in GoRetro.

Data Center

GoRetro is hosted on Firebase, which is part of Google Cloud Platform. Our data is hosted in US Central. You can read more about GCP security here: https://cloud.google.com/security/.

Backups

GoRetro does regular backups once per day. All backups are encrypted by default. Backups are deleted after 30 days of being created.

Attack Prevention & Mitigation

We use Firebase for authentication services and it has a monitor feature to block attacking IPs. Google Cloud Platform’s intrusion detection involves tightly controlling the size and make-up of Google’s attack surface through preventative measures, employing intelligent detection controls at data entry points, and employing technologies that automatically remedy certain dangerous situations.

Run team retrospectives easily, quickly, and absolutely FREE

Contact Us

Thank you! Your message has been sent!
Oops! Something went wrong while submitting the form.
Close