Security & Compliance

Keeping our customer data safe is our top priority

TeleRetro deeply respects our customer privacy, and as such our security and compliance practices are designed to meet or exceed industry standards. We have implemented physical, administrative, and technical safeguards to protect our customer data. We regularly review and update our security practices to ensure that we are providing the highest level of security for our customers.


Our physical infrastructure is hosted on secure data centers within Amazon Web Service (AWS). Amazon's data center compliance certifications include:

  • ISO 27001 and ISO 27017
  • SOC 1, SOC 2 and SOC 3

Application Security

We continuously review the security of our application and regularly conduct:

  • OWASP top 10 web application security risks reviews
  • Penetration testing
  • Vulnerability assessments


Passwordless login

TeleRetro supports passwordless login which greatly reduces the risk of password management issues and credential theft attacks.

Single Sign-On

Single Sign-On (SSO) is available for our enterprise customers, via Okta, Azure or other providers, bringing additional security controls such as device & location restrictions and multi-factor authentication.

Data Protection

Encryption in transit

All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS).

Encryption at rest

All our user data is encrypted using the industry-standard AES-256 encryption algorithm.

High availability

Zero-Downtime Deployments

TeleRetro uses zero-downtime deployments to allow for rapid deployment cycles while maintaining the best user experience with no down time.

High Uptime

We strive to a 99.9% service uptime, and provide transparency in our real-time and historical status monitoring page.

Recovery procedures

We have recovery procedures in place for restoring services in the event of unavoidable failures.

Logging and Monitoring

Real-time monitoring

TeleRetro uses real-time monitoring systems to analyze and identify trends that may have an impact on our application uptime. Alerts are sent out instantly in the event of a failure or reaching critical risk thresholds.

Login protection

We detect attacks in real time and stop malicious attempts to access your account by blocking traffic from certain IPs using Suspicious IP Throttling and Brute-force Protection.

Secure payments

We use PCI compliant payment processor Stripe for encrypting and processing payments. TeleRetro does not collect or store any payment information.

Data Privacy

TeleRetro is compliant with the General Data Protection Regulation (GDPR) and we are committed to providing a high standard of privacy protection to all our customers.

If you have any additional questions, please reach out anytime to

Experience a better retro

Create a retro in seconds & see for yourself.