TeleRetro deeply respects our customer privacy, and as such our security and compliance practices are designed to meet or exceed industry standards. We have implemented physical, administrative, and technical safeguards to protect our customer data. We regularly review and update our security practices to ensure that we are providing the highest level of security for our customers.
Our physical infrastructure is hosted on secure data centers within Amazon Web Service (AWS). Amazon's data center compliance certifications include:
- ISO 27001 and ISO 27017
- SOC 1, SOC 2 and SOC 3
We continuously review the security of our application and regularly conduct:
- OWASP top 10 web application security risks reviews
- Penetration testing
- Vulnerability assessments
TeleRetro supports passwordless login which greatly reduces the risk of password management issues and credential theft attacks.
Single Sign-On (SSO) is available for our enterprise customers, via Okta, Azure or other providers, bringing additional security controls such as device & location restrictions and multi-factor authentication.
Encryption in transit
All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS).
Encryption at rest
All our user data is encrypted using the industry-standard AES-256 encryption algorithm.
TeleRetro uses zero-downtime deployments to allow for rapid deployment cycles while maintaining the best user experience with no down time.
We strive to a 99.9% service uptime, and provide transparency in our real-time and historical status monitoring page.
We have recovery procedures in place for restoring services in the event of unavoidable failures.
Logging and Monitoring
TeleRetro uses real-time monitoring systems to analyze and identify trends that may have an impact on our application uptime. Alerts are sent out instantly in the event of a failure or reaching critical risk thresholds.
We detect attacks in real time and stop malicious attempts to access your account by blocking traffic from certain IPs using Suspicious IP Throttling and Brute-force Protection.
We use PCI compliant payment processor Stripe for encrypting and processing payments. TeleRetro does not collect or store any payment information.
TeleRetro is compliant with the General Data Protection Regulation (GDPR) and we are committed to providing a high standard of privacy protection to all our customers.
If you have any additional questions, please reach out anytime to email@example.com.
Experience a better retro
Create a retro in seconds & see for yourself.