TeleRetro deeply respects our customer privacy, and as such our security and compliance practices are designed to meet or exceed industry standards. We have implemented physical, administrative, and technical safeguards to protect our customer data. We regularly review and update our security practices to ensure that we are providing the highest level of security for our customers.
Infrastructure
Our physical infrastructure is hosted on secure data centers within Amazon Web Service (AWS). Amazon's data center compliance certifications include:
- ISO 27001 and ISO 27017
- SOC 1, SOC 2 and SOC 3
Application Security
We continuously review the security of our application and regularly conduct:
- OWASP top 10 web application security risks reviews
- Penetration testing
- Vulnerability assessments
Authentication
Passwordless login
TeleRetro supports passwordless login which greatly reduces the risk of password management issues and credential theft attacks.
Single Sign-On
Single Sign-On (SSO) is available for our enterprise customers, via Okta, Azure or other providers, bringing additional security controls such as device & location restrictions and multi-factor authentication.
Data Protection
Encryption in transit
All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS).
Encryption at rest
All our user data is encrypted using the industry-standard AES-256 encryption algorithm.
High availability
Zero-Downtime Deployments
TeleRetro uses zero-downtime deployments to allow for rapid deployment cycles while maintaining the best user experience with no down time.
High Uptime
We strive to a 99.9% service uptime, and provide transparency in our real-time and historical status monitoring page.
Recovery procedures
We have recovery procedures in place for restoring services in the event of unavoidable failures.
Logging and Monitoring
Real-time monitoring
TeleRetro uses real-time monitoring systems to analyze and identify trends that may have an impact on our application uptime. Alerts are sent out instantly in the event of a failure or reaching critical risk thresholds.
Login protection
We detect attacks in real time and stop malicious attempts to access your account by blocking traffic from certain IPs using Suspicious IP Throttling and Brute-force Protection.
Secure payments
We use PCI compliant payment processor Stripe for encrypting and processing payments. TeleRetro does not collect or store any payment information.
Data Privacy
TeleRetro is compliant with the General Data Protection Regulation (GDPR) and we are committed to providing a high standard of privacy protection to all our customers.
If you have any additional questions, please reach out anytime to support@teleretro.com.
Experience a better retro
Create a retro in seconds & see for yourself.