Login
Sign up

Metro Retro Security Overview

Thousands of teams trust Metro Retro to keep their data safe and confidential. 

We take security very seriously, with appropriate measures to keep your data secure within a fast and reliable system.  The headlines are:

  • All our data is hosted within the EU.
  • We use encryption in transit and at rest.
  • Access to our infrastructure is protected from intrusion via public/private keys and/or 2FA.

For more detail on this, please read on.  If you have any questions about the content of this page, or other matters, please email us at contact@metroretro.io.

Data Center Security

Metro Retro is deployed to Digital Ocean in Amsterdam (AMS3).  This data center is certified compliant with:

  • SOC1
  • SOC2
  • ISO27001
  • PCI-DSS

Documentation regarding these certifications is available here:
โ€https://www.digitalocean.com/trust/certification-reports/

Application Security

To protect customer data, Metro Retro utilizes end-to-end encryption:

  • Connections to Metro Retro servers are secured using TLS 1.2 (HTTPS/WSS).
  • Our databases have encryption at rest configured using AES-256.
  • Data backups are also disk encrypted with AES-256.
  • Backups are stored for a maximum of 7 days.
  • User passwords are stored using standard hashing/salting techniques.

Operations Security

To protect our system from unauthorized access we implement the following measures:

  • All service provider system accounts are protected with Multi-Factor Authentication (MFA).
  • Access to our network is available only via authenticated VPN connection.
  • Access to our VPN is roles based, MFA protected and monitored/audited.
  • We implement least privilege access principles within our network topology, ensuring servers only have access to resources they need on ports that are applicable.
  • We hide our server topology information by routing all user traffic through a reverse proxy gateway.

Authentication

Metro Retro requires users to be authenticated by standard email/password combination, or one of the following OAuth login providers: Google, Github, Slack or Linkedin.

Users are required to verify their email before using Metro Retro.

SAML-based Single Sign On (SSO) is available to customers on a paid plan. Customers on a paid plan can also set domain-level access to team spaces and boards, and have centralized control over user access.

Email us at contact@metroretro.io if you would like to know more about the subscription plans.

Data Ownership

Metro Retro account data (e.g. name, email, etc) belongs to the user that created the account.  Account owners have the right to modify or delete their account data at any time and can do so via their account page, accessible from the user dashboard.

Metro Retro board data belongs to the creator of the board, even data contributed by other users. If a board is created inside an active subscription, the paying organization retain all rights to the content. Board owners control access to their boards by sharing the board link and optionally setting a password (via the share menu in the board UI).  Board owners have the right to modify or delete their boards at any time.

For more on this see our Privacy Policy and Terms Of Use.

Data Privacy

Metro Retro uses Google Analytics on our marketing website, but not when users are logged into the application.  We use Intercom to provide in-app support, which also performs user session tracking and a CRM interface.  This can be disabled on request.

Metro Retro employees have the ability to access customer account/board data, but only do so when providing support to users.

All customer data collected is stored and managed in accordance with GDPR.  For more information on this please review our Privacy Policy.

Monitoring / Logging

We monitor the Metro Retro system around the clock using infrastructure monitoring software and uptime monitoring services.  We will be automatically notified of an outage within 5 minutes.

We have a public status page here:
https://status.metroretro.io/

Bug Bounty

We do not offer a Bug Bounty scheme, but appreciate being informed of any bugs you may have found.  Please report any bugs or security concerns to contact@metroretro.io.

Product

Use Cases

Resources

Compare

Company

ยฉ 2024 Deqo Software Limited. All Rights Reserved.