Thousands of teams trust Metro Retro to keep their data safe and confidential.
We take security very seriously, with appropriate measures to keep your data secure within a fast and reliable system. The headlines are:
For more detail on this, please read on. If you have any questions about the content of this page, or other matters, please email us at email@example.com.
Metro Retro is deployed to Digital Ocean in Amsterdam (AMS3). This data center is certified compliant with:
Documentation regarding these certifications is available here:
To protect customer data, Metro Retro utilizes end-to-end encryption:
To protect our system from authorized access we implement the following measures:
Metro Retro requires users to be authenticated by standard email/password combination, or one of the following OAuth login providers: Google, Github or Slack.
Users are required to verify their email before using Metro Retro.
Metro Retro account data (e.g. name, email, etc) belongs to the user that created the account. Account owners have the right to modify or delete their account data at any time and can do so via their account page, accessible from the user dashboard.
Metro Retro board data belongs to the creator of the board, even data contributed by other users. Board owners control access to their boards by sharing the board link and optionally setting a password (via the share menu in the board UI). Board owners have the right to modify or delete their boards at any time.
Metro Retro uses Google Analytics on our marketing website, but not when users are logged into the application. We use Intercom to provide in-app support, which also performs user session tracking and a CRM interface. This can be disabled on request.
Metro Retro employees have the ability to access customer account/board data, but only do so when providing support to users.
We monitor the Metro Retro system around the clock using infrastructure monitoring software and uptime monitoring services. We will be automatically notified of an outage within 5 minutes.
We have a public status page here:
We do not offer a Bug Bounty scheme, but appreciate being informed of any bugs you may have found. Please report any bugs or security concerns to firstname.lastname@example.org.