Thousands of teams trust Metro Retro to keep their data safe and confidential.
We take security very seriously, with appropriate measures to keep your data secure within a fast and reliable system. The headlines are:
For more detail on this, please read on. If you have any questions about the content of this page, or other matters, please email us at contact@metroretro.io.
Metro Retro is deployed to Digital Ocean in Amsterdam (AMS3). This data center is certified compliant with:
Documentation regarding these certifications is available here:
https://www.digitalocean.com/trust/certification-reports/
To protect customer data, Metro Retro utilizes end-to-end encryption:
To protect our system from unauthorized access we implement the following measures:
Metro Retro requires users to be authenticated by standard email/password combination, or one of the following OAuth login providers: Google, Github, Slack or Linkedin.
Users are required to verify their email before using Metro Retro.
SAML-based Single Sign On (SSO) is available to customers on a paid plan. Customers on a paid plan can also set domain-level access to team spaces and boards, and have centralized control over user access.
Email us at contact@metroretro.io if you would like to know more about the subscription plans.
Metro Retro account data (e.g. name, email, etc) belongs to the user that created the account. Account owners have the right to modify or delete their account data at any time and can do so via their account page, accessible from the user dashboard.
Metro Retro board data belongs to the creator of the board, even data contributed by other users. If a board is created inside an active subscription, the paying organization retain all rights to the content. Board owners control access to their boards by sharing the board link and optionally setting a password (via the share menu in the board UI). Board owners have the right to modify or delete their boards at any time.
For more on this see our Privacy Policy and Terms Of Use.
Metro Retro uses Google Analytics on our marketing website, but not when users are logged into the application. We use Intercom to provide in-app support, which also performs user session tracking and a CRM interface. This can be disabled on request.
Metro Retro employees have the ability to access customer account/board data, but only do so when providing support to users.
All customer data collected is stored and managed in accordance with GDPR. For more information on this please review our Privacy Policy.
We monitor the Metro Retro system around the clock using infrastructure monitoring software and uptime monitoring services. We will be automatically notified of an outage within 5 minutes.
We have a public status page here:
https://status.metroretro.io/
We do not offer a Bug Bounty scheme, but appreciate being informed of any bugs you may have found. Please report any bugs or security concerns to contact@metroretro.io.