Security at Retently

At Retently, the security and protection of your data are at the forefront of our priorities. We understand the responsibility of safeguarding your information and are committed to employing robust measures to ensure the highest security standards.

System Architecture

Retently’s infrastructure is engineered for both security and reliability. Our platform employs a multi-tier architecture, fortified with firewalls at every level to control access and mitigate potential threats. Each service within the architecture is designed to communicate only with the specific services it needs to interact with, enhancing our security posture. Access keys are carefully managed, regularly rotated, and stored securely, separate from our codebase.

Availability and Disaster Recovery

We’ve built Retently with resilience in mind. All critical services are fully redundant, with real-time replication and failover capabilities. This setup allows us to maintain uptime and protect your data against any unexpected disruptions.

Data Centers

Retently leverages Hetzner’s data centers, benefiting from Hetzner’s stringent security measures. This data center is monitored around the clock and has multiple certifications, including ISO 27001 compliance. We utilize the full suite of Hetzner security tools to control access and enhance privacy across our network.

Data Storage

Data within Retently is strictly controlled, with access limited to only the required services. Sensitive data is isolated within secure environments, and production data is separated from testing environments to prevent unauthorized access or data leaks.

Backups

We conduct regular, secure backups of your data to ensure that it can be recovered in the event of accidental deletion or other issues. These backups are encrypted and retained for up to 6 months for existing customers and up to 30 days for canceled customers, then securely deleted. 

Logging and Monitoring

Retently aggregates and secures logs within an encrypted environment, ensuring that sensitive information such as passwords and API keys are filtered out. Our logs are retained for 90 days before being purged and are continuously monitored for any suspicious activities or anomalies.

Password Management

Retently follows industry best practices for password management. Passwords are never stored in plaintext; instead, they are hashed using secure, irreversible cryptographic functions. We implement session invalidation when key user information changes and sessions expire automatically after periods of inactivity to minimize risk.

HTTPS and Data Encryption

All data transmitted to and from Retently is encrypted using HTTPS, ensuring that your information is protected in transit. Our servers enforce HTTPS for all connections, including access to our API and web application, utilizing robust encryption protocols to prevent unauthorized access.

Encryption at Rest

We apply industry-standard encryption algorithms to secure data at rest, including all primary databases, backups, and archived logs. This ensures that even if data were accessed improperly, it would remain secure and unreadable.

Regular Security Audits

We follow the OWASP (Open Web Application Security Project) best practices to protect our solution against common security threats. This includes implementing secure coding practices, managing application security risks, and staying informed about the latest security trends. Retently undergoes yearly security audits and assessments to identify and address potential vulnerabilities. We work with third-party security experts to conduct penetration testing and code reviews, ensuring that our security practices are up-to-date and effective. We offer our latest penetration testing report on demand.

Continuous Monitoring and Vulnerability Management

We use advanced security tools to continuously scan our applications for vulnerabilities. This includes monitoring third-party libraries and tools for any reported issues. When a vulnerability is identified, we promptly patch or update the affected software to mitigate any potential risks.

Strict Access Controls and Secure Data Handling

Access to production data is strictly restricted to authorized personnel only. We enforce multi-factor authentication (2FA), VPN access, and IP whitelisting to protect our systems from unauthorized access. 

Dependency Management and Endpoint Security

We continuously monitor and update our dependencies to ensure none contain known vulnerabilities. Regular automated penetration tests are performed against all our endpoints to identify and mitigate any security weaknesses. For those interested, our latest penetration test report is available upon request.

Security Policies

Retently maintains a comprehensive set of internal security policies that govern everything from data access to incident response. These policies are regularly reviewed and updated to align with emerging threats and regulatory requirements, and communicated to the rest of the team

Incident Response

We have a well-defined protocol for responding to security incidents. In the unlikely event of a security incident, our team is trained to act swiftly to mitigate risks, investigate incidents, and implement corrective actions as needed.

Security Training

All Retently employees undergo rigorous security training upon joining the company and receive ongoing education to stay informed about the latest security practices and threats.

Employee Background Checks

In accordance with local regulations, Retently conducts background checks on all new employees. This process includes verification of employment history and, where permitted, criminal background checks to ensure that only trustworthy individuals have access to sensitive information.

Privacy Commitment

Retently is dedicated to protecting your privacy. You can access our Privacy Policy here. We solely use your data to deliver our services and improve our platform. We never sell or trade your information to third parties. Our practices comply with the General Data Protection Regulation (GDPR) and other relevant data protection laws, ensuring that your rights are respected. You can learn more about how we use collected data in our Data Processing Agreement (DPA).

User Responsibility

While we take every measure to protect your data, security is a shared responsibility. To enhance your data security, we encourage you to follow best practices, such as using strong passwords and avoiding sharing credentials.

End of Service Data Handling

When you decide to leave Retently, we reserve the right to keep the data for up to 90 days so that if you return, you can resume your account activity. After the 90-day period expires and you do not reactivate the account, we ensure that your data is securely deleted from our systems.