We take our security practices very seriously and keeping your data safe and secure is a top priority. We utilize some of the most advanced technology for Internet security available today. Here's what that means in detail:
Retrium is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in. For additional details regarding AWS security, please refer to https://aws.amazon.com/security/. We don't publicize exactly what features, services and data center regions/zones are used at Retrium for security reasons. However, our team does take additional pro-active measures to maintain a secure infrastructure on AWS.
When you access our site, your connection is secured via 256 bit Secure Socket Layer (SSL) technology. These communications cannot be viewed by a third party and they are the same level of encryption used by banks and financial institutions. Qualsys' SSL Labs scored Retrium's SSL implementation as "A" on their SSL Server test.
Retrium monitors its servers on a 24/7 basis using a combination of real-time network monitoring, network threat management, intrusion detection systems, and vulnerability assessments. Retrium has contracted with an independent company to perform regular penetration testing and code audits.
Retrium safeguards your users with default email verification at account creation time and during password resets. Enterprise customers also have the option of authentication via Single Sign On (SSO). This enables enterprise customers to manage the provisioning process internally.
Retrium conforms with the brand-new EU-US Privacy Shield Framework for regulating privacy in data flows between the European Union and the United States.
Retrium is SOC 1-SSAE 16 Type II and SOC 2 Type II certified. An independent auditor has evaluated our product, infrastructure, and policies, and has certified that Retrium complies with their stringent requirements on the suitability and operating effectiveness of our controls.
All purchases made on the Retrium website are processed using Stripe. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available. Stripe forces HTTPS for all services and all card numbers are encrypted with AES-256. If you have any additional questions, please visit Stripe's security page to read more about their security.
Retrium performs comprehensive background checks by an independent third party before extending an offer to a candidate. Management performs reference checks on all candidates. Once hired, only specific personnel are able to administer information security, view live or backup data, or access the production systems. As part of the termination process, management immediately revokes production server connection privileges.
Retrium has an incident response plan in place to handle those worst-case scenarios - intrusions and security breaches, DDoS attacks, or any other issue. Retrium can call upon a team of specialists to help put a lid on the damage and safeguard our customers, should something slip through our defenses.
Retrium enforces a mandatory full-disk encryption policy for all employee devices (including laptops, tablets, and mobile phones). Retrium is also able to track any employee device (if lost or stolen) and remotely wipe its data, if necessary.