Security & Compliance
Retoor's Cloud Solutions is committed to maintaining the highest standards of security and compliance to protect your data and ensure regulatory adherence.
1. Data Security Measures
1.1 Encryption Standards
| Type | Standard | Description |
|---|---|---|
| Data in Transit | TLS 1.3 | All data transmitted between your device and our servers is encrypted using the latest TLS protocol |
| Data at Rest | AES-256 | All stored files are encrypted using industry-standard AES-256 encryption |
| Database | AES-256 | User credentials and metadata are encrypted at the database level |
1.2 Access Control
- Multi-factor authentication (MFA) available for all accounts
- Role-based access control (RBAC) for team accounts
- Session management with automatic timeout
- IP whitelisting available for Enterprise customers
- Audit logs for all file access and modifications
1.3 Infrastructure Security
- Data centers hosted by Hetzner in Germany and Finland (EU-based)
- 24/7 physical security and monitoring
- DDoS protection and intrusion detection systems
- Regular security audits and penetration testing
- Automated backup systems with geographic redundancy
2. Compliance Certifications
2.1 GDPR Compliance
We are fully compliant with the General Data Protection Regulation (GDPR):
- Data processing agreements available for all customers
- Right to access, rectification, erasure, and portability
- Data breach notification within 72 hours
- Privacy by design and by default
- All data stored within the European Union
- No data transfers outside EU without appropriate safeguards
2.2 ISO 27001
Our information security management system is aligned with ISO 27001 standards:
- Regular risk assessments and security reviews
- Documented security policies and procedures
- Employee security training and awareness programs
- Incident response and business continuity plans
2.3 SOC 2 Type II
We maintain SOC 2 Type II compliance covering:
- Security: Protection against unauthorized access
- Availability: System uptime and performance
- Confidentiality: Protection of sensitive information
- Privacy: Handling of personal information
3. Data Center Locations
Your data is stored exclusively in European Union data centers:
| Location | Provider | Certifications |
|---|---|---|
| Falkenstein, Germany | Hetzner Online GmbH | ISO 27001, PCI DSS |
| Helsinki, Finland | Hetzner Online GmbH | ISO 27001, PCI DSS |
All data centers feature:
- 99.99% power availability with redundant power supplies
- Climate-controlled environments
- Biometric access control
- 24/7 on-site security personnel
4. Data Processing Agreement
For business customers, we provide a comprehensive Data Processing Agreement (DPA) that includes:
- Clear definition of roles (Controller vs. Processor)
- List of sub-processors and their locations
- Data security measures and obligations
- Data subject rights and assistance procedures
- Data breach notification procedures
- Terms for data deletion upon contract termination
5. Security Monitoring
We continuously monitor our systems for security threats:
- Real-time threat detection and alerting
- Automated vulnerability scanning
- Security information and event management (SIEM)
- Regular penetration testing by third-party security firms
- Bug bounty program for responsible disclosure
6. Incident Response
In the event of a security incident:
- Immediate containment and investigation
- Notification to affected customers within 24 hours
- Detailed incident reports provided to Business and Enterprise customers
- Post-incident review and remediation
- Cooperation with regulatory authorities as required
7. Employee Security
All employees undergo rigorous security protocols:
- Background checks for all staff with data access
- Confidentiality and non-disclosure agreements
- Regular security awareness training
- Principle of least privilege access
- Secure development practices and code reviews
8. Third-Party Audits
We undergo regular third-party security audits:
- Annual penetration testing by certified security firms
- Quarterly vulnerability assessments
- Independent compliance audits for ISO and SOC certifications
- Audit reports available to Enterprise customers upon request
9. Security Best Practices for Users
We recommend the following security practices:
- Enable two-factor authentication on your account
- Use strong, unique passwords
- Regularly review account activity and access logs
- Keep your contact information up to date
- Be cautious of phishing attempts
- Report suspicious activity immediately
10. Questions and Reporting
For security-related inquiries or to report vulnerabilities:
- Security Team: security@retoors.nl
- Vulnerability Disclosure: security-disclosure@retoors.nl
- Compliance Questions: compliance@retoors.nl