A platform built on trust
Retool offers the security, reliability, and access controls demanded by the most regulated enterprises, paired with the flexibility, choice, and customization that is required by the most versatile developers.
Compliance
Self Assessment
SIG Lite assessment: available upon request. Contact security@retool.com for more information.
Product Security and Infrastructure
- Cloud-Based Services:
Retool’s cloud-based services are operated on a multi-tenant cloud architecture that is designed to segregate and protect access to any applications, workflows or processes you and your users build using the Retool services.
This infrastructure is provided and hosted by Amazon Web Services
- Self-Hosted Services:
Retool’s self-hosted offering enables you to host Retool services using your own infrastructure so that you and your users can build apps in your virtual private cloud. In provisioning a self-hosted account, our self-hosted Docker image is built with the latest upstream version of Debian (Retool’s base operating system image) with the latest security patches and receives updates on a regular basis.
- Managed Self-Hosted Services:
With Retool's managed self-hosted offering, Retool hosts and manages the infrastructure for our customers in an on-premise like setup (instead of a multi-tenant cloud environment).
This infrastructure is provided and hosted by Amazon Web Services
-
- Audit logs
Detailed audit logs—including records of user access and query execution metadata—are available to admins of your account on the Business or Enterprise plan. Customers may view and query user audit logs. See the documentation for more details.
Access management
Admins can remotely disable users authenticated to Retool, on demand at both the role and data level. More detail is available in the documentation.
Two-factor authentication
Administrators can require all users to set up two-factor authentication on their accounts. Details can be found in the documentation.
SSO
Customers can authenticate using SSO, including OIDC and SAML. For more details, visit the documentation.
- Audit logs
Data Security
Data encrypted at-rest
Data encrypted in-transit
Data deletion policy
Access monitoring
For more information on Retool data security, see our security documentation.
Privacy
Privacy policy
Data processing addendum
For more information about Retool privacy, see our privacy documentation.
Reliability Backup, and Business Continuity
Deployment error and performance monitoring (self-hosted only)
Status page: Retool’s status is available at https://status.retool.com/.
Business Continuity Plan
Disaster Recovery Plan
Data backups
For more information, see our reliability, backup, and business continuity documentation.
Monitoring, validation, and practices
Incident Response Plan (IRP)
Bug bounty program
Penetration testing
Responsible disclosure
Vulnerability scanning
Employee confidentiality agreements
Employee background checks
Employee security training
Physical security
For more information, see our monitoring, validation, and practices documentation
Trust resources
For more information, see our security documentation. If we don't answer your question there, let us know at security@retool.com and we will respond as quickly as we can.
Trust FAQ
How is data stored in Retool?
Many Retool customers choose to connect Retool to their own database or API. When you connect an app to your own database or data resource or that of a third party, Retool does not store your data. Retool securely stores encrypted credentials for these data sources, user metadata, and application structures. Queries to external data sources are proxied through Retool’s backend, further mitigating risk. Retool also offers Retool Database, a product line that provides a convenient way to build up and interact with data in a Postgres database. For customers who use this product in our cloud offering, Retool stores data in AWS, managed by an external vendor.
Note that if you enable query or workflow caching, data is temporarily cached by Retool for the specified cache duration. You can invalidate a query's cache—or disable query and workflow caching entirely—at any time.
How is data in Retool encrypted?
The Retool services use industry-accepted encryption products to protect data during transmissions between your network and the Retool services, and when at rest. The Retool services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Retool monitors the changing cryptographic landscape closely and works promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, Retool does this while also balancing the need for compatibility with older data sources.
How do you mitigate the risk of SQL injection via Retool apps?
Retool uses prepared statements for all queries and query variables by default.
Can user-level permissions be enforced within Retool applications?
Yes, group membership and permissions are available in the Retool application context, and developers can conditionally disable features and queries for end users based on these permissions.