Skip to content
Retool Security & Data Practices

A platform built on trust

Retool offers the security, reliability, and access controls demanded by the most regulated enterprises, paired with the flexibility, choice, and customization that is required by the most versatile developers.

openai logo
snowflake logo
Our customers trust Retool to be good custodians of their data and of their customers’ data. This guide provides a high-level overview of our robust security, privacy, and compliance practices. For more details, please speak with our team of experts.

Self Assessment

SIG Lite assessment: available upon request. Contact for more information.

Product Security and Infrastructure

  • Cloud-Based Services:
    Retool’s cloud-based services are operated on a multi-tenant cloud architecture that is designed to segregate and protect access to any applications, workflows or processes you and your users build using the Retool services.
    This infrastructure is provided and hosted by Amazon Web Services
  • Self-Hosted Services:
    Retool’s self-hosted offering enables you to host Retool services using your own infrastructure so that you and your users can build apps in your virtual private cloud. In provisioning a self-hosted account, our self-hosted Docker image is built with the latest upstream version of Debian (Retool’s base operating system image) with the latest security patches and receives updates on a regular basis.
  • Managed Self-Hosted Services:
    With Retool's managed self-hosted offering, Retool hosts and manages the infrastructure for our customers in an on-premise like setup (instead of a multi-tenant cloud environment).
    This infrastructure is provided and hosted by Amazon Web Services
    • Audit logs
      Detailed audit logs—including records of user access and query execution metadata—are available to admins of your account on the Business or Enterprise plan. Customers may view and query user audit logs. See the documentation for more details.
      Access management
      Admins can remotely disable users authenticated to Retool, on demand at both the role and data level. More detail is available in the documentation.
      Two-factor authentication
      Administrators can require all users to set up two-factor authentication on their accounts. Details can be found in the documentation.
      Customers can authenticate using SSO, including OIDC and SAML. For more details, visit the documentation.

Data Security

 Data encrypted at-rest
Data encrypted in-transit
Data deletion policy
Access monitoring

For more information on Retool data security, see our security documentation.


 Privacy policy
Data processing addendum

For more information about Retool privacy, see our privacy documentation.

Reliability Backup, and Business Continuity

Deployment error and performance monitoring (self-hosted only)
Status page: Retool’s status is available at
Business Continuity Plan
Disaster Recovery Plan
Data backups

For more information, see our reliability, backup, and business continuity documentation.

Monitoring, validation, and practices

Incident Response Plan (IRP)
Bug bounty program
Penetration testing
Responsible disclosure
Vulnerability scanning
Employee confidentiality agreements
Employee background checks
Employee security training
Physical security

For more information, see our monitoring, validation, and practices documentation

Trust resources

For more information, see our security documentation. If we don't answer your question there, let us know at and we will respond as quickly as we can. 

Trust FAQ

How is data stored in Retool?

Many Retool customers choose to connect Retool to their own database or API. When you connect an app to your own database or data resource or that of a third party, Retool does not store your data. Retool securely stores encrypted credentials for these data sources, user metadata, and application structures. Queries to external data sources are proxied through Retool’s backend, further mitigating risk. Retool also offers Retool Database, a product line that provides a convenient way to build up and interact with data in a Postgres database. For customers who use this product in our cloud offering, Retool stores data in AWS, managed by an external vendor.  

Note that if you enable query or workflow caching, data is temporarily cached by Retool for the specified cache duration. You can invalidate a query's cache—or disable query and workflow caching entirely—at any time.


How is data in Retool encrypted?

The Retool services use industry-accepted encryption products to protect data during transmissions between your network and the Retool services, and when at rest. The Retool services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Retool monitors the changing cryptographic landscape closely and works promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, Retool does this while also balancing the need for compatibility with older data sources.


How do you mitigate the risk of SQL injection via Retool apps?

Retool uses prepared statements for all queries and query variables by default. 


Can user-level permissions be enforced within Retool applications? 

Yes, group membership and permissions are available in the Retool application context, and developers can conditionally disable features and queries for end users based on these permissions.

An enterprise platform built for scale