Security principles
- Collect and retain only what is needed for the service, support, security, and legal obligations.
- Use managed infrastructure for hosting, DNS, storage, email, AI processing, logging, and security controls where appropriate.
- Restrict production access to authorized operators and service roles needed to run or support the product.
- Avoid exposing secrets in public repositories, static pages, client-side code, logs, reports, or support messages.
- Review risky changes, live operations, and data-handling changes before launch or expansion.
Technical measures
- HTTPS/TLS for public website traffic and product traffic where supported by providers.
- Authentication and role-based workspace access for product surfaces where enabled.
- Separation between the public landing website and authenticated dashboard/product routes.
- Operational logs and monitoring for reliability, abuse investigation, and incident response.
- Backups, recovery planning, and deletion/retention controls according to customer configuration and operational requirements.
No audit badge claim yet
Retena does not currently claim independent security audit badges or regulated-industry audit badges for the Retena product itself on this public site. If those audit badges are obtained later, this page will be updated with the exact scope.
Report a security issue
Send security concerns to founders@retena.app with the subject "Security report". Please do not include secrets, raw private chat content, or unnecessary personal data in the first report.