← Back to Retena
Last updated: March 21, 2026
Security at Retena
Your WhatsApp conversations — groups and personal chats — are sensitive data. We treat them that way.
🔒 Encryption
- In transit: All data encrypted with TLS 1.3 between your device and our servers.
- At rest: Database encryption (AES-256) for all stored messages, transcriptions, and media.
- API traffic: All API calls require authenticated JWT tokens over HTTPS.
🛡️ Data Protection
- Isolation: Each account's data is logically separated — no cross-account access.
- No sharing: We never sell, share, or use your data for training AI models.
- Transcription: Voice notes are processed by secure speech-to-text infrastructure. Retena stores the text result and follows its retention policy for processing artifacts.
- Retention: You control your data. Export or delete anytime from Settings → Data & Privacy.
🏗️ Infrastructure
- Hosting: Zeabur (cloud containers) with automatic scaling and redundancy.
- Database: Supabase (PostgreSQL) with automated backups, point-in-time recovery, and row-level security.
- Monitoring: Real-time health checks, error tracking, and uptime monitoring.
- Updates: Continuous deployment with automated testing before release.
👥 Access Controls
- Authentication: Supabase Auth with secure password hashing (bcrypt).
- Authorization: Role-based access — Admin, Owner (read-only), and Team Member roles.
- Internal access: Production data access restricted to founding team only, with audit logging.
- No plaintext secrets: All credentials stored as environment variables, never in code.
🔄 Incident Response
- We investigate all suspected security incidents within 24 hours.
- Affected users are notified within 72 hours of a confirmed breach.
- Post-incident reviews are conducted and fixes deployed immediately.
📞 Report a Vulnerability
Found a security issue? We appreciate responsible disclosure.
- Email: [email protected]
- We acknowledge reports within 48 hours.
- We do not pursue legal action against good-faith security researchers.
📋 Contact