Skip to main content
Applies to: Self-hosted 3.196 Stable

Data protection

Learn about the best practices for storing data that's potentially sensitive.

To guard against risk, you must properly handle any potentially sensitive data. This includes:

  • Personally Identifiable Information (PII). Such as:
    • Social security, driver’s license, state identification card, or passport number.
    • Racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership.
    • The contents of mail, email, and text messages unless a business is the intended recipient of the communication.
    • Genetic or biometric data. Data concerning health or data concerning a natural person’s sex life or sexual orientation.
    • Precise location information (e.g., geolocation data).
    • Any personal information that is not public.
  • Financial information. Such as:
    • Account login credentials, including financial account, and in combination with any required security or access code, password, or credentials that would grant access to an account.
    • Debit or credit card information, including full card details.
  • Protected health information (PHI). Such as:
    • Health records.
    • Confidential doctor or patient data.

Sensitive information can be, and often is, subject to strict legal requirements for handling and storage. Although Retool does not have a legal obligation to enforce this, storing these kinds of information may not comply with your own legal or compliance obligations.

Please refer to Retool's terms and policies for detailed information.