Security at Metronome

Our customers trust us to keep their data secure and it’s a responsibility we take seriously. Our security-minded approach is reflected in how we design our product, policies, and procedures.

OUR APPROACH

We combine best practices in system architecture and internal processes to keep your data safe.

Zero trust architecture

Metronome enforces strict authentication and authorization throughout the system, even between internal services within the network perimeter.

Principle of least privilege

System access is always limited to the minimum required level. This applies to both employee access for support purposes and internal communication between systems.

Data encryption

Metronome encrypts your data in transit and at rest.  We use modern cryptographic algorithms like AES256-GCM and follow key management best practices with strict user access control.

Secure development practices

We conduct extensive security-design reviews and regular penetration tests. All Metronome employees and contractors attend mandatory annual information security training.

Product security

Customers can centrally manage their access to Metronome using single sign-on (SSO). Metronome data is immutable, and actions are recorded in an audit log.

Third-party cloud providers

Our cloud providers comply with industry-leading security practices and frameworks, including SOC 2, ISO 27001, and PCI DSS.

SOC 2 TYPE 2

Our SOC 2 Type 2 certification ensures we have the right security controls to keep customer data safe.

Metronome has security and reliability built in, which gives us a lot of confidence in using them as our billing system.

Bob Van Leeuwen
DIRECTOR OF PRODUCT, STARBURST