We combine best practices in system architecture and internal processes to keep your data safe.
Metronome enforces strict authentication and authorization throughout the system, even between internal services within the network perimeter.
System access is always limited to the minimum required level. This applies to both employee access for support purposes and internal communication between systems.
Metronome encrypts your data in transit and at rest. We use modern cryptographic algorithms like AES256-GCM and follow key management best practices with strict user access control.
We conduct extensive security-design reviews and regular penetration tests. All Metronome employees and contractors attend mandatory annual information security training.
Customers can centrally manage their access to Metronome using single sign-on (SSO). Metronome data is immutable, and actions are recorded in an audit log.
Our cloud providers comply with industry-leading security practices and frameworks, including SOC 2, ISO 27001, and PCI DSS.
Our SOC 2 Type 2 certification ensures we have the right security controls to keep customer data safe.