Security at Metronome
Our customers trust us to keep their data secure and it’s a responsibility we take seriously. Our security-minded approach is reflected in how we design our product, policies, and procedures.
We combine best practices in system architecture and internal processes to keep your data safe.
Zero trust architecture
Metronome enforces strict authentication and authorization throughout the system, even between internal services within the network perimeter.
Principle of least privilege
System access is always limited to the minimum required level. This applies to both employee access for support purposes and internal communication between systems.
Data encryption
Metronome encrypts your data in transit and at rest. We use modern cryptographic algorithms like AES256-GCM and follow key management best practices with strict user access control.
Secure development practices
We conduct extensive security-design reviews and regular penetration tests. All Metronome employees and contractors attend mandatory annual information security training.
Product security
Customers can centrally manage their access to Metronome using single sign-on (SSO). Metronome data is immutable, and actions are recorded in an audit log.
Third-party cloud providers
Our cloud providers comply with industry-leading security practices and frameworks, including SOC 2, ISO 27001, and PCI DSS.
Certifications and attestations
Trust and security are core to our commitment to our customers. Our enterprise-grade security features and comprehensive audits ensure we're aligned to industry best practices.
Metronome has security and reliability built in, which gives us a lot of confidence in using them as our billing system.