Neatro is not SOC2 and GDPR compliant. They store all information behind firewalls on their secure servers. Any payment transactions and all the information that passes between the Neatro application, the server and the database is encrypted with SSL technology. The safety and security of your information also depends on you. Only their CTO, Benjamin Cotrel has access to the Micorsoft Azure Account and he uses two factor authentication on his Microsoft account and only accesses Microsoft Azure from his personal desktop computer. Check full security details here.
Alternatively, TeamRetro, is Soc2 Type 2 and GDPR compliant and can be hosted in either the US or the EU. This makes TeamRetro well-suited for teams with strict IT or compliance requirements. Detailed information can be found here.