Retool makes building internal dashboards, admin panels, and data tools fast. What it does not make obvious is that when you connect your production database and invite an Editor, that person can open Retool's built-in query editor and run any SQL query against your database directly, not just the queries built into the app they're working on.
That gap catches founders off guard, especially when handing off tool development to a contractor or an outside agency.
TL;DR
Retool Cloud is SOC 2 Type II certified and safe as a platform. The organizational risk is access scope: every Editor in your Retool organization can query every connected resource through the freeform query editor. Audit logs are Enterprise-only. To safely add contractors or limit access, use a read-only database user, enable query environments (staging vs. production), and restrict who gets Editor vs. Viewer roles. Don't connect production databases until you understand who has Editor access.
What Retool Controls (Platform Security)
Retool Cloud is hosted on AWS and holds SOC 2 Type II certification. Independent auditors verify Retool's security controls annually. All data in transit uses TLS. Credentials for your connected resources (database passwords, API keys) are encrypted at rest using AES-256.
Retool also offers a self-hosted deployment option via Docker or Kubernetes. Self-hosted keeps query data and credentials entirely within your infrastructure, so Retool the company cannot access it. The tradeoff: you own patching, uptime, and the security of the host environment. For teams with strict data residency requirements or regulated industries, self-hosted is worth the operational overhead.
For most indie founders and small teams, Retool Cloud's security controls are adequate.
The Editor Access Problem
The single biggest security gap in Retool is not a vulnerability. It is a feature working as designed.
Every user with an Editor role in your Retool organization can:
- Open any app in Retool and inspect its queries
- Open Retool's query editor in the dev toolbar and write new queries from scratch
- Run those queries directly against any connected resource, including your production database
There is no query-level permission gate below the organization role on Starter, Team, or Business plans. A contractor invited to build a customer support dashboard can open the query editor and run SELECT * FROM users against the same production database, even if that table has nothing to do with the support tool.
Before connecting a production database, audit who has Editor access. Editors are not sandboxed to the apps they're working on. They have query access to every resource in the organization.
How to Limit the Damage
The practical mitigations:
Create a least-privilege database user for Retool. Instead of connecting your production database as the app user (which often has write access across all tables), create a dedicated Retool read-only user with access only to the schemas it needs.
-- PostgreSQL example
CREATE USER retool_ro WITH PASSWORD 'strong-password-here';
GRANT CONNECT ON DATABASE yourdb TO retool_ro;
GRANT USAGE ON SCHEMA public TO retool_ro;
GRANT SELECT ON TABLE customers, orders, support_tickets TO retool_ro;
-- Do NOT grant INSERT, UPDATE, DELETE, or access to financial/PII tables
Separate staging and production resources. Retool supports production and staging environments. Give Editors access to staging resources only; production resources require a separate approval. This way a contractor can build and test against real data shapes without touching production.
Use Viewer roles where possible. Viewers can run queries within apps (they trigger actions you've built) but cannot edit apps or access the query editor. If someone only needs to use your internal tool, not build it, make them a Viewer.
Audit Logs: Enterprise Only
If your production database gets queried for data it shouldn't expose, can you tell who did it and when in Retool?
On Starter, Team, and Business plans: no. Retool's audit log feature, which records which user executed which queries against which resources, is only available on the Enterprise plan.
On lower plans, your only option is enabling query logging at the database level (e.g., PostgreSQL's log_statement = 'all' or pg_audit). If compliance or incident response requires a query audit trail, either plan for Enterprise or implement database-level logging before connecting sensitive data.
Environment Variables and Secret Management
Retool has a built-in secrets store for environment variables accessible in queries and JavaScript. Secrets are scoped per environment (staging/production) and not visible in the app editor's UI once saved. Editors cannot read a saved secret's value through the Retool interface.
One gotcha: if a query directly returns the value of an environment variable (e.g., return retoolContext.environmentVariables.MY_SECRET), a JavaScript query can expose it to anyone running the app. Keep secret values out of query return values.
Audit your Retool apps for JavaScript queries that reference environmentVariables and return the values. These are visible to anyone who can run the query, including app Viewers.
Retool Cloud vs. Self-Hosted Security Comparison
| Aspect | Retool Cloud | Self-Hosted |
|---|---|---|
| SOC 2 Type II | Yes | N/A (your infra) |
| Data residency | AWS us-east-1 (default) | Your choice |
| Retool staff access | Encrypted, audited | None |
| Patching responsibility | Retool | You |
| TLS in transit | Included | You configure |
| SAML/SSO | Business+ | Business+ (self-hosted license) |
| Audit logs | Enterprise | Enterprise |
SSO and Multi-Factor Authentication
SAML-based SSO is available on the Business and Enterprise plans. If your organization already uses Okta, Azure AD, or Google Workspace, SSO is the cleanest way to enforce MFA and centralize access management for Retool.
On Starter and Team plans, users log in with email/password. Retool supports TOTP-based MFA, but it is not enforced by default. Enable org-level MFA enforcement in your Retool settings before connecting sensitive resources.
Is Retool safe for production data?
Retool Cloud is SOC 2 Type II certified and generally safe as a platform. The risk is organizational: on non-Enterprise plans, every Editor in your Retool organization can open any connected resource in Retool's query editor and run arbitrary SQL or API calls against it. You need to understand who has Editor access before connecting production databases.
Does Retool have audit logs?
Audit logs showing who ran which queries are only available on the Enterprise plan. On Starter, Team, and Business plans, you cannot review what queries your team members executed against connected resources. If you need a query audit trail for compliance or incident investigation, you need Enterprise or a separate database query log at the infrastructure level.
Can I use Retool without giving employees full database access?
Not easily on lower plans. The cleanest approach is to create a read-only database user specifically for Retool and connect that user as a separate resource. Editors can then only query what that user can see. Resource-level access restrictions within Retool require the Business or Enterprise plan.
Is Retool self-hosted more secure than Retool Cloud?
Self-hosted Retool keeps your data within your own infrastructure, so Retool the company cannot access it. The tradeoff is that you own patching, uptime, and security hardening. Retool Cloud offloads that with SOC 2 backing. For most teams, Cloud is simpler and adequately secure. Self-hosted makes sense for strict data residency requirements or regulated industries.
What is the biggest security risk in Retool?
Unscoped editor access. When you invite a contractor or new hire as an Editor to build one internal tool, they immediately gain query access to every resource connected to your Retool organization. Scope access by creating a least-privilege database user for Retool and only granting Editor access to people who need to build, not just use, your tools.
Building internal tools on Retool?
Scan your connected backend for exposed credentials, misconfigured access controls, and other issues before a contractor finds them first.