Security & compliance overview page
Turtini publishes a full security and data governance overview at turtini.com/security.
The page covers:
Platform security practices:
• Encryption in transit and at rest on all data
• Role-based access control enforced at every layer
• Automated content moderation for uploaded images and files
• Automated security scanning for Marketplace module bundles
• Real-time security event monitoring (SIEM)
• Payment security via Stripe (PCI DSS Level 1)
Infrastructure certifications (inherited from providers):
• Google Cloud — SOC 2 Type II, ISO 27001, FedRAMP Moderate
• Firebase — SOC 2 Type II, ISO 27001, GDPR compliant
• Stripe — PCI DSS Level 1, SOC 2 Type II, ISO 27001
NIST Cybersecurity Framework alignment:
Turtini's controls are aligned to the five NIST CSF functions: Identify, Protect, Detect, Respond, and Recover.
Data governance:
• Multi-org data isolation — each org's data is structurally separated at the database layer
• No data sharing or aggregation between organizations
• Data stored in Google Cloud us-central1 region
• Payment data: only last-4 digits and card brand are stored; no raw card data ever
Enterprise and government buyers can request security documentation, infrastructure diagrams, and compliance artifacts by contacting sales through the page.