Turtini

Legal

Privacy Policy

Effective date: May 14, 2026  ·  Last updated: May 14, 2026

1. Introduction

This Privacy Policy explains how Turtini LLC ("Turtini," "we," "our," or "us") collects, uses, shares, and protects information when you visit turtini.com or use the Turtini platform, including all of its modules, services, and features (collectively, the "Platform").

Turtini is a business operating platform. Organizations ("Orgs") use it to run their operations across integrated modules — including CRM, accounting and payroll, contracts and grants, scheduling and planning, websites and email, hospitality, property and rental management, fleet and maritime operations, lab environments, a developer marketplace, and more — alongside an AI assistant ("Wally"). Because the Platform spans so many workflows, the specific data involved depends on which modules an Org turns on.

Your use of the Platform is also governed by our Terms & Conditions.

2. Roles: Who Controls the Data

For your own account and profile, and for visitors to turtini.com, Turtini is the controller of personal information.

For data an Org puts into the Platform about its own customers, employees, vendors, guests, tenants, or other third parties, the Org is the controller and Turtini acts as a service provider / processor on the Org's behalf. If you are an individual whose data was entered by an Org (for example, you are a customer of a business that uses Turtini), please direct privacy requests to that Org; we will support them in responding.

3. Information We Collect

3.1 Information you provide to us

  • Account and identity information — name, email address(es), phone number, postal address, password and authentication credentials, multi-factor authentication factors (such as authenticator-app secrets, passkeys, and trusted-device records), profile photo, and the linked emails, phone numbers, and handles that make up your Turtini identity graph.
  • Organization and business data — Org names, business addresses, roles and team membership, and the business identity details used for verification (see 3.3).
  • Module content — everything you create or upload while using the Platform: contacts and accounts, opportunities, quotes and invoices, documents and files, calendar events, projects and tasks, products and inventory, properties, vehicles and vessels, reservations and guest records, recipes and menus, runbooks, websites, and similar records. This may include personal information about third parties that you choose to enter.
  • Payment and financial information — when you use payment, payroll, banking, or accounting features, this can include bank account connections, transaction and invoice records, payroll and tax records (such as W-9s, paystubs, and 1099s), and beneficial-owner and tax-identification details. Turtini does not store raw payment card numbers — card payments are handled directly by Stripe, our PCI-compliant payment processor.
  • Communications — emails, messages, and support requests you send through or to the Platform, and content from mailboxes or calendars you choose to connect.
  • AI assistant interactions — the messages, questions, voice input, and context you share with Wally (see Section 5).

3.2 Information we collect automatically

  • Device and usage data — browser type, device type, operating system, referring pages, the pages and features you use, and timestamps.
  • Approximate location — we derive a country from your IP address. We do not store raw IP addresses on usage-event records; IP addresses are processed transiently and held only in a short-lived lookup cache.
  • Visitor and company analytics — we operate first-party analytics to understand how the Platform is used. As part of this, we identify the organization associated with a visit: for signed-in users, from the visitor's email domain; for anonymous visitors, through a reverse-IP company lookup performed by our provider IPinfo. This identifies companies only, never individuals, resolves only a portion of traffic, and is used to understand which businesses are evaluating Turtini.
  • Cookies and similar technologies — see Section 8.

3.3 Information we receive from third parties

  • Identity and business verification — when an Org goes through identity or business ("KYB") verification, we receive verification results and related business records from providers such as Stripe, Middesk, and Tax1099.
  • Contact enrichment — if an Org uses contact-enrichment features, we obtain business contact information (such as names, titles, and work contact details) for people at a company domain from our enrichment provider, Apollo.
  • Connected integrations — if you connect a third-party account (for example Google Workspace / Gmail, Calendar, and Meet, GitHub, or social accounts), we receive data from that service according to the permissions you grant. For Google Meet specifically, when you connect Google and later click "Import as doc" on a meeting in /me/meetings, we read that conference's transcript entries via the Google Meet API and write them into a user-owned document at /me/docs/:id. We do not list, store, transfer, or use Meet conference data for any purpose other than providing this user-initiated feature, we do not use it for advertising, we do not allow humans to read it (other than the account owner), and we do not use it to train AI models. Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
  • Payment and banking partners — we receive transaction, payout, account, and status information from Stripe and Plaid in connection with payment and banking features.

3.4 Sensitive information

Some modules can involve sensitive categories of information — for example, financial account data, government identifiers used for payroll and tax, or wellbeing-related content in modules designed for personal support. We collect and use such information only to provide the relevant feature, apply heightened access controls to it, and do not use it for advertising. Do not enter sensitive personal information into free-text fields that are not intended for it.

4. How We Use Information

  • To provide, operate, maintain, and secure the Platform and its modules.
  • To create and manage your account, Org membership, and permissions.
  • To process payments, payroll, invoicing, and other financial transactions you initiate, and to calculate and apply Platform fees.
  • To resolve your identity across the emails, phone numbers, and accounts that belong to you, and to merge duplicate accounts into a single account where appropriate.
  • To power AI features and assistant functionality (see Section 5).
  • To communicate with you about your account, transactions, security, and service changes.
  • To send newsletters and promotional material where you have not opted out (you can opt out at any time).
  • To understand usage and trends and to improve the Platform.
  • To detect, investigate, and prevent fraud, abuse, and security incidents, to moderate uploaded content for safety, and to enforce our Terms.
  • To comply with legal obligations and respond to lawful requests.

Automated content moderation. Images uploaded to the Platform are automatically screened for unsafe content using Google Cloud Vision before they are displayed. Content flagged by this process may be held for human review.

5. AI Features (Wally)

The Platform includes an AI assistant, Wally. When you interact with Wally, the content of your request — along with relevant context from your Org's data needed to answer it — is processed by a large language model to generate a response. By default this processing is performed by Anthropic (Claude). Voice input to Wally is transcribed using Google Cloud Speech-to-Text.

We do not use your data, and our model providers do not use data sent through the Platform, to train their general-purpose models. Orgs on supported plans may configure Wally to route to their own model endpoint instead of the Turtini-hosted default; in that case, AI processing is governed by that endpoint's terms.

6. How We Share Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only as described below:

  • Service providers and sub-processors — third parties that perform services for us (hosting, payments, communications, verification, AI, analytics). They may access information only to perform those services for us. See Section 7.
  • Within and between Orgs — data you put into an Org is visible to other members of that Org according to their roles and permissions. Orgs can connect with partner Orgs and share scoped data; where this happens, sharing follows the configuration chosen by the participating Orgs. Joining an Org may bring that Org's events into your unified calendar.
  • At your direction — when you connect an integration, install or publish a Marketplace template, export your data, or otherwise instruct us to share.
  • Legal and safety — when we believe disclosure is required by law or legal process, or is necessary to protect the rights, property, or safety of Turtini, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction.

7. Sub-processors

We rely on the following categories of providers to operate the Platform. Each receives only the information needed for its function:

  • Google Cloud / Firebase — application hosting, database, authentication, file storage, and serverless functions; Cloud Vision (image moderation); Cloud Speech-to-Text (voice input); and, where you connect them, Google Calendar, Gmail, and Google Meet (transcript import on user request).
  • Anthropic — large language model that powers the Wally assistant.
  • Stripe — payment processing, payouts, and business identity verification.
  • Plaid — secure bank-account connections for banking and accounting features.
  • Middesk and Tax1099 — business and tax-identity verification.
  • Apollo — business contact enrichment.
  • Resend — outbound transactional and marketing email.
  • SendGrid — inbound email processing.
  • Cloudflare — content delivery, DNS, and custom-domain hosting.
  • IPinfo — reverse-IP company identification for first-party analytics. ipapi.co — IP-to-country lookup.
  • Apple — Wallet pass issuance, where used. GitHub — code export and connected-repository hosting, where used.
  • Checkr — applicant/tenant background screening, where an Org uses screening features.

We may update this list as the Platform evolves; the current version is always the one published here.

8. Cookies and Tracking Technologies

We use cookies and similar technologies that are necessary to sign you in, keep your session secure, and remember your preferences, and we use first-party analytics to understand Platform usage (see Section 3.2). Where required, we present a cookie notice so you can manage non-essential cookies, and you can also control cookies through your browser settings. We do not use third-party advertising cookies.

9. Data Retention

We keep personal information for as long as your account or your Org's account is active, and as needed to provide the Platform, comply with legal and financial-recordkeeping obligations, resolve disputes, and enforce our agreements.

  • Your account. Turtini accounts are designed to persist across job and life changes — one person, one account. You can close your account at any time from your settings.
  • Org lifecycle. When an Org is paused or cancelled, its data enters a grace period before deletion and remains recoverable for a defined window after that, so an Org can come back without losing its history.
  • Workforce data. Records that belong to you as an individual — such as your paystubs and tax documents — remain available to you even after you leave an Org; the Org's other data is no longer shared with you once your membership ends.
  • Deletion. When data is deleted at the end of these periods or on request, it is removed from active systems; residual copies may persist briefly in routine system processes before being overwritten.

10. Your Rights and Choices

Depending on where you live, you may have some or all of the following rights:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — ask us to delete your personal information, subject to legal exceptions.
  • Portability and export — receive your information in a portable format. The Platform also provides built-in export and data-portability tools for moving your data out.
  • Restriction and objection — ask us to restrict or object to certain processing.
  • Opt out of marketing — unsubscribe from promotional email at any time using the link in those messages or by contacting us. We will still send necessary service and transactional messages.
  • No sale / no sharing — we do not sell or share personal information as those terms are defined under California law, so there is nothing to opt out of in that respect.
  • Withdraw consent — where processing is based on consent, you can withdraw it.

To exercise these rights, contact us at [email protected]. We will verify your request and respond within the timeframe required by applicable law. You will not be discriminated against for exercising your rights. If your data was entered into the Platform by an Org, please also see Section 2.

11. Data Security and Integrity

We use technical and organizational measures designed to protect personal information, including encryption of data in transit and at rest, role-based access controls and per-record security rules, available multi-factor authentication and passkeys, automated screening of uploaded images, and ongoing monitoring for fraud and abuse. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

No cloud or distributed system can be guaranteed against interruption, corruption, or loss of data. We operate the Platform with reasonable safeguards and recovery processes designed to reduce that risk, and we provide built-in export and data-portability tools so you can move your data out. You remain responsible for evaluating whether the Platform meets your business-continuity, archival, and regulatory requirements, and for taking independent backups of anything your operations cannot tolerate losing. The full allocation of responsibility for service availability and data integrity is set out in our Terms & Conditions.

12. International Data Transfers

Turtini is based in the United States and the Platform is hosted on infrastructure located in the United States. If you access the Platform from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries where we or our sub-processors operate, which may have different data-protection laws than your jurisdiction. Where required, we rely on appropriate safeguards for such transfers.

13. Children's Privacy

The Platform is intended for use by businesses and adults. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it. If you believe a child has provided us with personal information, contact us at [email protected].

14. Third-Party Sites and Services

The Platform may link to, or let you connect, third-party sites and services that we do not control. This Privacy Policy does not apply to those third parties; their own privacy policies govern your use of them. Marketplace modules and templates offered by third-party developers are subject to the developer's own terms in addition to ours.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above, and for material changes we will provide additional notice in the Platform or by email. Your continued use of the Platform after an update takes effect means you accept the revised policy.

16. Contact Us

If you have questions about this Privacy Policy or how we handle your information, contact us at [email protected], or by mail:

Turtini LLC
400 Granby Street, Suite 107-9
Norfolk, VA 23510

Turtini uses cookies to improve your experience, analyze site traffic, and personalize content. By clicking Accept, you consent to our use of cookies. Privacy Policy

Wally

Your Turtini assistant

Hi, I'm Wally!

Ask me anything about Turtini — features, pricing, how things work, and more.

or

Already have an account? Sign in

Wally can make mistakes — verify important info.