Turbot Security

Ensuring our product meets the robust data security needs of our customers is a top priority at Turbot; it is vital our customers have confidence in the security of our solutions. Our goal is to continually earn our customer's trust. We do this by leveraging industry standard security solutions and best practices. We are continuously iterating on our processes and product with the latest security features to stay ahead of the ever-changing and evolving security best practices and enterprise customer requirements. Our commitment to meet and exceed these data security, privacy and compliance needs of our customers is core to our business and a shared value across our employees. If you have any security, compliance or privacy questions, please contact us at security@turbot.com.

Service and Organization Controls (SOC)

A deep external examination which closely evaluates our company's information systems, processes and policies managing services to ensure they meet the trust services criteria established by the American Institute of CPAs (AICPA): security, availability, processing integrity, confidentiality, and privacy. SOC reports are issued by an AICPA-certified third party service auditor who performs a thorough examination of our controls. Our SOC examinations are conducted annually each April, with reports typically available by mid-May. Under NDA, to request a copy of Turbot's SOC 2® report, please contact your Account Lead or email security+soc@turbot.com.

SOC 2 Type II

For Turbot Guardrails and Turbot Pipes, Turbot has completed a SOC 2® Type II examination to validate the effectiveness of our information security system controls over a 12-month period.

SOC 3

Turbot maintains a SOC 3® report which is the public, summarized version of the SOC 2® report. You can download the latest report here.

Center for Internet Security (CIS) Benchmark Certification

Turbot has been recognized as a Center for Internet Security (CIS) SecureSuite member, receiving a CIS Benchmark Certification for our Turbot Guardrails Cloud and Turbot Guardrails Enterprise software. Turbot obtained our CIS Benchmark Certification by using our own software to prove the requirements for the Certification.

General Data Protection Regulation (GDPR)

We firmly support GDPR in both practice and philosophy. We work with our customers in the European Economic Area to assure compliance with personal data handling requirements and cross-border transfer requirements under GDPR guidelines. As a processor, we process data on behalf of our customers. We expect that some of our customers will require us to enter into a data processing addendum ("DPA"), per Article 28 of GDPR. Turbot's primary subprocessors are Amazon Web Services (AWS) and Google Cloud Platform (GCP). More information is in our privacy policy.

California Privacy Rights Act (CPRA)

Turbot complies with the California Privacy Rights Act (CPRA) and respects the enhanced privacy rights it provides to California residents. We support data subject rights requests including access, deletion, correction, and opt-out of sale/sharing from consumers in California and other jurisdictions with similar privacy laws. Please email us at privacy@turbot.com for any privacy-related requests. For more details on how we handle personal information, please review our privacy policy.

Data Privacy Framework (formally Privacy Shield)

Turbot participates in, and complies with, the EU-U.S. Data Privacy Framework Principles, UK Extension to the EU-U.S. Data Privacy Framework Principles, and Swiss-U.S. Data Privacy Framework (DPF) Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. For more information about the DPF program, and to view Turbot's certification, please review our privacy policy and visit Data Privacy Framework.

Responsible Disclosure

We appreciate the efforts of security researchers who help improve the security of our services. If you believe you have discovered a potential vulnerability, please notify us by emailing security@turbot.com. We will acknowledge your report within one week and work with you to resolve critical issues as quickly as possible.

Please follow these guidelines when reporting:

  • Provide us a reasonable time to address the issue before public disclosure.
  • Avoid actions that could compromise user privacy, disrupt services, or destroy data.
  • Do not engage in denial-of-service attacks, social engineering, or attacks on physical or virtual infrastructure.

Please note that we do not accept reports for vulnerabilities solely affecting our marketing website (https://www.turbot.com), as it contains no sensitive data.

At this time, Turbot does not offer a monetary incentive or bug bounty program. However, we appreciate responsible reports and will work collaboratively to address security concerns. Thank you for helping keep Turbot and our users secure!

If you have any security, compliance or privacy questions, please contact us at security@turbot.com.