This document outlines some of the key data security aspects of the Turtl platform.
Data is stored in secure, redundant, highly available databases on the Amazon Web Services platform and is encrypted using AES256.
All core application components reside within a single Amazon Web Services VPC, eliminating the possibility of packet sniffing through the use of Amazon’s internal network controls.
All data transferred between the client and server over the the public internet is encrypted with 256-bit SSL / TLS v1.2 and above. In addition, core components are only addressable from within our private network.
Turtl is a multi-tenant system with each customer’s information stored in separate databases. Controls are in place within the application to prevent any cross-contamination or leakage of data.
All data is stored by Amazon and the Amazon Web Services decommissioning process applies. More information is available here.
Data is distributed across our database cluster to provide redundancy and availability. Customer data is backed up to a secure Amazon Web Services S3 bucket of the customer’s choosing at a pre-agreed frequency. System level backups are retained as follows:
No customer data is ever stored on removable media, desktops or laptops. All employee workstations and removable media devices are encrypted.