Secure and reliable service

Turtl takes the security and confidentiality of our customers’ data extremely seriously. We follow best practice in everything we do so you can have peace of mind.

Keeping Turtl online

Your content is as important to us as it is to you. Our lovely engineers work tirelessly to ensure that Turtl is accessible 24/7 across the globe.

Turtl uses industry-standard logging and monitoring to secure the health of our services and we have redundancy in place across our infrastructure. The software is distributed across at least 3 data center availability zones and multiple failover instances are in place.

If something isn’t working as it should

If a situation arises that may impact your content or use of the tool in any way, you’ll be made aware of it by your Customer Success Manager, who will keep you continuously updated until the situation is resolved.

You can also check our status page: status.turtl.co

How we keep your data safe

We securely back up your data on a recurring basis and keep all backed up data encrypted and stored with the same standards of security as live data.

Turtl encrypts data in transit – all sessions are protected with TLS v1.0+. Certificates are issued by GlobalSign and use SHA256 with 2,048-bit keys.

We use high-grade firewalls at various stages to help keep your data safe and protect from DDoS attacks.

You can use SSL (TLS) on your custom Turtl domain. Your Customer Success Manager can guide you through the setup.

Keeping Turtl secure

We take measures to ensure security is incorporated into every stage of our software development lifecycle.

All Turtl code is high quality from conception to deploy and is reviewed by a senior developer with specific reference to OWASP security principles.

We also conduct Dynamic Applications Security Testing (DAST) and Static Application Security Testing (SAST) are also conducted on a regular basis and before each major new revision.

Turtl is IS27001 certified with an external audit conducted annually.

Physical security protections

Turtl is hosted using Amazon Web Services, one of the world-leading cloud providers. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. AWS services are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network and HVAC services.

Audits, vulnerability assessment, and penetration testing

We test for potential vulnerabilities continuously in all layers of the technology stack and use best-practice scanning tools to protect infrastructure components.  Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run on a regular basis.

Our code is regularly reviewed by members of our Ops Team for potential security weaknesses. We also use a Network Intrusion Detection System which constantly monitors activity to check for and flag anomalous behavior.

We bring in industry-respected 3rd party penetration testing firms twice a year to test Turtl. We also have rigorous internal and external audit processes to ensure that processes are implemented and working as intended.

When vulnerabilities are identified, our patch management process pushes security updates fast and consistently. Where possible, we replace un-patched components with fresh, new pre-patched ones which results in a high degree of confidence that everything is always running on the latest, most secure products available.

Incident response

Turtl has an incident response program that is responsive and repeatable. It is based on standard incident response processes and our staff is well trained. Fire drills are conducted regularly to test the program for effectiveness.

In the eventuality of an incident, we communicate it to customers promptly and accurately, keeping you informed until the situation is resolved.

Have a question?

Contact us

 

Learn more about the tool

Designed for
the reading brain

Turtl offers the only long-form digital format rooted in principles of psychology, designed to keep reader attention

About the format

Goodbye production
bottlenecks

Turtl’s drag & drop editor gives everyone the freedom to create, no professional design or coding abilities needed

Explore the editor

Data and insights
you can act on

Turtl gives you the customer and performance insight you need to make a bigger impact on your audience and business

More on analytics