Your content is as important to us as it is to you. Our lovely engineers work tirelessly to ensure that Turtl is accessible 24/7 across the globe.
Turtl uses industry-standard logging and monitoring to secure the health of our services and we have redundancy in place across our infrastructure. The software is distributed across at least 3 data center availability zones and multiple failover instances are in place.
If a situation arises that may impact your content or use of the tool in any way, you’ll be made aware of it by your Customer Success Manager, who will keep you continuously updated until the situation is resolved.
You can also check our status page: status.turtl.co
We securely back up your data on a recurring basis and keep all backed up data encrypted and stored with the same standards of security as live data.
Turtl encrypts data in transit – all sessions are protected with TLS v1.0+. Certificates are issued by GlobalSign and use SHA256 with 2,048-bit keys.
We use high-grade firewalls at various stages to help keep your data safe and protect from DDoS attacks.
You can use SSL (TLS) on your custom Turtl domain. Your Customer Success Manager can guide you through the setup.
We take measures to ensure security is incorporated into every stage of our software development lifecycle.
All Turtl code is high quality from conception to deploy and is reviewed by a senior developer with specific reference to OWASP security principles.
We also conduct Dynamic Applications Security Testing (DAST) and Static Application Security Testing (SAST) are also conducted on a regular basis and before each major new revision.
Turtl is IS27001 certified with an external audit conducted annually.
Turtl is hosted using Amazon Web Services, one of the world-leading cloud providers. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. AWS services are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network and HVAC services.
We test for potential vulnerabilities continuously in all layers of the technology stack and use best-practice scanning tools to protect infrastructure components. Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run on a regular basis.
Our code is regularly reviewed by members of our Ops Team for potential security weaknesses. We also use a Network Intrusion Detection System which constantly monitors activity to check for and flag anomalous behavior.
We bring in industry-respected 3rd party penetration testing firms twice a year to test Turtl. We also have rigorous internal and external audit processes to ensure that processes are implemented and working as intended.
When vulnerabilities are identified, our patch management process pushes security updates fast and consistently. Where possible, we replace un-patched components with fresh, new pre-patched ones which results in a high degree of confidence that everything is always running on the latest, most secure products available.
Turtl has an incident response program that is responsive and repeatable. It is based on standard incident response processes and our staff is well trained. Fire drills are conducted regularly to test the program for effectiveness.
In the eventuality of an incident, we communicate it to customers promptly and accurately, keeping you informed until the situation is resolved.
Turtl offers the only long-form digital format rooted in principles of psychology, designed to keep reader attention
Turtl’s drag & drop editor gives everyone the freedom to create, no professional design or coding abilities needed
Turtl gives you the customer and performance insight you need to make a bigger impact on your audience and business
