Security Measures
Last Modified: December 22, 2024
Last updated
Last Modified: December 22, 2024
Last updated
At Turnie™, we implement robust security measures to protect your personal information and travel data. This article outlines the key security practices and technologies we use to keep your data safe.
Hosted on Google Cloud Platform (GCP)
Enterprise-grade infrastructure security
Security monitoring and logging ()
Firebase Performance Monitoring ()
All data is stored securely on Google Cloud Platform
Firebase services encrypt data in transit using HTTPS ()
Data at rest is automatically encrypted using Google's default encryption ()
We use industry-standard SSL/TLS encryption for data transfer
Secure API endpoints with built-in Firebase security protocols
Secure sign-in options:
Google Sign-in
Apple Sign-in
Password security requirements
ID tokens expire after 1 hour
Refresh tokens are used to automatically obtain new ID tokens
Firebase SDK handles token refresh automatically in the background
Role-based access control
Secure collaboration features
Limited employee access to user data
All payments handled through:
Google Play Store
Apple App Store
RevenueCat (subscription management)
No direct storage of payment information within the Turnie application
Payment processing handled entirely by official app store platforms
Data Storage & Transmission
Personal Information
Minimal data collection as outlined in our Privacy Policy:
Account information (name, email)
Trip planning data
User-generated content
Location data (when using map features)
Location Services
Integration with Google Maps Platform
Location services are required for core application functionality
User-Controlled Data Management
Users can directly manage their data through the mobile app:
Delete trips
Remove saved locations
Edit collections
Update personal information
Manage sharing settings
Account Deletion
Account deletion will remove all associated user data
Deleted account data is retained for 31 days before permanent deletion
After 31 days, all personal data is permanently removed from our systems
Important Notes about Data Management
We cannot selectively delete data on behalf of users
Users should use the app's built-in features to manage their content
Individual data deletion requests outside of complete account removal cannot be accommodated
No recovery of user-deleted data is possible once deleted through the app
Users can access their data through the app
Deleted accounts' data retained for 31 days before permanent deletion
No recovery of user-deleted data (as previously documented)
Third-Party Services
Google Maps: Location services
RevenueCat: Subscription management
App Stores: Payment processing
Each service maintains its own security protocols and privacy policies
Security Implementation
Authentication services
Secure data transmission via HTTPS
Platform Security
Google Cloud Platform infrastructure security
Platform Security Monitoring
Firebase services are monitored as part of Google Cloud Platform
Users can monitor their project's service health through Google Cloud Console
Incident Process
Identification and reporting
Coordination and triage
Response team engagement
Investigation and resolution
Account Security
Create and maintain a strong, unique password for your Turnie account
Never share your account credentials with others
Sign out when using shared devices
Keep your email address up-to-date for account recovery purposes
Data Management
Be cautious when sharing trip details and collections with others
Review and manage sharing permissions regularly
Delete sensitive information you no longer need
Use the app's built-in features to manage your content
Remember that deleted data cannot be recovered
Device Security
Keep your mobile device's operating system updated
Enable device-level security features (passcode, fingerprint, face recognition)
Install updates for the Turnie app when available
Avoid using Turnie on jailbroken or rooted devices
Use secure and trusted internet connections
Privacy Practices
Review permissions requested by the app
Understand what data you're sharing when using location features
Be mindful of the personal information you include in trip details
Consider privacy implications when sharing trips with others
Read and understand our Privacy Policy
Important Reminders
Turnie will never ask for your password via email
All official communications come from @thejustinhq.com
We cannot recover data that you deliberately delete
Account deletion requests are permanent after 31 days
Contact support immediately if you suspect unauthorized access
Session management via Firebase ID tokens ()
Logical data isolation through Firebase's security architecture ()
Data stored on Google Cloud Platform infrastructure ()
Data in transit encrypted using HTTPS ()
Data at rest encrypted using Google Cloud Platform's encryption ()
Complete account deletion can be requested by contacting
Firebase Security Rules for data access control ()
Data at rest encrypted using Google Cloud Platform's encryption ()
Logical data isolation ()
Security monitoring and logging ()
Service status can be checked via Google Cloud Status Dashboard ()
According to Google Cloud's documented process ():
Report any suspicious account activity to