Justin HQ Knowledge Base
  • Welcome
  • Turnie Home Page
  • Justin HQ Home Page
  • Turnie App
    • 🏠 Welcome to Turnie™
      • About Turnie™
      • What's New
    • 🚀 Getting Started
      • Creating Your Account
      • App Installation Guide
      • Quick Start Tutorial
      • Basic Navigation
      • Understanding Your Dashboard
    • 📱 Core Features
      • Trips
        • Creating a Trip
        • Managing Trip Details
        • Trip Timeline
      • Collections
        • Creating Collections
        • Managing Saved Locations
        • Unorganized Items
      • Map Features
        • Saving Locations
        • Using the Map Interface
        • Waypoint Management
    • ⭐ Premium Features
      • Notes
        • Creating and Managing Notes
        • Organizing Notes
      • Checklists
        • Creating Checklists
        • Template vs. Single-Use Checklists
      • Collaboration
        • Sharing Trips & Collections
        • Permission Levels
        • Collaboration Best Practices
    • 🔧 Account Management
      • Profile Settings
      • Subscription Management
      • Privacy Settings
      • Account Security
    • ❓ Troubleshooting
      • Common Issues
      • Error Messages
      • App Performance
      • Data Sync Issues
      • Contact Support
    • 📘 FAQs
      • General FAQs
      • Billing FAQs
      • Feature-specific FAQs
    • 🔐 Privacy & Security
      • Data Privacy
      • Security Measures
      • Privacy Policy
      • Terms of Service
Powered by GitBook
On this page
  • Overview
  • Infrastructure Security
  • Application Security
  • Payment Security
  • Data Protection
  • Data Management
  • Compliance & Standards
  • Incident Response
  • User Responsibilities & Recommendations
  1. Turnie App
  2. 🔐 Privacy & Security

Security Measures

Last Modified: December 22, 2024

Overview

At Turnie™, we implement robust security measures to protect your personal information and travel data. This article outlines the key security practices and technologies we use to keep your data safe.

Infrastructure Security

Cloud Services

  • Hosted on Google Cloud Platform (GCP)

  • Enterprise-grade infrastructure security

  • Security monitoring and logging (Source: Firebase Security Documentation)

  • Firebase Performance Monitoring (Source: Firebase Documentation)

Data Storage

  • All data is stored securely on Google Cloud Platform

  • Firebase services encrypt data in transit using HTTPS (Source: Firebase Privacy & Security Documentation)

  • Data at rest is automatically encrypted using Google's default encryption (Source: Cloud Firestore Documentation)

  • We use industry-standard SSL/TLS encryption for data transfer

  • Secure API endpoints with built-in Firebase security protocols

Application Security

User Authentication

  • Secure sign-in options:

    • Google Sign-in

    • Apple Sign-in

  • Password security requirements

  • Session management via Firebase ID tokens (Source: Firebase Documentation)

    • ID tokens expire after 1 hour

    • Refresh tokens are used to automatically obtain new ID tokens

    • Firebase SDK handles token refresh automatically in the background

Data Access Controls

  • Role-based access control

  • Secure collaboration features

  • Limited employee access to user data

  • Logical data isolation through Firebase's security architecture (Source: Firebase Privacy & Security)

Payment Security

Payment Processing

  • All payments handled through:

    • Google Play Store

    • Apple App Store

    • RevenueCat (subscription management)

  • No direct storage of payment information within the Turnie application

  • Payment processing handled entirely by official app store platforms

Data Protection

Data Storage & Transmission

  • Data stored on Google Cloud Platform infrastructure (Source: Firebase Documentation)

  • Data in transit encrypted using HTTPS (Source: Firebase Privacy & Security Documentation)

  • Data at rest encrypted using Google Cloud Platform's encryption (Source: Cloud Firestore Documentation)

Personal Information

  • Minimal data collection as outlined in our Privacy Policy:

    • Account information (name, email)

    • Trip planning data

    • User-generated content

    • Location data (when using map features)

Location Services

  • Integration with Google Maps Platform

  • Location services are required for core application functionality

Data Management

User-Controlled Data Management

  • Users can directly manage their data through the mobile app:

    • Delete trips

    • Remove saved locations

    • Edit collections

    • Update personal information

    • Manage sharing settings

Account Deletion

  • Complete account deletion can be requested by contacting support@thejustinhq.com

  • Account deletion will remove all associated user data

  • Deleted account data is retained for 31 days before permanent deletion

  • After 31 days, all personal data is permanently removed from our systems

Important Notes about Data Management

  • We cannot selectively delete data on behalf of users

  • Users should use the app's built-in features to manage their content

  • Individual data deletion requests outside of complete account removal cannot be accommodated

  • No recovery of user-deleted data is possible once deleted through the app

  • Users can access their data through the app

  • Deleted accounts' data retained for 31 days before permanent deletion

  • No recovery of user-deleted data (as previously documented)

Third-Party Services

  • Google Maps: Location services

  • RevenueCat: Subscription management

  • App Stores: Payment processing

  • Each service maintains its own security protocols and privacy policies

Compliance & Standards

Security Implementation

  • Firebase Security Rules for data access control (Source: Firebase Documentation)

  • Authentication services

  • Secure data transmission via HTTPS

  • Data at rest encrypted using Google Cloud Platform's encryption (Source: Cloud Firestore Documentation)

Platform Security

  • Google Cloud Platform infrastructure security

  • Logical data isolation (Source: Firebase Privacy & Security)

  • Security monitoring and logging (Source: Firebase Security Documentation)

Incident Response

Platform Security Monitoring

  • Firebase services are monitored as part of Google Cloud Platform

  • Service status can be checked via Google Cloud Status Dashboard (Source: Google Cloud Status)

  • Users can monitor their project's service health through Google Cloud Console

Incident Process

According to Google Cloud's documented process (Source: Google Cloud Documentation):

  • Identification and reporting

  • Coordination and triage

  • Response team engagement

  • Investigation and resolution

User Responsibilities & Recommendations

Account Security

  • Create and maintain a strong, unique password for your Turnie account

  • Never share your account credentials with others

  • Sign out when using shared devices

  • Keep your email address up-to-date for account recovery purposes

  • Report any suspicious account activity to support@thejustinhq.com

Data Management

  • Be cautious when sharing trip details and collections with others

  • Review and manage sharing permissions regularly

  • Delete sensitive information you no longer need

  • Use the app's built-in features to manage your content

  • Remember that deleted data cannot be recovered

Device Security

  • Keep your mobile device's operating system updated

  • Enable device-level security features (passcode, fingerprint, face recognition)

  • Install updates for the Turnie app when available

  • Avoid using Turnie on jailbroken or rooted devices

  • Use secure and trusted internet connections

Privacy Practices

  • Review permissions requested by the app

  • Understand what data you're sharing when using location features

  • Be mindful of the personal information you include in trip details

  • Consider privacy implications when sharing trips with others

  • Read and understand our Privacy Policy

Important Reminders

  • Turnie will never ask for your password via email

  • All official communications come from @thejustinhq.com

  • We cannot recover data that you deliberately delete

  • Account deletion requests are permanent after 31 days

  • Contact support immediately if you suspect unauthorized access

PreviousData PrivacyNextPrivacy Policy

Last updated 5 months ago