Legal

Privacy Policy

This Privacy Policy explains how TurtleScan collects, uses, stores, and protects personal data when you visit our website, contact us, or use our cloud security reporting services.

Last updatedJune 4, 2026

1. Overview

TurtleScan provides cloud security reporting, posture review, compliance mapping, and related cybersecurity services. We process personal data only for legitimate business, security, support, legal, and service delivery purposes.

If a separate written agreement, data processing agreement, or statement of work applies to your organization, that agreement controls where it conflicts with this Privacy Policy.

2. Personal Data We Collect

We collect data directly from you, from your organization, from your use of our website, and from systems you authorize us to review.

  • Contact details, including name, business email, phone number, company name, role, and inquiry message.
  • Commercial and service details, including selected plans, scan preferences, cloud provider information, onboarding notes, and support history.
  • Website and technical data, including IP address, device and browser metadata, pages visited, referring URL, timestamps, and security logs.
  • Authorized cloud environment metadata, including configuration data, asset identifiers, security posture information, access policies, exposed services, vulnerabilities, and compliance signals.
  • Communications, including email, chat, form submissions, meeting notes, and feedback you provide to us.

3. How We Use Personal Data

  • To respond to inquiries, provide proposals, onboard customers, and manage service delivery.
  • To operate cloud security scans, generate reports, prioritize risk findings, and support remediation discussions.
  • To maintain website functionality, analytics, fraud prevention, abuse detection, and security monitoring.
  • To send transactional messages, service updates, confirmations, and support communications.
  • To send marketing communications only where permitted and where you have not opted out.
  • To comply with legal, contractual, audit, accounting, tax, security, and regulatory obligations.

4. Customer Cloud Environments

For cloud security services, TurtleScan normally requests read-only access or limited access scopes required to perform agreed assessments. We do not intentionally modify, delete, or move customer cloud resources as part of standard reporting services.

Depending on the engagement, TurtleScan may act as a service provider, processor, or independent controller for specific data processing activities. The applicable role should be documented in your agreement with us.

5. Cookies, Analytics, And Logs

Our website may use cookies, local storage, analytics, and log files to keep the site reliable, understand usage, improve performance, and protect against abuse. You can control many cookie settings through your browser, but some features may not work correctly if cookies are disabled.

6. Sharing And Subprocessors

We do not sell personal data. We may share data with service providers, subprocessors, professional advisers, auditors, payment or communication vendors, hosting providers, and government authorities when legally required.

Where we use vendors to process data for us, we require appropriate confidentiality, security, and processing commitments based on the nature of the service.

7. Data Retention

We retain personal data for as long as needed to provide services, respond to inquiries, maintain security and audit records, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on data type, customer agreement, legal requirement, and operational need.

8. Security

We use administrative, technical, and organizational controls intended to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. No system is perfectly secure, but we work to keep protections proportionate to the sensitivity of the data and the risk involved.

9. International Transfers

TurtleScan may process data in Indonesia and other locations where we, our customers, or our providers operate. When required, we use contractual or operational safeguards intended to support lawful cross-border processing.

10. Your Choices And Rights

Depending on your location and relationship with TurtleScan, you may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or information about how your personal data is processed.

To make a privacy request, email dr.turtle@turtlescan.id. We may need to verify your identity and your authority to act for your organization before completing a request.

11. Children

TurtleScan services are designed for businesses and are not directed to children. We do not knowingly collect personal data from children through this website.

12. Changes To This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new last updated date. Material changes may be communicated through additional notice where appropriate.

13. Contact

For privacy questions, data requests, or concerns about this Privacy Policy, contact TurtleScan at dr.turtle@turtlescan.id.

Dr. Turtle
TurtleScan Assistant

Meet Dr. Turtle, AI Assistant

I'm here to help you understand cloud security, answer questions about our service packages, Indonesian regulatory compliance, and help you choose the best solution for your business needs. What are you looking for today?