Turbine WorkforceTurbine WorkforceTurbine WorkforceTurbine Workforce

Our Security Measures

Date last updated: October 24, 2025

User privacy and security is considered firstly in all our operational and engineering decisions, particularly when choosing commercial services to integrate with and provide highly specialized functionality to our product, like storing data and protecting user-provided meta data. Our infrastructure leverages best-in-class cloud-based services and providers - each the clear leader among their peers. Turbine has no physical servers or data centers. Physical security practices follow the guidance of the Turbine Employee Security Program.

Data Protection

Turbine uses GDPR and CCPA compliant data controllers. All Data sent between you and Turbine is encrypted HTTPS traffic using TLS v1.2. Sensitive data is encrypted at rest using AES256 encryption and stored in data centers certified for compliance with the ISO 27001 standard. Turbine encourages customers to use their own cloud-based storage solutions to store any file uploaded to Turbine. This is a server-side integration handled by Turbine engineers. Turbine uses automatically managed SSL/TLS certificates to ensure secure HTTPS connections without manual intervention.

Data Access

Access to user data is restricted. We require an organization owner give explicit permission to Turbine engineers or support staff not required to troubleshoot affected data or platform features. These actions are monitored.

Business Identifiers and Brand References

Turbine may reference participating organizations by name or logo to describe use of the Turbine platform, including in customer listings or marketing materials. These references are used for informational and descriptive purposes only and do not imply endorsement.

If you represent an organization and would like us to update or remove how your brand is referenced, you may submit a request by contacting [email protected]. Requests are processed within a reasonable timeframe.

User Authentication & Permissions

Turbine uses industry-leading authentication services with JWT tokens generated using server-side keys and HMAC SHA256 encryption to enable secure Single sign-on (SSO). Client facing apps include auth.turbinelms.com (Turbine Auth), app.turbinelms.com (Turbine LMS), admin.turbine.is (Turbine Admin), app.tellvela.com (VELA), and page.turbine.is (Turbine Pages). Specific user permissions are required to access each application. Turbine Auth, Turbine LMS, VELA and Turbine Pages are accessible by all users. Turbine Admin is accessible by organization (customer) owners, admins and users permissioned by owners and admins.

Turbine Employee Security Program

We require physical security of our machines, devices and passwords through use of 256-bit AES encrypted password management, two-factor authentication (2FA) authentication and regular security reviews of people and technology.