TurboISO
Privacy Policy
Back to homeGo to sign in

Privacy Policy

Effective date: February 8, 2026

This Privacy Policy explains how TurboISO (the “Service”) collects, uses, and shares information when you use our ISO certification dashboard and related services.

This is a template provided for convenience and is not legal advice. Please review with qualified counsel and tailor it to your business, jurisdiction, and actual practices.

1. Information We Collect

  • Account information: email address and login identifiers. If you sign in with Google, we receive basic profile information (typically your name, email address, and profile image) and a Google account identifier used to link your sign-in.
  • Profile and application data: company details, contact details, addresses, ISO standard selections, application status, notes, and related metadata you enter into the Service.
  • Documents: files you upload (e.g., supporting documentation) and associated metadata such as filename, size, and type.
  • Payment information: payments are processed by Stripe. We receive transaction-related identifiers (e.g., Stripe price IDs / payment intent IDs) but do not store your full card details.
  • Usage and device data: basic logs and diagnostic information generated when you use the Service (e.g., errors, timestamps, and IP address as part of standard web request logs).
  • Cookies / local storage: authentication-related cookies may be set during OAuth flows, and the client may use browser storage to keep you signed in.

2. How We Use Information

  • Provide, operate, and maintain the Service.
  • Create and manage accounts and authentication.
  • Process payments and prevent fraud.
  • Enable certification workflow features (applications, documents, notes, notifications).
  • Provide support, troubleshoot issues, and improve reliability and security.
  • Comply with legal obligations and enforce our Terms.

3. How We Share Information

We may share information with:

  • Service providers that help us run the Service, such as hosting/database providers (e.g., Convex), authentication providers (e.g., Google for OAuth), email delivery providers (e.g., Resend for verification codes), and payment processors (Stripe).
  • Other users you collaborate with (for example, administrators or certification body users) based on your role and actions within the Service.
  • Legal and compliance if required by law, to respond to lawful requests, or to protect rights, safety, and security.

We do not sell your personal information.

4. Data Retention

We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account subject to applicable law and operational requirements.

5. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information. However, no method of transmission or storage is 100% secure.

6. International Transfers

Your information may be processed in countries other than where you live, including where our service providers operate. These countries may have different data protection laws.

7. Your Choices

  • You can update certain profile information within the Service.
  • You can sign out at any time.
  • You may request access, correction, or deletion as required by applicable law.

8. Children’s Privacy

The Service is not intended for children under 13 (or the minimum age required in your jurisdiction). If you believe a child has provided personal information, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the effective date and, where appropriate, provide additional notice.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: [email protected]