Responsible Disclosure Policy

Turno is deeply committed to the security of our services and our users’ information. If you are a security researcher and have discovered a security vulnerability in one of our services, we appreciate your help in disclosing it to us in a responsible manner.

Turno will engage with security researchers who report vulnerabilities to us in accordance with this Responsible Disclosure Policy.

Scope

This policy applies to security vulnerabilities found in Turno-owned digital properties, including our website, applications, and APIs. It does not apply to third-party services that we do not control.

Prohibited Actions

To maintain the integrity of our services and protect user data, the following actions are strictly prohibited:

  • Accessing, modifying, or extracting data from accounts that do not belong to you.
  • Performing denial-of-service (DoS/DDoS) attacks or testing in a manner that degrades service performance.
  • Posting, transmitting, or storing malware, exploits, or harmful scripts on Turno’s services.
  • Automated scanning or brute-force attacks without prior approval.
  • Engaging in social engineering, phishing, or physical security attacks against Turno employees, customers, or partners.
  • Any testing that violates applicable laws, our Terms of Service, or privacy regulations.

Reporting

If you discover a security vulnerability, please report it privately and responsibly by emailing [email protected]. To help us investigate effectively, include:

  • Your name and contact details.
  • A detailed description of the vulnerability, including steps to reproduce it.
  • (If applicable) Proof-of-concept code or screenshots.

Our Commitment

If you report a verified vulnerability in good faith and in compliance with this policy, we commit to:

  • Acknowledging receipt of your report within 5 business days.
  • Keeping you informed about our investigation progress.
  • Notifying you once the issue has been resolved.

Safe Harbor

Turno will not pursue legal action against security researchers who act in good faith, within the scope of this policy. If a third party initiates legal action related to your security research under this policy, we will make it known that your actions were conducted in compliance with responsible disclosure guidelines.

Thank you for helping keep Turno and our users safe!

Still have questions about our Platform?

Contact Customer Support