Effective date: March 1, 2026
Last updated: March 1, 2026
TurtleTech ehf. (“TurtleTech”, “we”, “us”) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard personal data in connection with our services.
TurtleTech ehf. is registered in Iceland (Kennitala 6002251460) and operates under the Icelandic Data Protection Act (personuverndarlog nr. 90/2018) and the EU General Data Protection Regulation (GDPR).
1. Data we collect#
1.1 Account information#
When you purchase a service, we collect:
- Name and email address
- Organization name (if applicable)
- Billing address
- Payment information (processed by Revolut Business; we do not store card details)
1.2 Service data#
Data you store in hosted applications (tasks, files, emails, references) is your data. We access it only for:
- Providing the service (backups, migrations)
- Debugging, with your explicit consent
- Legal obligations (court orders under Icelandic law)
1.3 Website analytics#
Our website uses Plausible Analytics, self-hosted at analytics.turtletech.us. Plausible is privacy-focused and does not use cookies, does not collect personal data, and does not track individual visitors. All analytics data is aggregated and anonymous.
1.4 Communication#
When you contact us via email, we retain correspondence for service delivery and support purposes.
2. How we use your data#
We use personal data exclusively for:
- Providing and maintaining your services
- Sending invoices and processing payments
- Communicating about service status, maintenance, and security
- Responding to support requests
- Complying with legal obligations
We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not profile users or make automated decisions based on personal data.
3. Where your data is stored#
| Data type | Location | Provider |
|---|---|---|
| Shared hosting data | Nuremberg, Germany | NetCup GmbH |
| Zotero WebDAV storage | EU (Amsterdam) | Backblaze B2 (via TurtleTech proxy) |
| Dedicated hosting data | Chosen by client | Various (NetCup, Hetzner, etc.) |
| Payment processing | EU | Revolut Business (Lithuania) |
| Email communication | EU | TurtleTech mail servers |
| Website analytics | Nuremberg, Germany | Self-hosted (Plausible) |
All data remains within the EU/EEA. We do not transfer data to countries outside the EEA unless required by the client for dedicated hosting.
4. Data retention#
| Data type | Retention period |
|---|---|
| Account information | Duration of service + 12 months |
| Service data (shared) | Duration of service + 30 days after termination |
| Service data (dedicated) | Controlled by client |
| Invoices and billing | 7 years (Icelandic accounting law) |
| Support correspondence | 24 months |
| Website analytics | 24 months (aggregated, no personal data) |
5. Your rights#
Under the GDPR and Icelandic data protection law, you have the right to:
- Access: Request a copy of personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data (subject to legal retention requirements).
- Portability: Receive your data in a structured, machine-readable format.
- Restriction: Request that we limit processing of your data.
- Objection: Object to processing based on legitimate interests.
To exercise these rights, contact info@turtletech.us. We will respond within 30 days.
You also have the right to lodge a complaint with the Icelandic Data Protection Authority (Personuvernd, simi: 510 9600).
6. Cookies#
Our website does not use cookies. Plausible Analytics operates without cookies or local storage. No consent banner is needed.
7. Third-party processors#
| Processor | Purpose | Location |
|---|---|---|
| NetCup GmbH | Server hosting | Germany |
| Backblaze Inc | Zotero WebDAV file storage | EU (Amsterdam) |
| Revolut Business | Payment processing | Lithuania (EU) |
| Netlify | Website hosting (static files only) | EU CDN |
We have data processing agreements in place with all processors where required.
8. Security#
We implement appropriate technical and organizational measures to protect personal data, including:
- Encrypted connections (TLS) for all services
- Podman container isolation on shared infrastructure
- Automated security updates
- Access controls and secret management
- Regular backup procedures
9. Changes to this policy#
We may update this policy. Changes take effect 30 days after posting. Significant changes will be communicated via email.
10. Contact#
Data Protection Contact:
Rohit Goswami
TurtleTech ehf.
Fornhaga 24, 107 Reykjavik, Iceland
Email: info@turtletech.us
Phone: +354 788 8264