Security and Compliance

Security, compliance, privacy, and transparency are deeply held values at TARTLE. Here is more information about our security controls, independent audits, and adherence to global compliance standards.

SOC2

SOC2

SOC2 Type 1 is a comprehensive audit that ensures TARTLE has implemented controls to protect customer data and ensure the integrity of our systems.

GDPR

GDPR

GDPR is a global standard for data protection that ensures TARTLE has implemented controls to protect customer data and ensure the integrity of our systems.

CCPA

CCPA

CCPA is a global standard for data protection that ensures TARTLE has implemented controls to protect customer data and ensure the integrity of our systems.

Data Processing
TARTLE is a Data Processor
TARTLE's core marketplace function is most accurately classified as a data processor for the following reasons:
  • The primary purpose of processing Seller Data (selling it to Buyers) is determined by Sellers and Buyers, not TARTLE. Sellers decide what data to provide and whether to sell, while Buyers define what they want and how they'll use it (Section 1.2 ToS).
  • TARTLE's role is to execute these user-driven transactions, processing data on behalf of Sellers and Buyers per their choices (e.g., Manual/Automatic Submission, bid acceptance). It doesn't independently decide the "why" of the data's end use (Section 7.2 ToS).
  • While TARTLE controls the technical means (platform operations), this alone doesn't make it a controller if the purpose is set by others, per GDPR guidance.
Legal documentation