All customer data is hosted in Google Cloud, in the region you select. Customer data inserted into one region never leaves Google Cloud in that region, except when requested by the customer via the turbopuffer API. Data is always encrypted in transit with TLS1.2+, and is always encrypted at rest with AES-256 in Google Cloud Storage.
turbopuffer maintains System and Organization Controls (SOC) 2 Type 2 compliance, and has been certified on design and operational effectiveness of security and availability controls.
Contact us at info@turbopuffer.com for more details or access to the report.
turbopuffer is HIPAA compliant. Customers who wish to store protected health information (PHI) in turbopuffer may obtain a business associate agreement (BAA) with turbopuffer at request.
Contact us at info@turbopuffer.com if you require a BAA.
See our Vulnerability Disclosure policy.