Security & Compliance
Turnqey is built for read-only cryptoasset visibility, reporting, and partner integrations.
Turnqey does not trade, withdraw, transfer assets, custody funds, access private keys, collect seed phrases, or move client money.
Read-only access
Turnqey uses read-only connections wherever account access is required.
Turnqey can help partners and advisers view:
- Accounts
- Holdings
- Balances
- Transactions
- Cost basis data
- Wallet activity
- Reporting data
Turnqey cannot control client assets.
Data protection
Turnqey protects partner and client data through:
- Scoped API credentials
- Token-based authentication
- Account-level authorization
- Secure server-side handling
- Audit-aware access patterns
- Environment separation between sandbox and production
Partners should not expose API keys, client secrets, or access tokens in frontend code.
Wallet security
For wallet-based data, Turnqey uses public wallet addresses where supported.
Turnqey does not request:
- Private keys
- Seed phrases
- Wallet passwords
- Signing permissions
- Transfer approvals
MetaMask and similar wallets are treated as public wallet address sources.
Partner responsibilities
Partners are responsible for:
- Storing credentials securely
- Limiting API access to approved backend services
- Showing users clear connection and reconnect flows
- Displaying last-updated timestamps where relevant
- Handling errors without exposing secrets
- Following their own legal, compliance, and supervisory requirements
Production review
Before production access, Turnqey may review:
- Use case
- Data display
- Redirect and callback URLs
- Error handling
- Reconnect UX
- Support escalation path
- Security contact
- Production credential handling
Support
For integration support, contact: