Compliance infrastructure
for RIAs.

Email surveillance, archive, and SEC-compliant recordkeeping in one place. Built specifically for small RIA firms.

Book a demo Try the live demo

BUILT FOR SEC 17a-4 · 204-2 · 206(4)-1 · 206(4)-7

Attestation Example

SHA-256

All records intact

94,658

verified

04:21 ✓ 7b4f9a82ee1d…c01a9e

04:21 ✓ a92d6c43bb09…fe33b1

04:21 ✓ f018b71e5a32…8d2c47

04:21 ✓ 2c5ea1f49d77…91ba30

04:21 ✓ 8b1d3f02ce64…4ec7f9

verifier.run — 4d ago /operator

Why this exists

Most RIA firms patch together compliance with spreadsheets, PDFs, and IT consultants. It works until the SEC asks for records.

Enterprise compliance tools are built for broker-dealers with hundreds of employees. Their pricing reflects that.

Small firms need the same compliance posture for a fraction of the cost. That's what Turret is.

The components

Built like infrastructure, not a settings page.

Every surface below is the real product. Click, type, scrub — these aren't screenshots, they're the same components Compliance Officers use every day.

Scanning live

Alerts

AI-triaged outbound mail. Filter, escalate, resolve.

16,656 messages scanned this month · 39 alerts · 7 high-confidence pending /alerts

AI Triage

Click a pattern below to see how Turret scores it — Claude Haiku.

Confidence 0%

Archive search

Full-text across 7-year retention. Postgres tsvector under the hood.

16,800

Indexed: subject + body + attachment text /archive

Archive integrity

SHA-256 attestation across every archived message.

SEC Rule 204-2

All 16,800 records intact

Last verified 3 days ago · 0 mismatches

Latest activity

Audit log

Every alert action recorded as an immutable activity row. Per-alert audit timeline at /alerts/:id. Cryptographic integrity attestation across the full archive.

APPEND-ONLY

System AI-triaged 92% 2m

j.chen@northpoint.example Reviewed REVIEWED 14m

s.ali@beacon.example Escalated ESCALATED 31m

j.chen@northpoint.example Reverted to NEW 58m

System Created NEW 2h

System Verified HASH OK 1d

Every row hashable to a SHA-256 attestation · examiner-ready under SEC Rule 17a-4 AlertActivity · ArchivedMessageActivity

From signup to first review

How it works.

Three steps from authorizing your Workspace to your reviewer seeing their first flagged email. About thirty minutes, end to end.

01 Connect

Connect your Workspace.

Authorize Turret to read outbound mail. About thirty minutes with a guided setup wizard — no IT lift required.

setup status complete

Workspace authorized · read-only

02 Scan

Patterns and AI find what matters.

We scan outbound mail continuously and flag potential issues. AI triage rates each alert so reviewers see signal, not noise.

flagged HIGH · 92%

HIGH Performance guarantee language

03 Review

Review, mark, and resolve.

Your compliance team reviews each alert, marks the disposition, and escalates when needed. Every action is logged for audit defensibility.

activity logged

Marked REVIEWED · 14m ago

Less noise. More signal.

Most surveillance products dump noise on your compliance officer. Turret hands them a prioritized list with explanations. Here's how it works.

AI Triage Assessment

92%

Email explicitly promises "absolutely guarantee double-digit returns" and claims "zero risk" — direct violations of SEC Marketing Rule 206(4)-1 prohibiting performance guarantees and misleading risk statements. This is not routine business language or a legal footer.

claude-haiku-4-5-20251001

2026-04-29 22:09:54 UTC

HIGH Performance guarantees / forbidden marketing language NEW

Q4 strategy update — what to expect

Message Details

From: david@acme-capital.example.com
To: mrodriguez@example.com
Sent: 2026-04-29 14:09:44 UTC
Match in: BODY

Matched Snippet

will absolutely guarantee double-digit returns this year. There's zero risk

AI Triage Assessment

DHL tracking numbers are 10–11 digits; this appears to be a formatted tracking number coincidentally matching the credit card regex. No PCI/PII violation indicated.

claude-haiku-4-5-20251001

2025-08-22 01:00:31 UTC

HIGH Credit card pattern NEW

DHL shipment confirmation — documents

Message Details

From: david@acme-capital.example.com
To: lwilson@example.com
Sent: 2025-08-22 01:00:26 UTC
Match in: BODY

Matched Snippet

Tracking number: 9012 3847 2910 4821

Two real outputs from Turret's AI triage. Confidence scores reflect genuine model output — we don't manufacture them for marketing.

The substrate

What Turret is
built from.

Three capabilities the surveillance + archive + audit-log components above sit on top of — the pieces an examiner cares about when they ask "who can see this, and how is access controlled?"

01 Patterns

Compliance rules, encoded.

Marketing rule violations. MNPI references. PII exposure. Off-channel signals. Pre-configured, extensible.

defaults 11 · custom OK

HIGHPerformance guarantees

HIGHMNPI / Insider information

MEDOff-channel communication

02 Roles

Scoped access for outside reviewers.

Invite your compliance consultant or fractional CCO. They review alerts and archive without ever touching your Workspace.

role 3 levels

ADMINmanage all

USERreview

VIEWERread-only

03 Connection

Read-only, by design.

Google Workspace via Domain-Wide Delegation. We can read, we cannot send or modify. Revoke from your admin console at any time.

access scope read-only

✓ Read outbound mail

✕ Send, modify, or delete

✓ Revoke anytime — your admin

How your data is protected

— Read-only access to outbound mail. Turret cannot send, modify, or delete messages.
— Encrypted at rest using AES-256-GCM.
— Tenant isolation — your data never mixes with another firm's.
— You can revoke access instantly from your Workspace admin console.
— Access logged immutably. Our staff sees operational metadata, not your email content.
— SOC 2 Type 1 in progress.

Full security details →

Pricing.

Three tiers, all with 7-year SEC-compliant archive and full audit log. Monthly billing, cancel anytime.

Starter

$99 / month

Up to 5 users.

✓Subject + body scanning
✓7-year archive (SEC 204-2)
✓11 pre-configured patterns
✓Full audit log

Book a demo

Recommended

Professional

$249 / month

Up to 10 users.

✓Everything in Starter
✓Attachment scanning (PDF, DOCX)
✓Weekly compliance digest
✓Priority support

Book a demo

Enterprise

Custom

Unlimited users.

✓Everything in Professional
✓Unlimited users
✓Custom compliance patterns
✓Dedicated support

Get a quote

Frequently asked questions

Do I need to install anything?

No. Turret connects via Google Workspace's standard admin controls. No agents, no browser extensions, no employee downloads.

What about Microsoft 365?

Currently Google Workspace only. Microsoft 365 support is on the roadmap.

How long does setup take?

About 30 minutes for the initial Workspace authorization. Your historical scan completes in 1–3 hours depending on mail volume. We're with you on a screen-share for the first onboarding.

Is this enough for an SEC exam?

Turret captures, indexes, and preserves email per SEC Rule 204-2(a)(7). Export tools let you respond to information requests quickly. We're not a substitute for a compliance officer or attorney — we're the infrastructure that makes their job easier.

Ready to see Turret?

30-minute demo. No commitment.

Book a demo with a real human Try the live demo → on your own

Compliance infrastructure for RIAs.

Built like infrastructure, not a settings page.

Alerts

AI Triage

Archive search

Archive integrity

Audit log

How it works.

Connect your Workspace.

Patterns and AI find what matters.

Review, mark, and resolve.

Less noise. More signal.

Q4 strategy update — what to expect

Message Details

Matched Snippet

DHL shipment confirmation — documents

Message Details

Matched Snippet

What Turret is built from.

Compliance rules, encoded.

Scoped access for outside reviewers.

Read-only, by design.

How your data is protected

Pricing.

Frequently asked questions

Do I need to install anything?

What about Microsoft 365?

How long does setup take?

Is this enough for an SEC exam?

Ready to see Turret?

Compliance infrastructure
for RIAs.

What Turret is
built from.