Skip to main content
The Employee Experience Platform | Culture Amp

Data privacy and information security

Data privacy and information security at Culture Amp

To earn and maintain the trust of the world’s most innovative and culture-focused companies, Culture Amp takes all reasonable precautions to protect the confidentiality, integrity, and availability of all systems and data entrusted to us by our customers and their employees.

Security at Culture Amp

Independent testing

In addition to undertaking frequent scans of our products, we work with industry-leading security firms to perform a regular cadence of penetration tests covering our networks, infrastructure, and applications.

User authentication

We provide standard access to the Culture Amp platform through a login and password. In addition, we offer the option of integrating with SSO, utilizing either SAML 2.0 or OAuth.

Platform user management

All Culture Amp customers have the flexibility to assign roles within the platform. An administrator role allows you to manage users within your organization as well as access to reports.

Data encryption

We encrypt all data that goes between you and Culture Amp using industry-standard TLS 1.2. Your data is also encrypted at rest when it is stored on our servers using full disk encryption AES 256, and also encrypted when we transfer it between data centers for backup.

Network protection

Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion detection systems, and network segregation. Culture Amps security services are configured, monitored, and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.

Incident management

Culture Amps Security team continuously monitors security systems, event logs, notifications, and alerts from all systems to identify and manage threats. If an incident occurs, technical personnel are available on call 24/7 to provide global incident coverage. All customers affected by a breach will be notified within 48 hours of discovery.

Compliance certifications, standards, and regulations

ISO/IEC 27001:2013

Culture Amp is certified as compliant with ISO/IEC 27001:2013 which is globally recognized as the premier information security management system (ISMS) standard.

General Data Protection Regulation (GDPR)

Culture Amp is GDPR compliant, handling all personal data in compliance with the latest EU laws.

California Consumer Privacy Act (CCPA)

Culture Amp is compliant with the California Consumer Privacy Act (CCPA).

Brazilian General Data Protection Law (LGPD)

Culture Amp is compliant with the Brazilian General Data Protection Law (LGPD).

Frequently asked questions

Where is data stored?

All production systems are hosted in Amazon's AWS cloud platform. Data is stored in AWS US (Oregon) and backed up in AWS US (Virginia). For customers located in Europe, data is stored in AWS EU (Ireland) and backed up in AWS EU (Frankfurt).

What private information do you require to provide your service?

Culture Amp requests a full name and email address for basic functionality.

Customers often choose to include demographics within the platform such as job title, department, gender, and tenure.

Do you use third parties to deliver your product?

Yes, please see our list of sub-processors here.

We are committed to ensuring the security of our information, systems, and services

If you believe you have found a vulnerability, please share your findings with our security team:

For the protection of our customers, we ask that you do not publicly disclose, discuss or confirm the details of any suspected security issues.

Build a world-class employee experience today

Your browser is out of date. Our website is built to provide a faster, more engaging experience. Your browser may not support all of our features. Please update to the latest version of Microsoft Edge or contact your network administrator.

Close browser update banner