It's important to you.
It's important to us.

We can only achieve our mission if we have the trust of our customers and their employees. Delivering on that trust requires us to maintain a world class security culture that handles the data entrusted to us thoughtfully and carefully.

Didier Elzinga, CEO of Culture Amp

Security

In addition to our comprehensive security program, our dedicated team continuously strives to improve our systems and processes.

We use trusted industry security standards to ensure that we maintain a high level of security for the data we hold, including:

  • Encrypting communications with TLS using strong cipher suites and resting data using AES256.
  • Hashing passwords with the 'bcrypt' algorithm.
  • Regular penetration tests and code reviews by expert security consultants.
  • Conducting ongoing internal vulnerability scanning and automated testing.
  • Supporting SAML compliant federated identity providers and Google OAuth as alternative authentication methods.

Hosted with Amazon Web Services

Culture Amp infrastructure is hosted using Amazon Web Services (AWS), a world class hosting solution maximizing security and reliability. AWS holds several compliance certifications, including: ISO27001, ISO27017, ISO27018, SOC 1/2/3.

Protected by Signal Sciences

Culture Amp is protected using Signal Sciences, a next-generation web application firewall. Signal Sciences works seamlessly across cloud, physical and containerized infrastructure to provide security without breaking production traffic.

Privacy

TRUSTe Certified Privacy Policy
EU Standard Contractual Clauses

Availability

Mar
99.91
Apr
99.96
May
99.79
Jun
99.94
Jul
99.99
Aug
99.97

Next scheduled maintenance

2nd October 2016, 11PM—1AM UTC

Responsiveness

42
0—1
39
1—8
14
8—24
6
>24
Average first reply time over the last month (hrs)