We've just raised $4m to measure and mitigate human cyber security risk... Find out more

Trust & Security at CultureAI

Our View

We protect our clients data, at all costs

When a client works with us, they're saying "We trust you to significantly decrease our security risks". It is our responsibility to do absolutely everything in our power to make that happen; starting with ensuring we don't increase their risks.

This page details just some of the lengths we go to to protect your data. If you're ever concerned, please talk to us at security@culture.ai.

The four pillars of trust


Security is baked into everything we do; from our DevSecOps through to business ops and physical security. We encrypt your data at rest in transit and provide SSO, enforced MFA and IP-based ACLs to protect it. Your data is stored in your own country. Our team all hold BPSS security vetting, as a minimum. We perform regular pentests, and run continuous vulnerability scanning against our infrastructure, code and dependencies.


Our platforms are built on best-in-class technologies, and are designed to be highly-available and fast. We use load balancing with automatic failover, geo-redundancy and monitor thousands of metrics every second to look for warning signs of issues. We have a defined and regularly tested disaster recovery plan.


Protecting your data, and that of your employees, is our highest priority. It is, after all, why we founded CultureAI in the first place. We do everything in our power to ensure we protect it from unauthorised access, and are compliant with regulation such as GDPR.


Our clients' often have strict compliance requirements, against which we have yet to record a single failure. We hold ISO 9001, 14001 and 27001, alongside Cyber Essentials Plus. We're happy to allow our enterprise clients to conduct independent audits / pentests, and our policy is to go to any length to support your internal compliance process.

Our security accreditations

CultureAI actively maintain a range of industry-standard security accreditations.

Bug Bounty

Our bug bounty programme

We support the responsible disclosure of security issues and vulnerability to us from the security community. If you identify a security vulnerability in any CultureAI product please let us know at security@culture.ai and we'll acknowledge the report within a working day.

All we ask is that security researchers exercise appropriate consideration whilst conducting any testing; please throttle your rates and in the event you may (or have accidentally) access(ed) client data please stop and contact us so that we can remediate the vulnerability, communicate to our clients and order you pizza.

Trusted by

Get started now with 30 days free, instant access

Build a security culture where people prevent breaches.