CultureAI G2

Uncover human blind spots
with this 7-day free trial

Book your kick-off call to start your free trial with CultureAI.

  • Surface real human risks quickly: Identify risks from SaaS, cloud, instant messaging, and AI tools, in just 24 hours of setup.

  • No disruptions, just insights: Experience the value of CultureAI without added noise or internal friction.

  • Understand the value: Access to our team for tailored check-in calls, ensuring you're seeing real results throughout the trial.

Director of Information Security, Global SaaS Company
"We had strong controls in place but this assessment exposed real behaviours slipping through the cracks."
"We had strong controls in place but this assessment exposed real behaviours slipping through the cracks."

FAQs

What data is collected?

As described in Annex 1.B of the EULA (UK-PoV) - Find it here

The baseline data required to provide the platform comprises a permitted user's:

(a) personal identification (first, last and full name);

(b) contact information (company email, job title, business unit or department, working location and line manager); and

(c) account information (unique account number, authentication method (e.g. SSO - single sign-on) and password complexity (but not the actual password).

Where certain platform modules have been selected by client the following data is also collected:

Identity & SaaS Risks

(a) web browser log-in events using company email and web browsing generally in order to identify whether malicious websites are being accessed (data is stored only where a match is made, not all browsing); Generative AI Usage

(b) data for personal data detection being certain data attributable to a user's company email login provided to monitored LLMs via the web browser (e.g. Chat GPT, Copilot, Gemini etc.); and

Collaborative Tool Usage

(c) data for personal data detection being certain data attributable to a user's company email login from instant messages (e.g. from MS Teams, Slack etc.).

Does CultureAI monitor employees logging onto personal accounts?

No, CultureAI’s platform focuses solely on work-related activities and does not monitor personal use. For example, if an employee logs into an individual account, such as Facebook, using their personal email, CultureAI will not track this activity. However, if a corporate email address is used to sign up for an external SaaS application, CultureAI will log this event and surface any potential risks to provide visibility to the organisation and guide the employee on what the risk is and how to rectify it.

Does CultureAI store passwords?

No, CultureAI has robust data protection measures in place. Password information is securely received via the CultureAI Browser Extension. A complexity score is calculated, and the password is then hashed, halved, and re-hashed multiple times using industry-standard techniques. This ensures that actual passwords are never stored or retrievable by administrators of the platform or CultureAI. We only store the complexity score and the halved hash of the password ensuring sensitive information remains secure and private at all times. 

Is CultureAI ISO 27001 certified?

Yes, at CultureAI our governance framework is built around the ISO 27001 ISMS, to which we are fully certified. This ensures a structured and continuous approach to managing security, risk and compliance across the organisation. Our ISMS defines policies, processes and controls to manage information security risks effectively, covering the entire business and services delivered in scope. All aspects of the ISMS are reviewed at least annually and audited by both internal and external parties to ensure alignment with evolving threats and business needs

Is CultureAI Cyber Essentials Certified?

Yes, CultureAI hold Cyber Essentials and Cyber Essentials Plus certifications.