Privacy Policy
How we collect, use, and protect your data.
Updated 28 April 2026
What we collect
- Contact form submissions — name, email, and message when you reach out to us
- Survey responses — NPS scores, comments, and driver selections submitted by your clients or employees, collected on behalf of your firm
- Platform usage — basic analytics to improve the service (page views, feature usage). We do not use third-party tracking pixels
- Account information — name, email, role, and firm association for authenticated platform users
How we use your data
- Deliver survey programs and feedback reports to your firm
- Generate anonymised insights and analytics using AI (see below)
- Improve and maintain the platform
- Respond to your enquiries
We do not sell, rent, or share your personal information with third parties for marketing purposes.
Ephemeral Data Retention
Our Ephemeral Data Retention framework gives each firm direct control over how long verbatim comments are retained — from same-day deletion for firms with strict data minimisation requirements, through to extended retention for firms that want longer review windows. No other client feedback platform offers this level of firm-controlled retention.
NPS scores, loyalty driver selections, and response metadata (dates sent and submitted, and the assigned professional) persist indefinitely as structured data for trend analysis and contain no free-text content. Free-text comments are retained only for the period your firm chooses, then permanently deleted by an automated process that runs hourly.
EphemeralAI™ Processing
Most of our platform uses no third-party AI at all. Dashboards, trend charts, NPS benchmarks, and longitudinal reports all run on structured data we hold ourselves.
EphemeralAI™ is our trademark for AI processing that strips personal identifiers before any model call. We hold this approach in reserve for future features where it is practical.
Custom Reports — the one live AI feature
AI assists with early-stage drafting tasks only — surfacing relevant quotes from verbatim feedback, providing starting data points for charts, and producing rough first-draft text. Aggregate scores, loyalty driver selections, and verbatim feedback are sent to Anthropic under their enterprise data processing agreement. Anthropic is contractually prohibited from training their models on this submitted data, and all transmission is encrypted. The analytical content of every report — themes, interpretations, recommendations — is developed and finalised by Client Culture analysts. AI output is a starting input that accelerates drafting; it is not the deliverable.
Custom Reports does not use EphemeralAI™ processing. Full anonymisation isn't compatible with the analytical task — themes drawn from verbatims need the verbatims, not redacted approximations — so Custom Reports relies on Anthropic's enterprise DPA's anti-training and confidentiality protections rather than EphemeralAI processing.
Data retention
- Survey verbatim comments — retained according to your firm's chosen retention period, then automatically deleted
- Anonymised themes and scores — retained for ongoing analytics and benchmarking
- Account data — retained while your firm's account is active, deleted on request
- Contact form data — retained only as long as needed to respond to your enquiry
Sub-processors
We use a small number of trusted third-party services to operate the platform. All sub-processors are contractually bound to protect your data.
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Application hosting and edge network | Singapore |
| Prisma Postgres | Database hosting | Singapore |
| Resend | Transactional and survey email delivery | Tokyo, Japan |
| Anthropic, PBC | AI assistance for custom report drafting (operator-triggered) | US |
| Google Australia Pty Limited | Custom report preparation environment (Google Workspace — Slides, Sheets, Drive) | Global Google data centres |
Vercel, Prisma Postgres, and Resend all operate on Amazon Web Services infrastructure. Details of downstream sub-processors are available in each provider's own trust documentation.
Custom reports for firms (NPS analysis, verbatim summaries, longitudinal trend reports) are prepared in Google Workspace (Slides, Sheets, Drive) on a Client Culture business account. Survey data including verbatim feedback is processed within these tools during report preparation.
Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact privacy@clientculture.com.
Regional compliance
Client Culture operates under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). For clients in the United Kingdom and European Economic Area, we also comply with UK GDPR and EU GDPR respectively. Regional addenda covering specific obligations are included in our full privacy policy.
Our complete privacy policy — including detailed data processing terms and regional addenda — is available at app.clientculture.com/privacy.
Questions?
For privacy enquiries, contact privacy@clientculture.com. For security-related concerns, contact security@clientculture.com.