Privacy Policy
How we collect, use, and protect your data.
What we collect
- Contact form submissions — name, email, and message when you reach out to us
- Survey responses — NPS scores, comments, and driver selections submitted by your clients or employees, collected on behalf of your firm
- Platform usage — basic analytics to improve the service (page views, feature usage). We do not use third-party tracking pixels
- Account information — name, email, role, and firm association for authenticated platform users
How we use your data
- Deliver survey programmes and feedback reports to your firm
- Generate anonymised insights and analytics using AI (see below)
- Improve and maintain the platform
- Respond to your enquiries
We do not sell, rent, or share your personal information with third parties for marketing purposes.
AI processing & EphemeralAI™
When AI is used to analyse survey feedback, personal identifiers are detected and stripped before any data reaches an AI provider. Our AI partners (OpenAI and Anthropic) never see your respondents' names, email addresses, or other identifying details.
Our EphemeralAI™ privacy framework gives each firm control over data retention — from same-day deletion to extended retention depending on compliance requirements. The platform extracts themes and insights, then deletes source material according to your firm's chosen retention period. Aggregate patterns persist. Individual responses expire.
Data retention
- Survey verbatim comments — retained according to your firm's chosen retention period, then automatically deleted
- Anonymised themes and scores — retained for ongoing analytics and benchmarking
- Account data — retained while your firm's account is active, deleted on request
- Contact form data — retained only as long as needed to respond to your enquiry
Sub-processors
We use a small number of trusted third-party services to operate the platform. All sub-processors are contractually bound to protect your data.
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Application hosting | US (Sydney edge) |
| Neon (PostgreSQL) | Database hosting | US |
| Amazon Web Services | Email delivery (SES) | Sydney, AU |
| OpenAI | AI analysis (anonymised data only) | US |
| Anthropic | AI analysis (anonymised data only) | US |
Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact privacy@clientculture.com.
Regional compliance
Client Culture operates under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). For clients in the United Kingdom and European Economic Area, we also comply with UK GDPR and EU GDPR respectively. Regional addenda covering specific obligations are included in our full privacy policy.
Our complete privacy policy — including detailed data processing terms and regional addenda — is available at app.clientculture.com/privacy.
Questions?
For privacy enquiries, contact privacy@clientculture.com. For security-related concerns, contact security@clientculture.com.