Security

Client feedback is sensitive. Our Ephemeral Data Retention framework gives each firm direct control over how long verbatim comments are retained — from same-day deletion for firms with strict data minimisation requirements, through to extended retention for firms that want longer review windows. No other client feedback platform offers this level of firm-controlled retention.

NPS scores, loyalty driver selections, and response metadata (dates sent and submitted, and the assigned professional) persist indefinitely as structured data — these power every trend chart, benchmark and longitudinal report in the platform, and contain no free-text content. The verbatim comments themselves are retained only for the period your firm chooses, then permanently deleted by an automated process that runs hourly to enforce each firm's retention setting.

Most of our platform uses no third-party AI at all. Dashboards, trend charts, NPS benchmarks, and longitudinal reports all run on structured data we hold ourselves.

EphemeralAI™ is our trademark for AI processing that strips personal identifiers before any model call. We hold this approach in reserve for future features where it is practical.

Custom Reports — the one live AI feature

Client Culture produces custom client experience reports for firms. AI assists with early-stage drafting tasks only — surfacing relevant quotes from verbatim feedback, providing starting data points for charts, and producing rough first-draft text.

• Aggregate scores, loyalty driver selections, and verbatim feedback are sent to Anthropic Claude models under their enterprise data processing agreement.
• Anthropic is contractually prohibited from training their models on this submitted data, all transmission is encrypted, and the Anthropic API is SOC 2 compliant.
• AI output is delivered into Google Workspace (Slides and Sheets) on a Client Culture business account, where Client Culture analysts develop, customise, and finalise the report.
• Reports are operator-triggered — they only run when explicitly invoked.

We use AI for drafting mechanics, not for analytical work. Every report's themes, interpretations, and recommendations come from our analysts. AI output is a starting input that accelerates drafting; it is not the deliverable.

AI is not used for routine dashboard analytics, theme extraction across all feedback, or any background processing.

Custom Reports does not use EphemeralAI™ processing. Full anonymisation isn't compatible with the analytical task — themes drawn from verbatims need the verbatims, not redacted approximations — so Custom Reports relies on the Anthropic enterprise DPA's anti-training and confidentiality protections rather than EphemeralAI processing.

Client Culture operates under the Australian Privacy Act 1988, UK GDPR, and EU GDPR. We act as a data processor on behalf of our firm clients, handling survey responses and feedback data according to each firm's instructions and our data processing agreements.

Staff access is scoped by role, office, and team — people only see the data relevant to their responsibilities. Administrative actions are audit-logged.

Our full privacy policy, including regional addenda for Australia, the UK, and the EEA, is available at app.clientculture.com/privacy.