Security

Client Culture handles sensitive client feedback and business data. We take that responsibility seriously. Here is how we protect it.

Download Security Overview (PDF)

Updated April 2026

Infrastructure

  • Hosted on SOC 2 compliant cloud infrastructure (Vercel, AWS, Prisma Postgres)
  • TLS 1.2+ enforced for all data in transit, including outbound email delivery
  • AES-256 encryption for data at rest
  • Automated daily backups with 30-day restore window
  • Infrastructure monitoring and alerting

Authentication & Access

  • Enterprise Single Sign-On via Microsoft Entra ID, per-firm tenant
  • Passwordless authentication via Microsoft
  • SSO client secrets encrypted at rest (AES-256-GCM)
  • Role-based access control with office, team, and division scoping
  • Audit-logged administrative and impersonation actions

Application Security

  • Rate limiting on public submission, authentication, and expensive AI operations
  • Input validation on sensitive routes with type-safe database access throughout
  • Parameterised database queries via ORM (no raw SQL)
  • Framework-level CSRF and XSS protection
  • Automated bot and spam protection on survey submissions

Email & Survey Security

  • SPF and DKIM authentication on all sending domains
  • Opt-out links in every survey email, respected permanently
  • Configurable survey anonymity settings per firm
  • Unique, time-limited tokens for survey access

Ephemeral Data Retention

Your firm decides how long sensitive feedback lives on the platform.

Client feedback is sensitive. Our Ephemeral Data Retention framework gives each firm direct control over how long verbatim comments are retained — from same-day deletion for firms with strict data minimisation requirements, through to extended retention for firms that want longer review windows. No other client feedback platform offers this level of firm-controlled retention.

NPS scores, loyalty driver selections, and response metadata (dates sent and submitted, and the assigned professional) persist indefinitely as structured data — these power every trend chart, benchmark and longitudinal report in the platform, and contain no free-text content. The verbatim comments themselves are retained only for the period your firm chooses, then permanently deleted by an automated process that runs hourly to enforce each firm's retention setting.

Firm-controlled retention

Each firm sets their own data retention period. Same-day deletion is available for firms with strict data minimisation policies.

Structured data persists, verbatims expire

NPS scores, driver selections, and response metadata (dates and the assigned professional) remain indefinitely for trend analysis. Free-text comments are deleted on your firm's retention schedule.

Automated enforcement

A scheduled cleanup runs every hour to enforce your firm's retention setting. Expired survey invitations are automatically anonymised. No manual intervention required.

EphemeralAI™ Processing

When AI is used, we apply controls matched to the product and the data involved.

Most of our platform uses no third-party AI at all. Dashboards, trend charts, NPS benchmarks, and longitudinal reports all run on structured data we hold ourselves. We use AI in three specific features, and each has a privacy posture matched to what that feature needs to do.

Custom Reports

Available to all firms

AI assists with drafting executive commentary in client experience reports. Aggregate scores, driver selections, and verbatim feedback are sent to OpenAI under their enterprise data processing agreement — OpenAI is contractually prohibited from training their models on this data, and all transmission is encrypted. Every report is reviewed and customised by our team before delivery.

Advisory Preparation Assistant

Available for firm pilots

Helps professionals draft client advice and memos from their firm's knowledge base. Personal identifiers (names, emails, organisation names) are detected and stripped before any data reaches OpenAI. The AI receives only anonymised, de-identified text.

Horizon Scanning Tool

Available for firm pilots

A proactive advisory tool that surfaces relevant legislative, regulatory, and market developments for professionals' clients. Same anonymisation posture as the Advisory Preparation Assistant — full PII stripping before any AI call.

EphemeralAI™ — privacy framework powering Client Culture

Data Privacy

Client Culture operates under the Australian Privacy Act 1988, UK GDPR, and EU GDPR. We act as a data processor on behalf of our firm clients, handling survey responses and feedback data according to each firm's instructions and our data processing agreements.

Staff access is scoped by role, office, and team — people only see the data relevant to their responsibilities. Administrative actions are audit-logged.

Our full privacy policy, including regional addenda for Australia, the UK, and the EEA, is available at app.clientculture.com/privacy.

Sub-processors

We use a small number of trusted third-party services to operate the platform. All sub-processors are contractually bound to protect your data.

ProviderPurposeLocation
VercelApplication hosting and edge networkSingapore
Prisma PostgresDatabase hostingSingapore
ResendTransactional and survey email deliveryTokyo, Japan
OpenAIAI analysis (see EphemeralAI for details)US

Vercel, Resend, and Prisma Postgres all run on Amazon Web Services infrastructure. Details of downstream sub-processors are available in each provider's own trust documentation.

Questions?

For security inquiries, contact security@clientculture.com. For privacy questions, contact privacy@clientculture.com.