User Agreement
Privacy Policy
Cookie Policy
GDPR
Security
Security at TeamCulture.ai
Effective 7th November 2022
We’re committed to being transparent about our security practices and helping you understand our approach.
Our mission is to reimagine employee experience with hybrid intelligence so that teams can be more transparent, engaged, productive and successful. We believe that we need to make your data secure, and that protecting it is one of our most important responsibilities.
Table of Content
1. Encryption
TeamCulture.ai Services are hosted on DigitalOcean, an industry-leading SOC 2 Type II certified service provider, in data centres located in the United Kingdom.
1.1. Data In Transit
All data transmitted between TeamCulture.ai clients and the TeamCulture.ai service is done so using strong encryption protocols.
TeamCulture.ai supports the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients.
1.2. Data At Rest
Data at rest in TeamCulture.ai’s production network is encrypted with LUKS and ACID-Compliant.
It applies to all types of data at rest within TeamCulture.ai’s systems—relational databases, file stores, database backups, etc. All encryption keys are stored in a secure server on a segregated network with very limited access. TeamCulture.ai has implemented appropriate safeguards to protect the creation, storage, retrieval, and destruction of secrets such as encryption keys and service account credentials.
2. Access Management
Only a selected few senior production staff have access to customer data.
To minimise the risk of data exposure, TeamCulture.ai adheres to the principles of least privilege and role-based permissions when provisioning access—staff are only authorised to access data that they reasonably must handle in order to fulfil their current job responsibilities.. All production access is reviewed at least quarterly.
3. Data Retention And Disposal
After the data is marked for deletion, an internal recovery period of up to 30 days may apply depending on the service or deletion request.
TeamCulture.ai hard deletes all information from currently running production systems (excluding organisation names and team names embedded in URLs in web server access logs) and backups are destroyed within 30 days. TeamCulture.ai’s hosting providers are responsible for ensuring removal of data from disks is performed in a responsible manner before they are repurposed.
4. Data Backup And Recovery
Your data is backed-up at least once per day to ensure maximum safety.
TeamCulture.ai utilises services deployed by its hosting provider to take full backups daily and maintain write-ahead-logs. It allows us to restore to any point-in-time within the previous seven days.
5. Security Incidents
In the event of an incident, affected customers will be informed via email within 48 hours.
Responding to security incidents, TeamCulture.ai has established policies and procedures for responding to potential security incidents. In the event of an incident, affected customers will be informed by our well-prepared response team via email within 48 hours. Incident response procedures are tested and updated at least annually.
User Agreement
Privacy Policy
Cookie Policy
GDPR
Security
Security at TeamCulture.ai
Effective 7th November 2022
We’re committed to being transparent about our security practices and helping you understand our approach.
Our mission is to reimagine employee experience with hybrid intelligence so that teams can be more transparent, engaged, productive and successful. We believe that we need to make your data secure, and that protecting it is one of our most important responsibilities.
Table of Content
1. Encryption
TeamCulture.ai Services are hosted on DigitalOcean, an industry-leading SOC 2 Type II certified service provider, in data centres located in the United Kingdom.
1.1. Data In Transit
All data transmitted between TeamCulture.ai clients and the TeamCulture.ai service is done so using strong encryption protocols.
TeamCulture.ai supports the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients.
1.2. Data At Rest
Data at rest in TeamCulture.ai’s production network is encrypted with LUKS and ACID-Compliant.
It applies to all types of data at rest within TeamCulture.ai’s systems—relational databases, file stores, database backups, etc. All encryption keys are stored in a secure server on a segregated network with very limited access. TeamCulture.ai has implemented appropriate safeguards to protect the creation, storage, retrieval, and destruction of secrets such as encryption keys and service account credentials.
2. Access Management
Only a selected few senior production staff have access to customer data.
To minimise the risk of data exposure, TeamCulture.ai adheres to the principles of least privilege and role-based permissions when provisioning access—staff are only authorised to access data that they reasonably must handle in order to fulfil their current job responsibilities.. All production access is reviewed at least quarterly.
3. Data Retention And Disposal
After the data is marked for deletion, an internal recovery period of up to 30 days may apply depending on the service or deletion request.
TeamCulture.ai hard deletes all information from currently running production systems (excluding organisation names and team names embedded in URLs in web server access logs) and backups are destroyed within 30 days. TeamCulture.ai’s hosting providers are responsible for ensuring removal of data from disks is performed in a responsible manner before they are repurposed.
4. Data Backup And Recovery
Your data is backed-up at least once per day to ensure maximum safety.
TeamCulture.ai utilises services deployed by its hosting provider to take full backups daily and maintain write-ahead-logs. It allows us to restore to any point-in-time within the previous seven days.
5. Security Incidents
In the event of an incident, affected customers will be informed via email within 48 hours.
Responding to security incidents, TeamCulture.ai has established policies and procedures for responding to potential security incidents. In the event of an incident, affected customers will be informed by our well-prepared response team via email within 48 hours. Incident response procedures are tested and updated at least annually.