All apps

Is Culture Amp safe with your data?

C
Culture Amp icon

Culture Amp

Culture Amp Pty Ltd

66/100

Partial disclosure · high confidence

Culture Amp earns a C (66/100) because it discloses its data practices only in part.

#61

of 177 apps ranked

66

score · HR & recruiting avg 64

+2

vs category average

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

Culture Amp publishes a processor-model HR privacy policy that covers data-subject rights, names EU Standard Contractual Clauses, holds ISO27001 certification, and has an AI section sending third-party LLMs through managed infrastructure. Retention periods are vague and the policy commits to no user breach notification, which keeps the score in the C band.

What Culture Amp's privacy policy says about your data

AI does not train on user inputs

Section 8 says Culture Amp integrates third-party LLMs such as Anthropic's Claude and Google's Gemini through AWS or GCP via managed VPCs and an LLM proxy. Section 6(d) limits service-improvement work to de-identified personal information, with no claim that user inputs train Culture Amp's own models.

Full set of data-subject rights

Section 9 names access, correction, deletion, data export in standard CSV format, and the ability to limit or stop use or disclosure, all routed through the Privacy Officer at privacy@cultureamp.com.

Named transfer safeguard and subprocessor list

Section 5(c) commits to European Union Standard Contractual Clauses for transfers to non-adequate countries. The policy links a Subprocessor List and a Data Processing Addendum, backed by signed confidentiality and data processing agreements with service providers.

Vague retention and no breach notice

Section 10 retains data for as long as Culture Amp provides the Services until the Customer requests deletion, with encrypted backups kept up to 90 days. Section 5 names ISO27001 certification but commits to no user breach notification.

What the policy is silent or vague on

  • Not stated: a way to opt out of training
  • Not stated: whether training use differs by plan
  • Not stated: your ownership of generated outputs
  • Not stated: shorter retention for AI conversation logs

Culture Amp privacy rating

Training-data use1 of 4 disclosed
Keeps user inputs out of model training, or makes training opt-inDisclosed
Names a way to opt out of or into trainingSilent
Says whether training use differs by plan or tierSilent
Lets the user keep ownership of generated outputsSilent
Data-subject rights5 of 5 disclosed
Grants a right to access your dataDisclosed
Grants a right to delete your dataDisclosed
Offers data portability in a usable formatDisclosed
Grants a right to correct your dataDisclosed
Grants a way to object to or opt out of processingDisclosed
Retention and deletion0 of 4 disclosed
States a retention period for your dataPartial
States a deletion timeline after closure or requestPartial
Sets a shorter retention for AI conversation logsSilent
Commits to collecting only the data it needsPartial
Third-party sharing4 of 5 disclosed
Lists the categories of third parties it shares withDisclosed
References a sub-processor list or data processing agreementDisclosed
Does not sell or share data for advertising, or offers opt-outPartial
Names a safeguard for international data transfersDisclosed
States a standard for government and law-enforcement accessDisclosed
Transparency4 of 4 disclosed
Discloses that you are interacting with AIDisclosed
Marks AI-generated or synthetic outputNot applicable
Enumerates the categories of data it collectsDisclosed
Maps processing purposes to legal basesDisclosed
Is versioned and dated, with change noticeDisclosed
Sensitive data and children1 of 3 disclosed
Discloses automated decisions and a human-review pathSilent
Limits the use of special-category dataPartial
Governs biometric data specificallyNot applicable
States protections for children's dataDisclosed
Security and accountability1 of 3 disclosed
Describes its security safeguardsPartial
Commits to breach notificationSilent
Names a certification or a privacy contactDisclosed
DisclosedPartialSilentAdverseNot applicable

Details

Category
HR & recruiting
Modalities
text
Processes biometrics
No
Policy last updated
2025-07-02
Region scored
Global / US-default
Assessed
2026-06-20
Read Culture Amp's privacy policy

Other hr & recruiting apps

Betterworks iconBetterworksAEightfold AI iconEightfold AIB15Five icon15FiveCGreenhouse iconGreenhouseC

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.

Is Culture Amp safe with your data? Grade C | AI App Trust & Transparency Index