Security & Data Privacy
Enterprise-grade Security & Privacy you can take to your CISO
ScultureAI protects your data with layered cloud security, strict access controls, and enterprise-grade governance designed for regulated environments.
Trusted by our clients and partners:
Trust
Pillars of Trust
Trust depends on clear rules. These pillars explain how your data stays protected, how the system works, and what controls guide every interaction. Each point sets expectations so you know exactly what happens behind the scenes.
Your data is never used to train AI models
We never use your data to train third-party AI models such as OpenAI or Anthropic. Your information always stays private.
We enforce contractual safeguards to ensure customer data is isolated, protected, and never repurposed beyond its intended use.Security by design
Security is built into every layer of our product, from authentication to deployment.
We apply strict access controls, encryption in transit and at rest, and continuous monitoring to ensure your data remains protected.Data privacy & minimisation
We process only what's required to deliver the nudges. Nothing more.
Drafts and chats are analysed in real time and deleted within minutes. We never access or store attachments.Compliance & assurance
We are ISO/IEC 27001 certified and undergo regular third-party review, including CREST-led penetration testing and CASA security audits.
Our products also pass Microsoft and Google marketplace reviews to ensure compliance with industry standards.
View our Trust Portal
For audit summaries and compliance documentation.
Advanced Controls and Enterprise Assurance
Data residency & sovereignty
Choose where your data resides (even within your own cloud or on-prem environment*) to meet regulatory and contractual needs.
*May be subject to additional costs.
Microsoft and Google approved
Our Outlook, Teams, and Gmail add-ins have passed Microsoft and Google marketplace security reviews, including checks on data access, privacy, and permissions. These approvals reflect the high standards expected by global enterprise IT and compliance teams.
Enterprise-grade regulatory compliance
Our security measures exceed industry standards for data protection and security.
Take a look at our security processes
Our Trust Portal contains detailed security documentation, compliance certificates, and technical specifications. For specific questions or to schedule a security review, our team is here to help.
Frequently asked questions.
Visit our Trust Portal to review our security posture.
Please get in touch to set up a call us and collaborate with your security, compliance, or procurement teams to provide the information you need.
Yes. ScultureAI supports Microsoft 365 and Google sign-in using least-privilege scopes.
Yes. All listed add-ins have passed Microsoft and Google marketplace security, data privacy, and data minimization reviews.
We are GDPR Compliant and ISO 27001:2022 certified. We complete regular CASA application audits and CREST-certified penetration tests.
By default, data is stored in the United Kingdom. All plans can choose the inference (processing) region between UK, EU, or US. We can also offer customers the option to choose any AWS, Azure or Google Cloud region, or their own on-prem environment for strict data residency requirements.
No. Attachments and files are never accessed, processed, or stored.
No. Drafts and chats are processed in real time and deleted in less than 10 minutes.
Speak to our security and privacy team.
Connect with our team for further information or for a demo to experience ScultureAI in action.