Security, privacy & GDPR
Culture Blueprint is built so people can answer honestly โ and so the organisations that deploy it can say yes with confidence.
Anonymity by design
Individual answers are scored on our server and only ever returned as anonymised, combined figures โ no name is attached to any answer. Individual rows appear only once at least four people have responded, so no single person can be identified.
Data protection
All data is encrypted in transit (HTTPS/TLS) and stored on secure, access-controlled infrastructure. It is used solely to produce your team's results โ never sold, never shared with advertisers.
Your rights & control
Consistent with UK GDPR, you can access, export and permanently delete your data. The Leadership Coach includes self-serve export and delete for your plans and progress, built right in.
Responsible AI
The AI coach augments human judgement โ it never replaces it, and gives no legal, medical or financial advice. Coaching conversations are not stored on our servers, and your data is not used to train third-party models.
Everything your security team needs
We keep this simple so a rollout doesn't stall in review.
- UK GDPR compliant โ lawful basis, data-minimisation, and clear retention
- Data Processing Agreement โ available for Pro & Enterprise on request
- Named sub-processors โ Netlify (hosting/storage) and Groq (AI inference)
- Encryption in transit โ HTTPS/TLS across the platform
- Minimum-respondent threshold โ protects individual anonymity
- Export & right to erasure โ self-serve, plus assisted deletion on request
- No model training on your data โ and coaching chats aren't stored
- Security review welcome โ we'll complete your questionnaire
Common questions
Where is our data stored?
Assessment data is stored on secure, access-controlled cloud infrastructure (Netlify) and used solely to produce your team's results. We can discuss data-residency requirements for enterprise deployments.
Who are your sub-processors?
Our core sub-processors are Netlify (hosting, storage and serverless functions) and Groq (the AI inference provider that powers the coach). A current list is available on request as part of our DPA.
Can we get a Data Processing Agreement (DPA)?
Yes. We provide a DPA for Pro and Enterprise customers โ email us and we'll send it over.
Do you use our data to train AI models?
No. Your assessment data and coaching conversations are not used to train third-party models. Coaching conversations are not stored on our servers.
How do we delete our data?
You can export or permanently delete your saved plans and progress from within the app at any time. For full account deletion, contact us and we'll action it promptly.
This page describes our current practices and is provided for information; it does not constitute legal advice. For contractual terms, request our DPA.
See your team's number in ten minutes
No card, no consultants, no setup. Run the audit at your next team meeting and get a coached action plan you can use straight away.
Try Culture Blueprint free