Culture Engine

Privacy Policy

Effective Date: May 10, 2026

Culture Engine (“Culture Engine,” “we,” “us,” or “our”) is committed to protecting personal information and maintaining transparency regarding our data practices.

This Privacy Policy explains how we collect, use, disclose, process, and safeguard personal information when you access or use the Culture Engine platform, website, integrations, and related services (collectively, the “Service”).

In many cases, Culture Engine processes personal information on behalf of business customers that use the Service for internal workplace engagement, employee recognition, and organizational culture purposes.

By accessing or using the Service, you acknowledge the collection and use of information as described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

We may collect personal information that you voluntarily provide to us, including:

  • account registration information, such as name, work email address, company name, department, and job title;
  • profile information, such as profile photos, biographies, and workspace details;
  • recognition content, including messages, comments, reactions, feedback, and related workplace engagement activity;
  • support communications and correspondence;
  • payment and billing information processed through third-party payment processors; and
  • information submitted through surveys, forms, or customer support requests.

Culture Engine does not store full payment card numbers or payment credentials.

1.2 Information Collected Automatically

When you use the Service, we may automatically collect certain information, including:

  • IP address;
  • browser type and version;
  • operating system;
  • device identifiers;
  • log and diagnostic information;
  • pages viewed;
  • timestamps;
  • referral URLs;
  • feature usage data;
  • interaction patterns; and
  • performance and analytics information.

We may also collect information through cookies and similar technologies as described in Section 6.

1.3 Information from Third Parties

If you connect third-party platforms or integrations to the Service, including Slack, Microsoft Teams, Google Workspace, HRIS systems, or similar services, we may receive information from those services as authorized by the applicable user, administrator, or workspace configuration.

The scope of information received depends on:

  • the permissions granted;
  • the applicable integration settings; and
  • the policies of the third-party service provider.

2. How We Use Your Information

We may use personal information to:

  • provide, operate, maintain, and support the Service;
  • authenticate users and manage accounts;
  • process transactions and subscription payments;
  • personalize user experience and Service functionality;
  • facilitate employee recognition and engagement features;
  • provide customer support and respond to inquiries;
  • send administrative, technical, security, and operational communications;
  • improve, enhance, and develop the Service;
  • monitor usage trends and analytics;
  • detect, prevent, investigate, and mitigate fraud, abuse, security incidents, or unlawful activity;
  • comply with legal obligations; and
  • enforce our Terms of Service and related policies.

Artificial Intelligence and Automated Processing

Certain Service features may use automated systems or artificial intelligence technologies to support functionality within the Service.

Culture Engine does not use Customer Data, employee recognition content, comments, reactions, or workspace content submitted through the Service to train generalized artificial intelligence or machine learning models unless expressly authorized by the applicable Customer.

Aggregated and De-Identified Information

Culture Engine may generate, use, and disclose aggregated, anonymized, or de-identified information derived from use of the Service for lawful business purposes, including:

  • analytics;
  • benchmarking;
  • security monitoring;
  • operational reporting;
  • product improvement; and
  • business intelligence.

Such information does not identify individual users.

Employee Recognition Platform

Culture Engine is designed as an employee recognition and engagement platform and is not intended to function as employee surveillance or monitoring software.

3. How We Share Your Information

Culture Engine does not sell or rent personal information.

We may disclose personal information in the following circumstances:

3.1 Within Your Organization

Certain information, including recognition messages, reactions, comments, profile details, and workplace engagement activity, may be visible to other users within your organization as part of the Service’s core functionality.

Workspace administrators and authorized representatives of your organization may be able to access, review, export, modify, or remove certain account information, activity logs, recognition activity, and related content associated with your use of the Service, subject to the organization’s policies and configuration settings.

Your organization controls many aspects of workspace administration and visibility settings.

3.2 Service Providers and Subprocessors

We may engage trusted third-party service providers, vendors, and subprocessors to support operation of the Service, including providers relating to:

  • cloud hosting and infrastructure;
  • authentication;
  • analytics;
  • communications;
  • customer support;
  • payment processing;
  • reward fulfillment; and
  • security operations.

These providers are contractually authorized to process personal information only as necessary to provide services to Culture Engine.

3.3 Rewards and Redemption Data

If your organization enables reward redemption functionality, Culture Engine and applicable Reward Providers may process information relating to:

  • reward selections;
  • redemption activity;
  • delivery status;
  • transaction records; and
  • related operational information

for purposes of providing rewards functionality, fraud prevention, accounting, customer reporting, compliance, and operational support.

Reward fulfillment may be handled by third-party providers such as Tremendous, Tango Card, or similar providers.

3.4 Legal Requirements

We may disclose personal information where required to do so by law or where we reasonably believe disclosure is necessary to:

  • comply with legal obligations;
  • respond to lawful requests;
  • protect our rights or property;
  • protect user safety;
  • investigate fraud or security incidents; or
  • enforce our agreements and policies.

3.5 Business Transfers

If Culture Engine is involved in a merger, acquisition, financing, corporate reorganization, sale of assets, or similar transaction, personal information may be transferred as part of that transaction.

Where required by law, we will provide notice before personal information becomes subject to a materially different privacy framework.

4. Data Retention

We retain personal information for as long as reasonably necessary to:

  • provide the Service;
  • fulfill the purposes described in this Privacy Policy;
  • comply with legal obligations;
  • resolve disputes;
  • enforce agreements;
  • maintain security protections; and
  • support legitimate business and operational needs.

Following account or subscription termination, we will delete or anonymize personal information within a commercially reasonable period unless retention is:

  • required by law;
  • necessary for security or fraud prevention;
  • required for dispute resolution;
  • maintained in backup systems; or
  • otherwise permitted for legitimate business purposes.

5. Your Rights and Choices

Depending on your jurisdiction and applicable law, you may have rights relating to your personal information, including the right to:

  • access personal information we hold about you;
  • request correction of inaccurate or incomplete information;
  • request deletion of personal information;
  • request restriction of processing;
  • object to certain processing activities;
  • request portability of personal information; and
  • withdraw consent where processing is based on consent.

To exercise applicable privacy rights, contact us at hello@cultureengine.ai.

We will respond to requests in accordance with applicable law.

Culture Engine will not discriminate against individuals for exercising applicable privacy rights.

6. Cookies and Tracking Technologies

Culture Engine uses cookies and similar technologies to:

  • maintain sessions and authentication;
  • remember preferences;
  • improve functionality and performance;
  • understand user interaction with the Service; and
  • support analytics and operational monitoring.

You may control cookies through your browser settings. Disabling cookies may impact certain Service functionality.

Where required by law, Culture Engine honors applicable Global Privacy Control (“GPC”) signals and similar browser-based privacy controls.

Additional details about specific cookies used may be provided in cookie banners or settings within the Service.

7. International Data Transfers

Culture Engine is based in Dubai, United Arab Emirates.

If you access the Service from outside the United Arab Emirates, your personal information may be transferred to, stored in, and processed in jurisdictions where privacy laws may differ from those in your location.

Where required by law, Culture Engine relies on lawful transfer mechanisms for international transfers of personal information, including Standard Contractual Clauses approved by the European Commission and equivalent mechanisms under applicable law.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), including rights to:

  • know what personal information we collect;
  • access personal information;
  • correct inaccurate information;
  • request deletion of personal information; and
  • limit certain uses of sensitive personal information where applicable.

Culture Engine does not sell, rent, or share personal information for cross-context behavioral advertising purposes as defined under applicable privacy laws.

To exercise applicable California privacy rights, contact hello@cultureengine.ai.

9. European Economic Area and United Kingdom Privacy Rights

For individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland:

  • Culture Engine generally acts as a data processor with respect to Customer Data processed on behalf of business customers; and
  • Culture Engine acts as a data controller with respect to account, operational, billing, and usage data collected directly by Culture Engine.

Our legal bases for processing may include:

  • performance of a contract;
  • legitimate interests;
  • compliance with legal obligations; and
  • consent where applicable.

Individuals in these jurisdictions may have the right to lodge complaints with their local supervisory authority.

The Data Processing Addendum is incorporated into the Terms of Service and applies automatically where required by applicable law. A copy is available at www.cultureengine.ai/dpa.

10. Slack and Third-Party Platform Data

When you connect Slack or other third-party workplace platforms to the Service, Culture Engine may access and process only the information necessary to provide the functionality and features authorized by the applicable workspace or administrator.

Culture Engine does not access, read, or process private message history, channel history, or unrelated workspace communications. We only access information necessary to provide the specific functionality enabled by the Customer or user.

Your use of third-party integrations remains subject to the applicable third-party platform terms and privacy policies.

11. Security

Culture Engine implements commercially reasonable technical, administrative, and organizational safeguards designed to protect personal information, including:

  • encryption in transit;
  • encryption at rest where appropriate;
  • access controls;
  • authentication mechanisms;
  • logging and monitoring;
  • vulnerability management; and
  • periodic security assessments.

No method of transmission over the internet or electronic storage is completely secure, and Culture Engine cannot guarantee absolute security.

In the event of a confirmed security incident involving personal information, Culture Engine will take commercially reasonable steps to investigate, mitigate, and provide notifications where required by applicable law.

12. Children's Privacy

The Service is not directed to individuals under the age of eighteen (18), and Culture Engine does not knowingly collect personal information from children.

If we become aware that personal information has been collected from a child in violation of applicable law, we will take commercially reasonable steps to delete such information.

If you believe a child has provided personal information to Culture Engine, please contact hello@cultureengine.ai.

13. Changes to This Privacy Policy

Culture Engine may update this Privacy Policy from time to time.

Where required by law, we will provide notice of material changes through the Service, via email, or through other reasonable means.

The updated Privacy Policy becomes effective upon posting unless otherwise stated.

14. Contact Us

For questions, requests, or concerns regarding this Privacy Policy or our privacy practices, contact:

  • Culture Engine, Privacy Team
  • hello@cultureengine.ai
  • www.cultureengine.ai