blue_bg.jpg

Security Whitepaper

Updated: March 1, 2022 

Introduction

Culturate delivers a scalable application with high availability and dependability. Protecting the confidentiality, integrity, and availability of our customer's data is of the utmost importance to Culturate, as is maintaining customer trust and confidence. This document is intended to summarize Culturate's standards compliance, security framework, and operational practices.

 

Key Use Cases

Key use cases for Culturate are as follows:

 

● Help employees in the company share where they are working from and when they are available (only the center of the city is shown to others).

● Show the location status of each employee in Slack through Slack integration when an employee has set where they are working.

● Adds Kudos in Slack and track data of Kudos which are given and received. It stimulates positive feedback and helps HR or management see the data.

● Help employees to quickly connect via 1-1 or group invites.

● Simplify team or individual schedule planning by seeing where others are planning to work and when someone is coming to the office / is available.

● Help companies and employees stay connected even if they are working remotely or in a hybrid work by randomly mixing them in a group of chosen size on chosen time, date, and frequency.

 

Slack Integration

Slack Permissions

When you connect Culturate with your Slack workspace, Slack will present to you a list of the specific permissions that Culturate requests, and you will have an opportunity to approve or reject those permissions. Culturate uses Slack's Granular Permissions in order to request only the permissions we need to make the app function.

Slack Channel and Message Access

Culturate has limited access to messages in Slack, and it uses it only for the proper functioning of its features, i.e.:

Culturate app/bot can:

  • create a channel

    • when an administrator in Culturate integrates Slack for the first time

    • when a team member makes a group invite for more than seven people

    • when a team member gives private Kudos to more than seven people at once

  • invite team members to a channel

    • when creating a default Culturate channel during integration

  • send a direct group message

    • when a team member gives a private Kudos for more than one people

    • when Culturate creates a Water Cooler event for more than two people

On behalf of a team member, Culturate app/bot can:

  • send a direct message when a team member invites only one team member in Culturate web app

  • send a group direct message when a team member invites a group of people in Culturate web app

  • share team member status with an icon next to his name in direct messages three in Slack

 

Privacy Policy

Here is our Privacy Policy and Cookie Policy.

If you have any questions about our privacy policy or security practices, please feel free to reach out directly using the chat bubble in the lower right corner.

 

Security Practices

Culturate is hosted on Vultr, which is according with GDPR provisions. We leverage Slack’s OAuth for signing into our website, making Culturate as secure as Slack. Our website and servers use HTTPS over SSL (TLS 1.2) to protect your data.

 

Vultr Cloud Platform (VCP) Compliance

Culturate utilizes VCP for hosting its systems and services. This section is intended to summarize the security and high availability features and infrastructure VCP provides.

Compliance

Culturate reviews VCP’s compliance reports annually. To date, VCP is compliant with the following standards:

  • SSAE16 / ISAE 3402 Type II

    • SOC 1

    • SOC 2

    • SOC 3

  • ISO 27001

  • PCI DSS