Security & Compliance
Built in Europe. Secure from the ground up.
culturOS meets the highest standards for data protection, infrastructure security and regulatory compliance.
Secure infrastructure
culturOS runs on ISO/IEC 27001-certified servers within the European Union. The entire server infrastructure meets the highest requirements for physical and logical data security from network security to physical access control. Your data never leaves the EU, all connections are encrypted, and all accesses are logged in full. Regular external penetration tests confirm the integrity of the infrastructure.
Infrastructure status
Real-time overview
Frankfurt
eu-central-1
Dublin
eu-west-1
Access to data
All organisational data can only be read after proper authentication. Legally, customers remain the sole owners of all their data and the controller within the meaning of Art. 24 EU GDPR. culturOS will under no circumstances pass customer data to third parties. On the culturOS side, only authorised and trained employees have event-based access to your account, exclusively for initial setup and the handling of service requests.
Access rights
Role-based control
Admin
Dashboard & settings
OD advisor
Aggregated analyses
Individual
No visibility
Availability & backup
culturOS continuously monitors system availability in order to be prepared for any issues. Complete backups are performed regularly on geographically separated servers, and all data is transmitted over secure, encrypted channels. Your data is protected by automated backups and redundancy, even in the event of hardware failures.
System monitoring
Availability & backups
Availability
Annual average guaranteed
Backup schedule
Data protection & GDPR
culturOS complies with all relevant data protection regulations, in particular the requirements of the EU General Data Protection Regulation (GDPR). All technical and organisational measures for the security of data processing are continuously reviewed and regularly updated. A standard Data Processing Agreement (DPA) is part of every contract; Data Protection Impact Assessments are provided on request. Data subject rights under Art. 15–20 GDPR are fully implemented.
GDPR compliance
Regulatory status
Legal basis (Art. 6)
Data processing (DPA)
Data subject rights (Art. 15–20)
DPIA
Certifications
Co-determination
Works-council-compatible, from day one.
culturOS has been designed so that a works agreement is smoothly possible. No individual performance monitoring, no behavioural profiles of individuals. Transparency for everyone involved.
1.
Compatible with works agreements
Our architecture is designed to meet works-agreement requirements. You decide what is analysed and what is not.
2.
No individual performance monitoring
Only aggregated patterns at team and department level. No scoring, no ranking, no individual assessment.
3.
Template works agreement
Template available for your company immediately. We actively support you in the dialogue with employee representatives.
4.
Works council dashboard
Optional restricted view for employee representatives, so your works council can see at any time which data is being processed.
Frequently asked questions
Security & data protection, decide well-informed.
Everything you need to know about data protection and security at culturOS.
More questions? Get in touch→
Ready for data-driven organisational development?
In 30 minutes we'll show you how culturOS works for your organisation.
For consultancies
Organisational development under your brand.
culturOS as White-Label: your methodology, your branding, our technology.