Last updated: August 13th, 2025
Welcome to CultureAI.
CultureAI is owned and operated by CultureAI Technologies Ltd. ("CultureAI", "we", "us", "our"). We value your privacy and the protection of personal information. This Privacy Policy describes what we collect, how we use it, how we obtain consent, how long we retain it, and with whom we share it.
In this Privacy Policy, "Site" means www.cultureai.dev, and "Service" means our web apps, APIs, SDKs, dashboards, data connectors, and related services. "You" and "User" mean the individual or organization using the Service.
By using the platform, you are accepting the practices described in this privacy policy. Your use of the platform is also subject to our terms of service. This privacy policy may change from time to time. Your continued use of the platform after we make changes to this privacy policy will be deemed acceptance of those changes, so please check this policy periodically for updates.
This privacy policy has been developed and is maintained in accordance with all applicable state and federal privacy and data protection laws and regulations, and specifically with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR - European regulations).
Company: CultureAI Technologies Ltd.
Website: www.cultureai.dev
Email: connect@cultureai.dev (Attn: Privacy Officer)
We act as:
We rely on consent and, where permitted, legitimate interests consistent with Canadian law. You consent when you: visit the Site; create an account; connect third-party platforms; submit Customer Data; make purchases; or contact us. Where required, we will present just-in-time notices (e.g., cookies, cross-border transfers) and obtain opt-in consent.
name, business email, organization, role, password (hashed), preferences.
name, email, business address, and limited payment details handled by our payment processor (e.g., Stripe). We do not store full card numbers.
text, audio, video, images, captions, metadata, social handles/IDs, and other datasets you connect (e.g., via APIs to social platforms, storage, data warehouses).
IP address, device and browser type, pages or endpoints accessed, timestamps, referral URLs, language, error logs, API key usage, and performance metrics.
we use cookies and local storage for authentication, analytics, session management, and preferences.
we may use analytics tools (e.g., Google Analytics). See their policy: https://policies.google.com/privacy. You can adjust browser or device settings to manage cookies; some features may not function without them.
when you email or message us, we receive your contact details and the content of the communication.
Important: Please do not submit special categories of personal information (e.g., health data, precise geolocation, government IDs, bank numbers) unless expressly permitted in an Order/DPA and in compliance with law. Do not upload data about children.
We use information to:
We may use de-identified or aggregated information derived from Customer Data and usage to improve model quality, features, and safety. We do not attempt to re-identify such data. Enterprise customers may request an opt-out for model improvement via Order or DPA; if agreed, we will restrict use of Customer Data to providing the Service only. Outputs belong to you as set out in the Terms; you are responsible for evaluating and using them.
We do not sell personal information. We share as follows:
hosting, analytics, security, email delivery, customer support, and payment processing (e.g., Stripe: https://stripe.com/en-ca/privacy). These providers may process personal information solely to perform services for us and are bound by confidentiality and security obligations. A current list of sub-processors is available on request.
if you link accounts (e.g., social networks, clouds, warehouses), we access data per your configuration and those platforms' terms. Your use of third-party services is governed by their policies.
to comply with laws, lawful requests, or to protect rights, safety, and security.
in a merger, acquisition, financing, or sale of assets, information may be transferred, subject to continued protection consistent with this Policy.
We process and store information in Canada and abroad (including the United States). When transferring personal information, we use contractual and organizational measures intended to provide a comparable level of protection to that required by applicable Canadian privacy laws.
We use administrative, technical, and organizational measures designed to protect personal information and Customer Data (e.g., access controls, encryption in transit, vulnerability management, logging). No system is 100% secure; you are responsible for safeguarding your credentials, API keys, and the security of your systems and third-party integrations.
We retain personal information for as long as needed to provide the Service, meet legal, accounting, or reporting requirements, resolve disputes, and enforce agreements. For Customer Data, we retain it for your subscription term and a reasonable period thereafter (e.g., backups). Upon termination or your written request, we will delete Customer Data from active systems within a reasonable time, subject to legal holds and backup restoration cycles.
Subject to applicable law, you may:
For requests, contact connect@cultureai.dev. We will respond within the timeframes required by law (e.g., generally 30 days under PIPEDA/PIPA). If you are dissatisfied, you may contact the Office of the Privacy Commissioner of Canada (OPC) or the Office of the Information and Privacy Commissioner for British Columbia (OIPC).
We will assess incidents and, where required, notify affected individuals and regulators when there is a real risk of significant harm, and take steps to mitigate and prevent recurrence.
The Service is intended for business use and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will delete it.
Our Site and Service may include links to third-party sites or enable connections to third-party services. Their privacy practices are governed by their own policies; we are not responsible for them.
For enterprise customers, a DPA is available on request at connect@cultureai.dev and will govern processor obligations, sub-processors, security, cross-border transfers, assistance with requests, and incident handling.
We may update this Policy from time to time. We will post the updated version on the Site with a new "Last updated" date. Material changes will be effective on posting unless stated otherwise.
Questions or requests about this Policy or our privacy practices:
CultureAI Technologies Ltd.
Email: connect@cultureai.dev (Attn: Privacy Officer)
Website: www.cultureai.dev