Security & GDPR Compliance

At Remo, we implement enterprise-grade security measures to protect your data:

• End-to-End Encryption: All data in transit is encrypted using TLS 1.3 protocol
• Data at Rest: AES-256 encryption for all stored data
• Access Controls: Role-based access control (RBAC) and multi-factor authentication
• Regular Audits: Third-party security audits and penetration testing
• SOC 2 Type II Compliance: We maintain SOC 2 Type II compliant not certified
• Infrastructure: Hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA

Remo is fully compliant with the General Data Protection Regulation (GDPR) and respects your privacy rights:

Your Rights Under GDPR

• Right to Access: Request a copy of your personal data at any time
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent for data processing at any time

What Data We Collect

• Employee conversation data (anonymized or named by default).
• Account information (name, email, company details)
• Usage analytics and product interaction data

How We Use Your Data

• To provide and improve our AI-powered conversation services
• To generate insights and analytics as per your configuration
• To maintain and enhance platform security
• To communicate service updates and support
• To comply with legal obligations

Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations. You can request deletion of your data at any time by contacting us at privacy@cultureos.company.

We implement privacy-first principles in everything we build:

• Data Minimization: We collect only the data necessary for our services
• Anonymization: Employee responses are anonymized or named based on what the employee choose
• Purpose Limitation: Data is used only for specified, explicit purposes
• Transparency: Clear communication about data usage and processing
• User Control: You maintain full control over your data

We work with carefully vetted third-party service providers who are also GDPR compliant:

• Cloud hosting providers (AWS/Google Cloud)
• Payment processors (PCI DSS compliant)
• Email communication services

All third-party processors are bound by data processing agreements (DPAs) that ensure GDPR compliance.

Data Breach Protocol

In the unlikely event of a data breach:

• We will notify affected users within 72 hours as required by GDPR
• Supervisory authorities will be informed as appropriate
• We will provide details about the nature of the breach and remediation steps
• Our incident response team will take immediate action to contain and resolve the issue

Security Certifications

• SOC 2 Type II Compliant not certified
• GDPR Compliant not certified
• CCPA Compliant not certified

Contact Our Data Protection Officer

For any questions about data security, privacy, or to exercise your GDPR rights: