Privacy & Data
What data Cursus collects, how it's protected, and the architectural choices that prevent individual-level surveillance.
Cursus is built on a privacy-first, intelligence-not-surveillance principle. This isn't a policy position — it's an architectural constraint built into the data model and API layer.
What data Cursus collects
Always collected (structural data)
- Organizational structure (HRIS import): reporting lines, job titles, departments, locations
- Program data: change programs, impacts, interventions, milestones
- Survey responses: periodic readiness and sentiment check-ins (optional, always aggregated)
Opt-in ambient signals
The following are only activated after employee notification and organizational opt-in:
| Signal type | What's collected | What's NOT collected |
|---|---|---|
| Email metadata | Frequency, direction, timing | Message content, subject lines |
| Teams/Slack metadata | Channel activity patterns | Message content, files |
| Calendar metadata | Meeting frequency, patterns | Meeting content, attendees |
| ERP telemetry | Login frequency, feature usage | Transactions, data entered |
Aggregation thresholds
Individual-level data is never exposed in any Cursus view, API response, or AI output. Every metric requires a minimum group size before it is computed and displayed.
The default threshold is 5 people. Groups with fewer than 5 members will show "Insufficient data" rather than a score. Administrators can increase this threshold — they cannot decrease it below 5.
This is enforced at the API layer, not just in the UI. A direct API call to a group endpoint with fewer than 5 members will return a 403 response with a privacy threshold error.
Data residency and security
- All data is stored in your organization's Supabase instance (Postgres)
- Data never leaves your tenant — Cursus does not aggregate data across organizations
- All integration credentials are encrypted at rest using AES-256-GCM
- GDPR Art. 15 (data export) and Art. 17 (data erasure) endpoints are available to all users
- SOC 2 Type II audit in progress
Employee rights
Every employee has access to a "What Cursus knows about me" view at /settings/privacy/my-data. This shows exactly what data has been collected about them, with source attribution.
Employees can opt out of:
- Micro-interactions (quick pulse check-ins)
- All active ambient data collection
Opt-out is self-service and immediate. Opted-out employees are excluded from all ambient signal computation.
GDPR compliance
- Data export: available to all users, rate-limited to 2 requests per 24 hours
- Data deletion: self-service erasure with
"DELETE MY DATA"confirmation gate - Data processing agreements (DPAs) available on request
- Contact: privacy@cursusapp.io