Security and Privacy FAQ

How does ITBM protect user access to the CulturalGo family of services?

Access to CulturalGo is done with the following authentication methods:

• Credentials: username (usually your email address) and password.
• Additionally, users can optionally enable two-factor authentication (2FA) through their profile settings.

Does CulturalGo support setting password policies?

Administrators have two options for setting the password strength level for the account:

• A minimum of 8 characters without repetitions or consecutive characters;
• Or a minimum of 8 characters without repetitions or consecutive characters and at least one number (123),
  one lowercase letter (abc) and one uppercase letter (ABC).

ITBM customer data is encrypted? What methodologies are used to encrypt the data?

Yes, CulturalGo uses the following methods to encrypt customer data:

• Stored data is encrypted using AES-256.
• Data in transit over open networks is encrypted using TLS 1.3 (at least TLS 1.2).
• User passwords are encrypted and randomized.

Where are the ITBM data centers located?

ITBM and its family of services CulturalGo is a completely cloud-based service. The service is hosted on the Google Cloud Platform infrastructure in the Singapore Data Center with a disaster recovery site established in a different region.

These data centers use the latest physical and environmental security measures, resulting in a highly resilient infrastructure.

You can get more information about their security practices at:

GCP security page

How do you ensure service availability?

We employ a microservices architecture to ensure minimal impact to system health in the event of a failure of one or more components. Multiple Availability Zones are used to provide greater redundancy and we have alternate providers for some of the services we rely on.

In addition, the availability of our service can be monitored through our status page.

Does ITBM have exclusive security personnel?

Yes. Our Security Team and the broader Security Forum, which is made up of representatives from the Infrastructure, Development, and Operations teams, guide and oversee our security efforts.