OAD.ai meets the security, privacy, and assessment standards required by the world’s most regulated industries, so your procurement team can say yes.
American Psychological Association standards met
Validated
British Psychological Society Level B qualified
Certified
EU General Data Protection Regulation compliant
EU General Data Protection Regulation compliant
Compliant
Canadian Personal Information Protection Act compliant
Compliant
256-bit Encryption
At rest, with TLS 1.3 on traffic
Data Residency
US, EU, Canada available
SSO & SCIM
Enterprise provisioning
Audit Logs
Full event trail, exportable
Assessments Validated
38 years of science
APA / BPS
Assessment Science Compliance
OAD’s behavioral diagnostic is built on assessment methodology aligned with APA and BPS standards, the governing bodies for assessment science in the US and the UK. Documentation is available for your legal and procurement review.
Assessment Validation Summary
Fully Validated
Security Architecture Overview
Encryption & Access
AES-256 · TLS 1.3 · quarterly penetration testing
OAD.ai runs on enterprise-grade infrastructure security: encryption in transit and at rest, isolated cloud infrastructure, and independent penetration testing on a regular cadence.
GDPR / PIPEDA
Data Privacy Compliance
OAD.ai is fully compliant with GDPR (EU/UK), PIPEDA (Canada), and applicable US state privacy laws. We collect only what is necessary to deliver the assessment, nothing more.
Data Handling Principles
GDPR Compliant
Enterprise clients get full identity management integration, so user provisioning, deprovisioning, and access control is handled by your existing identity provider.
Single Sign-On (SSO)Available on Enterprise plans. SAML 2.0 and OIDC support. Works with Okta, Azure AD, Google Workspace, and any major identity provider. No separate OAD passwords required for your team.
SCIM ProvisioningAutomatic user provisioning and deprovisioning via SCIM 2.0. New employees get access instantly. Departing employees are deprovisioned the moment they leave your IdP.
Role-Based Access ControlRole-based permissions control who can send assessments, view profiles, access team reports, and export data. Client-configurable roles, where your admins create and edit their own roles, arrive in OAD 2.0.
Audit LogsComplete audit trail of main user actions, survey sends, profile views, data exports, and admin changes. Exportable on request.
Data SegregationEnterprise clients get logically isolated data environments. Your assessment data is never co-mingled with other clients’ data at the storage layer.
Dedicated Security ContactEnterprise clients receive a named security contact for procurement reviews, vendor questionnaires, and incident response. Average response time: under 4 business hours.
OAD’s assessment methodology has been continuously validated since 1986, across industries, geographies, and roles. No competitor has a validation dataset that comes close.
Assessments completed across 40+ countries, the largest behavioral performance dataset of its kind
Of continuous validation since 1986, more longitudinal data than any assessment competitor on the market
Countries and industries in the validation dataset, covering sales, ops, support, logistics, and leadership roles
The full behavioral assessment, from first question to a complete profile result
Can OAD be used in hiring without legal risk?OAD measures behavioral drive, not personality type, cognitive ability, or any protected characteristic, and content validity documentation is available for legal and procurement review. As with any assessment, we recommend using OAD as one structured input in your hiring process rather than a sole deciding factor. Our team can support your legal and compliance review on request.
Does OAD comply with GDPR?Yes. OAD collects explicit consent before every assessment, supports data residency in the EU (Frankfurt), provides Data Processing Agreements to all enterprise clients, and honors right-to-erasure requests within 30 days. A full GDPR compliance review is available to procurement teams on request.
Can candidates request deletion of their assessment data?Yes. Under GDPR, PIPEDA, and applicable US state privacy laws, participants have the right to access, correct, and request deletion of their assessment data. Requests are processed within 30 days and a deletion confirmation audit trail is provided to the client administrator.
Does OAD support SSO and SCIM?Yes, for Enterprise plan clients. OAD supports SAML 2.0 and OIDC for SSO with Okta, Azure AD, Google Workspace, and all major identity providers. SCIM 2.0 is supported for automated user provisioning and deprovisioning.
Is assessment data used to train AI models?No. Assessment data from OAD clients is never used to train third-party AI or machine learning models. Client data is used solely to deliver the services contracted. OAD’s own proprietary behavioral model is trained on aggregated, anonymized historical data with explicit consent provisions in place
Validation & Science BriefOverview of OAD’s assessment methodology, content validity, and alignment with APA and BPS standards.
Security OverviewInfrastructure architecture, encryption standards, and penetration testing cadence.
Privacy & GDPR OverviewData collection practices, retention policies, participant rights, data residency options, and a summary of GDPR and PIPEDA compliance measures.Privacy & GDPR Overview
Data collection practices, retention policies, participant rights, data residency options, and a summary of GDPR and PIPEDA compliance measures.
Data Processing AgreementStandard DPA for GDPR and PIPEDA compliance. Enterprise clients receive a pre-signed DPA as part of their contract. Custom DPAs available on request.
Vendor Security QuestionnairePre-completed standard information security questionnaire covering infrastructure, access controls, data handling, and business continuity. Available on request.
Your Performance Director can provide all documentation, answer security questionnaires, and join procurement calls directly.