Privacy Policy

Oppi AI Oy — WorkProbe

Last updated: June 3, 2026

Effective date: June 3, 2026

This policy explains how Oppi AI Oy ("we", "us") collects and processes personal data on workprobe.com and within the WorkProbe assessment platform. We are a Finnish company registered in Helsinki, and our processing is governed primarily by the EU General Data Protection Regulation (GDPR). For users in the United States, additional protections apply under applicable state laws.

1. Who we are

Oppi AI Oy (2931658-6), Jokitie, Lahti, Finland. For privacy matters, contact hello@oppi.ai.

2. What we collect on workprobe.com

When you visit our landing pages or marketing site, we may collect:

  • Information you submit via forms — e.g. your work email, when you request a sample report or book a walkthrough. Used only to respond to your request and follow up if you opt in.
  • Analytics data via PostHog — a privacy-respecting product-analytics tool. This includes anonymised session events (page views, clicks, scroll depth), device and browser metadata, and a randomised session identifier. We do not use PostHog to build advertising profiles.
  • LinkedIn click tracking parameters — when you arrive via a LinkedIn ad, used to attribute conversions to ad variants. Not linked to your LinkedIn identity by us.

We do not use third-party advertising cookies on this site.

3. What the WorkProbe assessment collects

WorkProbe is designed around a zero-PII principle. When a candidate completes an assessment, we never collect or store:

  • The candidate's name, email, resume, or any other identifying information
  • Video or audio recordings
  • Any data that could identify the candidate to our scoring pipeline

What we store per assessment session, keyed only to an anonymous session identifier:

  • The candidate's interactions with the AI tools provided during the simulation
  • Messages exchanged with simulated stakeholders
  • File selections and timing/event data

Identity is owned by the hiring organisation's applicant tracking system (ATS). The link between candidate and session exists only inside the ATS, never inside WorkProbe.

4. Legal basis for processing

Under GDPR Article 6, we rely on:

  • Consent — for marketing communications, sample report delivery, and optional analytics
  • Contract performance — for delivering the assessment service to organisations that have engaged us
  • Legitimate interest — for essential site security, fraud prevention, and aggregated product analytics

For the WorkProbe assessment itself, our customer (the hiring organisation) is the data controller and we act as data processor under Article 28.

5. Retention

  • Marketing form submissions: retained for 12 months unless you request earlier deletion or withdraw consent
  • Analytics events: retained for 12 months in aggregated form
  • WorkProbe assessment sessions: retained according to the data-processing agreement with the customer organisation. Default retention is 12 months unless the customer has specified otherwise. Deletion is a single operation — the entire session is removed.

6. Sub-processors

We use the following sub-processors to deliver our service:

  • Vercel, Railway — infrastructure hosting (EU)
  • PostHog — product analytics (EU)
  • Twilio SendGrid — transactional email
  • Anthropic, OpenAI — AI inference for the assessment runtime

Each sub-processor is bound by a data-processing agreement consistent with GDPR Articles 28 and 32.

7. International transfers

Some of our sub-processors are based outside the European Economic Area. Where such transfers occur, we rely on the European Commission's Standard Contractual Clauses (SCCs) and apply additional safeguards consistent with the Schrems II ruling.

8. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you (Article 15)
  • Request correction of inaccurate data (Article 16)
  • Request erasure of your data (Article 17)
  • Restrict or object to processing (Articles 18 and 21)
  • Receive your data in a portable format (Article 20)
  • Lodge a complaint with a supervisory authority — in Finland, the Office of the Data Protection Ombudsman (tietosuoja.fi)

To exercise any of these rights, email hello@oppi.ai.

9. Children

Our services are designed for adult professional use only. We do not knowingly collect personal data from anyone under 18. If you believe we have, contact hello@oppi.ai and we will delete it.

10. Changes to this policy

When we make material changes, we update the "Last updated" date at the top of this page. For significant changes, we will notify users who have provided contact information.

11. Contact

For any privacy-related question or request, email hello@oppi.ai.