We respect and protect your personal data

At Adeption, we understand the significance and value of the data entrusted to us by our clients and stakeholders. Our commitment to safeguarding this data is unwavering and is at the very heart of our operations. Recognizing the rapidly evolving digital landscape and the complexities of modern cyber threats, we have implemented robust measures that encompass application security, identity protection, infrastructure security, and rigorous adherence to compliance and industry standards. This document serves to outline our comprehensive data security policies, reflecting our dedication to ensuring that our digital environments are resilient, secure, and trustworthy. Our approach to data security is not just about protecting our business; it’s about preserving the trust and confidence our clients have placed in us, and we are steadfast in our commitment to uphold and reinforce this trust every day.

Adeption’s information security policy is available here.

Last updated December 2O25.

We provide a secure platform environment

We are dedicated to giving our customers a highly secure and dependable environment since we know they want us to protect their data to the greatest standards. Our security model and controls are based on international standards and industry best practices, such as ISO 27OO1, and OWASP Top 1O.

Application Security

We engage in secure design and coding practices, engaging in secure application security practices as early as possible in our development cycle. We also consistently engage in ongoing testing and penetration testing on our application, to catch and remediate bugs that do make it through our development cycle.

Our controlled CI/CD process includes static code analysis, end-to-end testing, unit testing which addresses authorization aspects and more. You can read more about Adeption’s application security processes here

Identity Protection

Adeption uses Azure AD (Active Directory) for identity management. Azure AD’s identity management capabilities improve security, simplify user access, and reduce the reliance on passwords, ultimately enhancing the overall security posture.

• Single Sign-On (SSO): Azure AD enables users to sign in once and access multiple applications and services without the need for separate passwords. This enhances convenience and productivity while reducing the risk of weak or reused passwords. 
• Password Protection: Azure AD Password Protection helps prevent the use of weak or easily guessable passwords by enforcing custom password policies and blocking common password patterns. It helps protect against brute force attacks and significantly strengthens the security of user credentials. 
• Multi-Factor Authentication (MFA): Azure AD supports MFA, which adds an extra layer of security by requiring users to provide additional verification factors (such as a mobile app notification, SMS code, or biometric data) during the sign-in process. MFA significantly reduces the risk of unauthorised access even if passwords are compromised.

We safeguard your data

Infrastructure security is crucial for maintaining the confidentiality, integrity, and availability of data and systems. We’ve partnered with Microsoft Azure, taking full advantage of their Cloud services. These services allow us to capture, process and store data securely while respecting data sovereignty.

Data Hosting and Storage

Adeption services and data are hosted across multiple Availability Zones in Microsoft Azure facilities in Dublin, Ireland (north-eu). We have also established a disaster recovery site in Amsterdam, Netherlands (west-eu). This allows us to provide a reliable service and keeps your data available whenever you need it. These data centres employ leading physical and environmental security measures, resulting in highly resilient infrastructure. Further information is available here.

Data Encryption

Adeption encrypts all data both in transit and at rest:

• Traffic is encrypted using TLS 1.2 with a modern cipher suite
• User data is encrypted at rest across our infrastructure using AES-256 or better
• Credentials are hashed and salted using a modern hash function

Additional Infrastructure Security

Our infrastructure is protected using multiple layers of defence mechanisms, including:

• Firewalls for enforcing IP whitelisting and access through permitted ports only to network resources
• A web application firewall (WAF) for content-based dynamic attack blocking
• DDoS mitigation
• Comprehensive logging of network traffic, both internal and edge

Endpoint Security

Adeption enforces endpoint security for all devices that access its networks and systems. Adeption uses Sophos XDR and MDM to protect devices and to ensure they are free of security threats and applies policies to devices to reduce risk of data loss and unauthorized access.

Failover and DR

Adeption was built with disaster recovery in mind. All of our infrastructure and data are spread across 2 Azure datacenters  and will continue to work should any one of those data centres fail.

Our latest Disaster Recovery (DR) plan is available here.

Data Retention

Adeption complies with the internationally recognized standards for data protection and security (including GDPR requirements).  A client or end user can request at any time to have their data removed or deleted from the platform and Adeption will do this.

Note: If user data is deleted from the platform, users cannot reactivate this data.  Adeption recommends that users maintain their account even after completing an experience so that this data is available for a future experience that they may engage in.

Adeption users have access to an independent arbitrator (AAA-ICDR) should they have any data protection concerns.

External Certification, Security Audits and Penetration Tests

Adeption is ISO/IEC 27OO1:2O22 certified with Intertek UKAS across all of its entities and regions.
Click here for Adeption’s ISO certificate.

Adeption regularly engages an independent third-party organisation to assess and evaluate the effectiveness of our security controls, practices, and policies, providing an objective perspective and validating the robustness of the data security measures in place. Adeption also conducts penetration tests on an annual basis both in the application and in the infrastructure level using well-known, independent auditors.

Subprocessors

Adeption engages Subprocessors to power its platform and run the business.  These partners maintain industry standards related to information security and data protection. Below is a full list of Adeption’s Subprocessors and how they use the data shared with them. Adeption Sub Processors

What personal data we collect and how use it

Adeption requires name and email address as mandatory information. This is the only mandatory personal identifiable information (PII) Adeption stores. Optional PII includes a user’s position, title and phone number. Adeption also stores non-personal information including: written responses to questions, photos or videos as a part of their coaching experience. Further information about the information that Adeption collects can be found in Adeption’s Privacy and Use of Data Policy.

We use AI in a considered way

Adeption applies innovative technology to engage users in coaching experiences leveraging the principles behavioral science.  One such technology is Artificial Intelligence (AI) which Adeption applies in several ways:

• Tool and insight prediction
• Leadership mindset indication 
• AI questions and responses in coaching workouts

Adeption has developed its own Proprietary AI (algorithms) to provide these features and range of leadership development solutions. Adeption’s AI is not open source and does not share any data outside of our client environments. Adeption uses non-identifiable aggregated data to improve its accuracy of AI features and does not use personal information for any training.

Find out more about how we use AI to scale high-quality leadership development here.

Additional security measures

Employee training

All our employees undergo thorough information security awareness training during onboarding. Further security training and awareness programs are provided on a regular basis.

Security policies

Adeption has developed a comprehensive set of information security management system policies that are aligned with ISO27OO1 standards. These policies are updated frequently and shared with all employees.

Employee vetting

Adeption performs background checks on all new employees in accordance with local laws. The background check includes verification and criminal checks.

Employee confidentiality

All employee contracts and contractor agreements include a confidentiality agreement. Additionally all employees with privileged access need to agree to additional system administrator confidentiality terms.