OneLogin removed detailed disclosures about AI-powered analysis of customer communications, including call recording practices, chatbot interactions, and email analysis. The updated policy no longer explicitly describes how AI is used to analyze call transcripts, identify follow-up tasks, summarize conversations, or analyze sales emails. Additionally, the policy modified language about how collected data will be used, narrowing one stated purpose from 'answers or services you have asked or licensed' to 'services you have purchased,' and updated the security contact email from webmaster@oneidentity.com to webmaster@quest.com.
The updated policy removes explicit language describing how OneLogin uses AI to analyze customer communications. Previously, the policy stated that call audio and video would be recorded with consent and analyzed using AI to identify follow-up tasks, summarize calls, and conduct sales analytics; that chatbot conversations would be analyzed and saved; and that sales emails would be analyzed to determine communication efficacy and forecast next steps. These specific AI analysis practices are no longer described in the updated policy. The revised language also narrows one stated data use purpose, changing 'answers or services you have asked or licensed' to 'services you have purchased.' No consumer opt-out mechanisms or alternative disclosures are provided in the change text.
The updated policy removes specific disclosures of AI-powered analysis of customer communications, which were previously stated purposes for data collection and processing. This removal creates ambiguity about how OneLogin processes call, chat, and email data going forward and may affect the transparency of OneLogin's data practices under GDPR, CCPA, and FTC standards. Organizations that rely on OneLogin's published privacy terms to inform their own vendor disclosures and Data Processing Agreements should evaluate whether they remain accurate.
→ Contact OneLogin security team at webmaster@quest.com to request written confirmation of whether call recording, transcript analysis, and email analysis practices continue under the updated policy.
→ Consumers will not have visibility into whether OneLogin continues to perform AI analysis of their calls, chats, and emails, as these practices are no longer explicitly described in the policy.
→ Organizations relying on OneLogin's privacy disclosures to populate their own customer-facing privacy notices may inadvertently publish inaccurate vendor data processing descriptions.
Policy no longer explicitly discloses AI-driven analysis of call transcripts, chatbot conversations, or sales emails.
Narrowed stated purpose from 'answers or services you have asked or licensed' to 'services you have purchased'.
Changed from webmaster@oneidentity.com to webmaster@quest.com.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
The policy no longer explicitly states how OneLogin uses AI to analyze customer communications, removing transparency about an automated data processing practice.
OneLogin removed explicit disclosures of AI-driven data processing practices from its privacy policy, including analysis of call transcripts, chatbot interactions, and sales emails. This removal may create compliance risk under GDPR Article 13/14 (transparency obligations for data processing), CCPA requirements for clear disclosure of automated decision-making, and general FTC Act Section 5 standards requiring honest and non-deceptive privacy disclosures. Organizations that contract with OneLogin may need to evaluate whether vendor privacy disclosures in their own customer-facing notices remain accurate and complete. The removal of detail about AI processing does not necessarily mean the company has ceased these practices; rather, it means they are no longer disclosed in the policy. Clarification from OneLogin on whether these practices continue under unstated terms may be warranted.
GDPR (Articles 13, 14 — transparency and information obligations; Article 6 — lawfulness of processing; Recital 47 — automated decision-making); CCPA (Cal. Civ. Code § 1798.100 et seq. — disclosure of automated decision-making and profiling); FTC Act Section 5 (unfair or deceptive practices); state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA — transparency requirements)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001969.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherOneLogin updated its privacy policy on May 6, 2026 to disclose new data collection and processing practices around recorded communications. …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.