OneLogin updated its privacy policy on May 6, 2026 to disclose new data collection and processing practices around recorded communications. The policy now states that calls may be recorded with consent to optimize interactions and improve processes, and that OneLogin uses AI to analyze call transcripts, chat conversations, and sales emails to extract follow-up tasks, summarize interactions, perform sales analytics, and forecast next steps. The updated language also clarifies that recorded call data will be saved and used in future interactions, and it specifies new communication channels (email, text, telephone, chat) as points where personal data collection occurs.
The updated policy discloses that OneLogin may record calls with consent and use AI to analyze call transcripts, chat conversations, and sales emails for multiple purposes including follow-up task identification, call summarization, sales analytics, communication effectiveness analysis, and forecast modeling. Under the revised terms, recorded call audio and video may be reviewed for employee training, monitoring, and coaching purposes. The policy also states that OneLogin will save chat and call conversation data to inform future interactions. These practices apply when you communicate with OneLogin via phone calls, chat, email, text, or other teleconference solutions. You should review the updated disclosure to understand how your communication data will be processed and retained.
The updated policy establishes explicit disclosure of AI-driven data processing practices applied to recorded communications and communication metadata. This formalization of AI analysis, data retention, and cross-functional use (sales analytics, coaching, follow-up tracking) represents a material operational change in how OneLogin processes communication data and creates a clearer regulatory disclosure obligation under GDPR and CCPA. Organizations using OneLogin in their vendor stack should verify that these practices are reflected in contractual agreements and downstream privacy notices.
→ Review the updated privacy policy (effective May 1, 2026) to understand that calls, chats, and emails will be analyzed by AI
→ If you communicate with OneLogin and do not consent to call recording, inform the representative before the call begins
→ Your recorded calls, chats, and emails will be analyzed by AI systems as described in the updated policy without further notice
→ Call recordings will be retained and saved to inform future OneLogin interactions with you
Policy now discloses that OneLogin uses AI to analyze call transcripts, chat conversations, and sales emails for follow-up task identification, summarization, sales analytics, and coaching recommendations.
Policy states that calls may be recorded with consent to optimize interactions, improve processes, and identify coaching recommendations; recorded calls may be reviewed for employee training and monitoring.
Policy states that chat conversations and call data will be saved to inform future interactions with the user.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
When you call, chat, or email OneLogin, you are now explicitly told that your communication will be analyzed by AI systems for business process improvement and sales purposes.
The updated policy now explicitly names all the ways you communicate with OneLogin as points where data collection happens.
OneLogin's updated privacy policy adds disclosure of AI-driven data processing practices applied to recorded calls, chats, and sales emails. The change introduces explicit consent language for call recording and describes algorithmic analysis (transcript summarization, follow-up extraction, sales forecasting, communication analysis) performed on communication data. From a compliance perspective, this change engages GDPR Article 6 (lawful basis for processing), Articles 13-14 (transparency obligations), and potentially Article 4(4) and Recital 26 (consent requirements for recording). The policy also implicates CCPA disclosure obligations depending on jurisdiction. The change is primarily disclosive rather than substantive authority expansion, though it does formalize and detail practices that may not have been previously disclosed. Compliance teams should verify that consent mechanisms are adequately documented, that data minimization principles are applied, and that retention periods for recorded communications are specified in the full policy.
GDPR (Article 6 lawful basis, Articles 13-14 transparency, Article 4(4) consent for recording), CCPA (disclosure and consumer rights), HIPAA (if any health data is involved), CPRA (California), PEPA (Pennsylvania), ePrivacy Directive (electronic communications recording requirements in EU), Wiretap Act (federal recording consent in US, varies by state)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001735.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherGet alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.