What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy engages GDPR as the primary framework for EU/EEA data subjects, CCPA/CPRA for California residents, and references additional country-specific frameworks including those applicable in Brazil, Japan, and Germany, among others indicated by the localized versions of the policy. The primary enforcement authorities are the relevant EU Data Protection Authorities (including the lead supervisory authority under GDPR's one-stop-shop mechanism), the California Privac…

How does OneLogin's OneLogin Privacy Policy affect users?

One Identity collects a broad range of personal data including contact information, usage and behavioral data, and device identifiers, and the policy authorizes sharing this data with affiliates, business partners, and third-party service providers for purposes that extend beyond core service delivery to include marketing and analytics. Users in certain jurisdictions, particularly EU/EEA and California, have enforceable rights to access, correct, delete, or restrict processing of their data, bu…

How often is OneLogin's OneLogin Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when OneLogin updates this document?

Yes. Watcher subscribers ($9.99/month) can add OneLogin to their watchlist and receive same-day email alerts whenever this document or any other OneLogin document changes.

CA-D-000694

OneLogin Privacy Policy

OneLogin

Last change detected May 6, 2026 Privacy policy

SHA-256: 632189e2a9ad8217101… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at OneLogin ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

5 Medium severity

3 Low severity

Summary

This is One Identity's privacy policy, which explains how the company collects and uses personal information from people who visit their website or use their identity and access management products. The most important thing to know is that One Identity shares your personal data, including contact details, usage behavior, and device information, with affiliates, business partners, and third-party vendors for purposes that include marketing and analytics, not just service delivery. If you are a California resident or an EU/EEA user, the policy describes specific rights you can exercise, including requesting deletion or correction of your data, by contacting privacy@oneidentity.com.

Technical / Legal Breakdown

This document is One Identity's (formerly OneLogin's) privacy policy governing the collection, use, storage, and sharing of personal information from customers, website visitors, and users of One Identity products and services, with GDPR and various international frameworks cited as its legal basis. The policy states that One Identity collects personal data including contact information, usage data, device identifiers, and in some cases sensitive categories, and the terms authorize sharing this data with subsidiaries, affiliates, business partners, and third-party service providers for purposes including marketing, analytics, product improvement, and legal compliance. The policy includes a broad retention clause permitting data to be held 'as long as necessary' for business or legal purposes without specifying fixed retention periods, and asserts data transfers from the EU/EEA to the US and other jurisdictions under mechanisms such as Standard Contractual Clauses; the breadth of these assertions may be subject to evaluation under applicable data protection law. The policy engages GDPR (as a primary framework for EU/EEA users), CCPA/CPRA (for California residents), and references compliance with various country-specific laws; One Identity's dual role as both a data controller for website visitors and a data processor for enterprise customers creates distinct compliance obligations that the document partially addresses but does not fully delineate in all operational contexts.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 6, 2026

medium

What changed OneLogin updated its privacy policy on May 6, 2026 to disclose new data collection and processing practices around recorded communications. The policy now states that calls may be recorded with consent to optimize interactions and improve processes, and that OneLogin uses AI to analyze call transcripts, chat conversations, and sales emails to extract follow-up tasks, summarize interactions, perform sales analytics, and forecast next steps. The updated language also clarifies that recorded call data will be saved and used in future interactions, and it specifies new communication channels (email, text, telephone, chat) as points where personal data collection occurs.

Why this matters The updated policy discloses that OneLogin may record calls with consent and use AI to analyze call transcripts, chat conversations, and sales emails for multiple purposes including follow-up task identification, call summarization, sales analytics, communication effectiveness analysis, and forecast modeling. Under the revised terms, recorded call audio and video may be reviewed for employee training, monitoring, and coaching purposes. The policy also states that OneLogin will save chat and call conversation data to inform future interactions. These practices apply when you communicate with OneLogin via phone calls, chat, email, text, or other teleconference solutions. You should review the updated disclosure to understand how your communication data will be processed and retained.

View full change record →

Medium — 5 provisions

Third-Party Data Sharing for Marketing and Analytics Compare →

One Identity can share your personal data with affiliated companies, outside vendors, and business partners, including for marketing purposes and not just to deliver services you requested.

Added May 10, 2026 Standard Seen across 246 platforms
Data Retention Without Fixed Periods Compare →

One Identity keeps your personal data for as long as it considers necessary for business or legal reasons, without committing to a specific maximum retention period.

Added May 10, 2026 Standard Seen across 223 platforms
International Data Transfers via Standard Contractual Clauses Compare →

One Identity may transfer personal data from the EU, UK, or Switzerland to the US and other countries, relying on Standard Contractual Clauses as the legal transfer mechanism.

Added May 7, 2026 Common Seen across 122 platforms
GDPR and CCPA Data Subject Rights Compare →

Depending on where you live, you may have rights to access, correct, delete, or transfer your personal data, or to withdraw consent for how it is used, by contacting One Identity.

Added May 10, 2026 Standard Seen across 262 platforms
Data Collection from Third-Party Sources Compare →

One Identity may obtain personal information about you from outside sources, including data brokers and social media platforms, and add it to the profile it already holds about you.

Added May 10, 2026 Standard Seen across 251 platforms

Low — 3 provisions

Cookie and Tracking Technology Use Compare →

One Identity uses cookies, web beacons, and tracking pixels on its website, and provides a separate Cookie Notice explaining how to opt out of certain tracking technologies.

Added May 7, 2026 Standard Seen across 251 platforms
Marketing Communications and Opt-Out Compare →

One Identity may send you marketing emails about its products, and you can opt out at any time by clicking the unsubscribe link in those emails or by emailing the privacy team.

Added May 10, 2026 Standard Seen across 262 platforms
Policy Updates and Notification Compare →

One Identity can update this privacy policy at any time, and changes take effect when posted online; for material changes, the company may (but is not required to) send you a direct notification.

Added May 10, 2026 Standard Seen across 178 platforms