One Identity may send you marketing emails about its products, and you can opt out at any time by clicking the unsubscribe link in those emails or by emailing the privacy team.
This analysis describes what OneLogin's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Marketing opt-out rights are straightforward here, but users who do not actively opt out will continue to receive promotional communications, and the opt-out may not cover all forms of marketing contact.
The updated policy discloses that OneLogin may record calls with consent and use AI to analyze call transcripts, chat conversations, and sales emails for multiple purposes including follow-up task id…
You will receive marketing emails from One Identity unless you actively unsubscribe using the link in each email or by emailing privacy@oneidentity.com. The opt-out applies to marketing emails but may not cover all promotional contacts such as phone or postal marketing.
How other platforms handle this
T-Mobile collects Customer Proprietary Network Information (CPNI), which is information about the quantity, technical configuration, type, destination, location, and amount of use of your service. T-Mobile may use your CPNI within its family of companies for the purpose of providing wireless telecom...
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
We and our service providers and other vendors may record, monitor, and retain emails, chats, calls, and texts. By communicating with us, you consent to this recording, monitoring, and retention. We may use chatbot technology and other automated methods of communication.
Monitoring
OneLogin has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may use your personal information to send you promotional communications, including about our products and services. You may opt out of receiving marketing emails from us by following the unsubscribe instructions included in each marketing email we send, or by contacting us at privacy@oneidentity.com.— Excerpt from OneLogin's OneLogin Privacy Policy
1) REGULATORY LANDSCAPE: This provision engages the CAN-SPAM Act for US email marketing, which requires a clear opt-out mechanism in each commercial email and honors opt-out requests within 10 business days. For EU/EEA recipients, the ePrivacy Directive requires prior consent for direct marketing emails unless the soft opt-in exception applies to existing customers. UK PECR imposes similar requirements. CASL applies to Canadian recipients. The relevant enforcement authorities are the FTC for CAN-SPAM compliance and EU/UK DPAs for ePrivacy and GDPR marketing consent requirements. 2) GOVERNANCE EXPOSURE: Low to Medium. The opt-out mechanism described is consistent with CAN-SPAM requirements. However, if One Identity sends marketing emails to EU/EEA recipients without prior consent, this would engage ePrivacy requirements that go beyond opt-out to require opt-in. The policy does not clarify whether EU marketing emails rely on consent or the soft opt-in exception, which creates uncertainty about the legal basis for EU marketing. 3) JURISDICTION FLAGS: EU/EEA users require consent (or soft opt-in for existing customers) for direct marketing under the ePrivacy Directive. Canadian users require express or implied consent under CASL. Australian users are subject to the Spam Act 2003. US users are protected by CAN-SPAM, which requires only an opt-out mechanism. The adequacy of One Identity's marketing consent framework should be verified across each relevant jurisdiction. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers whose employee or customer contact data is processed by One Identity should ensure their DPAs prohibit One Identity from using that data for its own marketing purposes. If One Identity markets directly to users of enterprise customers' services, this may create independent compliance obligations for the enterprise. 5) COMPLIANCE CONSIDERATIONS: Legal teams should audit the consent basis for marketing emails sent to EU/EEA and Canadian recipients and verify that opt-out requests are processed within applicable statutory timeframes. Marketing lists should be reviewed to ensure suppression lists are maintained and updated following opt-out requests. The scope of the opt-out (email only versus all marketing channels) should be clarified in the policy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Marketing opt-out rights are straightforward here, but users who do not actively opt out will continue to receive promotional communications, and the opt-out may not cover all forms of marketing contact.
You will receive marketing emails from One Identity unless you actively unsubscribe using the link in each email or by emailing privacy@oneidentity.com. The opt-out applies to marketing emails but may not cover all promotional contacts such as phone or postal marketing.
ConductAtlas has identified this type of provision across 15 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OneLogin.