One Identity can update this privacy policy at any time, and changes take effect when posted online; for material changes, the company may (but is not required to) send you a direct notification.
This analysis describes what OneLogin's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Because policy changes are effective upon posting, users who do not actively monitor the policy may be subject to new data practices without realizing it, even if direct notification is not sent.
The updated policy discloses that OneLogin may record calls with consent and use AI to analyze call transcripts, chat conversations, and sales emails for multiple purposes including follow-up task identification, call summarization, sales analytics, communication effectiveness analysis, and forecast modeling. Under the revised terms, recorded call audio and video may be reviewed for employee training, monitoring, and coaching purposes. The policy also states that OneLogin will save chat and call conversation data to inform future interactions. These practices apply when you communicate with OneLogin via phone calls, chat, email, text, or other teleconference solutions. You should review the updated disclosure to understand how your communication data will be processed and retained.
View change record →The updated policy removes explicit language describing how OneLogin uses AI to analyze customer communications. Previously, the policy stated that call audio and video would be recorded with consent and analyzed using AI to identify follow-up tasks, summarize calls, and conduct sales analytics; that chatbot conversations would be analyzed and saved; and that sales emails would be analyzed to determine communication efficacy and forecast next steps. These specific AI analysis practices are no longer described in the updated policy. The revised language also narrows one stated data use purpose, changing 'answers or services you have asked or licensed' to 'services you have purchased.' No consumer opt-out mechanisms or alternative disclosures are provided in the change text.
View change record →This new provision establishes the mechanism for notifying users of policy changes, which is important for transparency regarding material modifications to privacy practices.
View full change record →Changes to how One Identity handles your personal data can take effect as soon as they are posted to the website, and direct notification for material changes is described as something One Identity 'may' do rather than a firm commitment. Checking the policy periodically or monitoring for notification emails is advisable if you want to stay current with how your data is used.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
OneLogin has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date at the top of this privacy notice and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.— Excerpt from OneLogin's OneLogin Privacy Policy
1) REGULATORY LANDSCAPE: This provision engages GDPR requirements for transparent communication of changes to privacy information under Articles 13 and 14, which require that data subjects be informed of material changes in a timely manner. CCPA/CPRA requires that the privacy policy be updated at least once every 12 months and that material changes be disclosed. The FTC has taken action against companies that made material changes to privacy practices without adequate notice. The relevant enforcement authorities are EU DPAs, the UK ICO, and the FTC. 2) GOVERNANCE EXPOSURE: Medium. The use of 'may notify' rather than 'will notify' for material changes creates ambiguity about the company's notification commitment. GDPR generally requires proactive communication of material changes to data subjects, and a post-only approach may not satisfy this requirement in all cases. The absence of a defined notice period before changes take effect is also notable. 3) JURISDICTION FLAGS: EU/EEA users have the strongest entitlement to proactive notification of material changes under GDPR. UK users have similar rights under UK GDPR. California users should receive updated policy disclosures at least annually under CPRA. Users in jurisdictions without explicit change notification requirements may have limited recourse if practices change without direct notice. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should ensure their DPAs with One Identity require advance notice of material changes to privacy practices that affect data processed on the customer's behalf. A standard commercial DPA typically requires 30 to 90 days advance notice for material policy changes. The policy's current language does not provide this commitment. 5) COMPLIANCE CONSIDERATIONS: Legal teams should establish a process to monitor One Identity's privacy policy for changes, particularly if One Identity is used as a data processor. DPAs should include a contractual commitment to advance notice of material changes. Internal data mapping documents should be updated whenever the policy changes to reflect any new processing activities or data sharing arrangements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Because policy changes are effective upon posting, users who do not actively monitor the policy may be subject to new data practices without realizing it, even if direct notification is not sent.
Changes to how One Identity handles your personal data can take effect as soon as they are posted to the website, and direct notification for material changes is described as something One Identity 'may' do rather than a firm commitment. Checking the policy periodically or monitoring for notification emails is advisable if you want to stay current with how your …
ConductAtlas has identified this type of provision across 4 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OneLogin.