One Identity can share your personal data with affiliated companies, outside vendors, and business partners, including for marketing purposes and not just to deliver services you requested.
This analysis describes what OneLogin's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data sharing with business partners for promotions goes beyond what most users expect from an identity management vendor and may result in your contact information being used for third-party marketing purposes.
The updated policy discloses that OneLogin may record calls with consent and use AI to analyze call transcripts, chat conversations, and sales emails for multiple purposes including follow-up task identification, call summarization, sales analytics, communication effectiveness analysis, and forecast modeling. Under the revised terms, recorded call audio and video may be reviewed for employee training, monitoring, and coaching purposes. The policy also states that OneLogin will save chat and call conversation data to inform future interactions. These practices apply when you communicate with OneLogin via phone calls, chat, email, text, or other teleconference solutions. You should review the updated disclosure to understand how your communication data will be processed and retained.
View change record →The updated policy removes explicit language describing how OneLogin uses AI to analyze customer communications. Previously, the policy stated that call audio and video would be recorded with consent and analyzed using AI to identify follow-up tasks, summarize calls, and conduct sales analytics; that chatbot conversations would be analyzed and saved; and that sales emails would be analyzed to determine communication efficacy and forecast next steps. These specific AI analysis practices are no longer described in the updated policy. The revised language also narrows one stated data use purpose, changing 'answers or services you have asked or licensed' to 'services you have purchased.' No consumer opt-out mechanisms or alternative disclosures are provided in the change text.
View change record →This expands data sharing scope beyond the previous 'resellers and distributors' provision to include affiliates, vendors, service providers, and business partners, with explicit mention of marketing purposes.
View full change record →Your contact information and usage data may be shared with business partners who can use it to offer you products or services unrelated to the One Identity service you signed up for. This sharing is disclosed but may not require your active consent in all jurisdictions.
How other platforms handle this
We may collect information derived or resulting from voluntary surveys. We may also collect Personal Information when you voluntarily provide us with Personal Information as a Visitor, such as when you use our "Contact Us" form.
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your personal information with busines...
Monitoring
OneLogin has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with our subsidiaries and affiliates, as well as with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal information with business partners to offer you certain products, services or promotions.— Excerpt from OneLogin's OneLogin Privacy Policy
1) REGULATORY LANDSCAPE: This provision implicates GDPR Articles 6 and 13 regarding lawful basis and transparency for data sharing, CCPA/CPRA provisions on disclosure of data sharing with third parties and the right to opt out of sale or sharing, and FTC Act principles on unfair or deceptive practices. The relevant enforcement authorities are EU Data Protection Authorities, the California Privacy Protection Agency, and the FTC. The breadth of 'business partners' sharing for promotional purposes may require evaluation under GDPR's purpose limitation principle and CCPA's definition of 'sharing' for cross-context behavioral advertising. 2) GOVERNANCE EXPOSURE: Medium. The provision broadly authorizes sharing with business partners for promotions without specifying the categories of partners or the controls applied to such sharing. Under CCPA/CPRA, sharing personal information for cross-context behavioral advertising constitutes 'sharing' subject to opt-out rights regardless of monetary exchange, which may require an opt-out mechanism if One Identity shares data with advertising or analytics partners. 3) JURISDICTION FLAGS: California residents have a right to opt out of sharing under CPRA. EU/EEA users are entitled to know the specific legal basis for sharing with business partners; legitimate interests assertions for promotional sharing may face scrutiny from DPAs. UK GDPR imposes similar transparency obligations. Organizations processing employee data through One Identity may face additional obligations under local employment data protection laws. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should request a sub-processor list and Data Processing Agreement that clearly delineates which third-party vendors receive personal data, the purposes for which they receive it, and what contractual restrictions apply. The reference to 'business partners' for promotions is distinct from sub-processors and should be evaluated separately in vendor risk assessments. 5) COMPLIANCE CONSIDERATIONS: Legal teams should assess whether One Identity's business partner sharing for promotional purposes triggers CPRA opt-out obligations and whether a 'Do Not Sell or Share My Personal Information' link is required on properties targeting California users. Data mapping should be updated to reflect all third-party recipients and the purposes of transfer. GDPR-covered organizations should verify that legitimate interests assessments or consent mechanisms are documented for promotional data sharing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data sharing with business partners for promotions goes beyond what most users expect from an identity management vendor and may result in your contact information being used for third-party marketing purposes.
Your contact information and usage data may be shared with business partners who can use it to offer you products or services unrelated to the One Identity service you signed up for. This sharing is disclosed but may not require your active consent in all jurisdictions.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OneLogin.