PRIVACY NOTICE
Last modified April 13, 2015
OneLogin, Inc. (“OneLogin”) is committed to protecting the privacy of your personal information while using our Web site (www.onelogin.com) and when using our on-demand support platform, tools and services offered on the Web site (the “Service”). OneLogin has established this Privacy Policy Statement to assist you to understand how we collect and use personally identifiable information if and when you use our Web site as a “Visitor” or provide information to us in connection with your use of the Service as a “Subscriber”. By using our Web site you are agreeing to the collection and use of personal information in the manner described in this Privacy Policy Statement. By registering for our Service, you are agreeing to the collection and use of personal information in the manner described in this Privacy Policy Statement and the OneLogin Terms of Service.
Does OneLogin participate in the Safe Harbor Program?
We self-certify compliance with:

OneLogin complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. OneLogin has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program and to view OneLogin’s certification, please visit http://www.export.gov/safeharbor
 


In addition, OneLogin has been awarded TRUSTe’s Privacy Seal signifying that this Privacy Policy and practices have been reviewed by TRUSTe for compliance with TRUSTe’s Program Requirements and the TRUSTed Cloud Program Requirements including transparency, accountability and choice regarding the collection and use of your personal information. The TRUSTe program does not cover information that may be collected through downloadable software. The TRUSTe certification covers only our collection, use and disclosure of information we collect through our website: www.onelogin.com and our service platform associated with this website and does not cover information that may be collected through our mobile applications. The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged OneLogin. TRUSTe’s mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our Privacy Policy or practices, please contact us at privacy@onelogin.com. If you are not satisfied with our response you can contact TRUSTe here.
What information does OneLogin collect?
Information you provide: When a Subscriber registers for the Service, we require a first and last name, company name, e-mail, and phone number. After the initial registration, the Subscriber’s designated Client Administrator can share additional end user information with OneLogin in order to enable those end users to use the Service, and OneLogin never directly collects any end user information, personal or otherwise, without the explicit direction of the Client Administrator. Subscribers are responsible for providing notice to end users concerning the information they collect and share with OneLogin as part of their use of the Service.

Cookies: When you visit the Web site or use the Service, we use session “cookies” – a piece of information stored on your computer – to allow the Web site or Service to uniquely identify your browser while you are logged in and to enable OneLogin to process your online transactions. We do not link the information we store in cookies to any personally identifiable information you submit while using the Web site other than the email address you provide. Session cookies also help us verify your identity and are required in order to use the Service. OneLogin uses persistent cookies, that only OneLogin can read and use, to identify you as a valid user of a OneLogin Subscription plan and make it easier for you to log in to the Service. Analytical cookies are also used to allow OneLogin to recognize how visitors move around the Web site and the Service when they’re using it. This helps us improve the overall user experience. The use of cookies by our partners is not covered by our Privacy Policy Statement; we do not have access or control over these cookies.

Clear Gifs: We also use third party advertising and tracking tools that employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), to help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the movements of the visitors to our Web site. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We tie the information gathered by clear gifs to our Visitors and Subscribers in order to optimize and enhance the Web site and Service experience. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.

Log Files: As is true of most Web sites, we and our third party utility-tracking partners gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information, which does not identify end users, to analyze trends, to troubleshoot the Web site and Service, to track end users’ movements while on the site and to gather demographic information about our user base as a whole.

Flash LSOs: Third Parties, with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity, use local storage objects (LSOs) to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.

Analytics and Remarketing: OneLogin uses remarketing on the Web site with Google Analytics and/or services like AdRoll to advertise online. Third-party vendors, including Google, show our ads on sites across the Internet. OneLogin and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on your past visits to our website. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using Google’s Ads Preferences Manager. If you wish to not have your information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

How does OneLogin use my information?
OneLogin may use the collected personal information and other information OneLogin collects about your use of the Service to operate and make the Service available to You, for billing, identification and authentication, to contact you about your use of the Service, research purposes, and to generally improve the content and functionality of the Web site and the Service. OneLogin will also use the collected personal information to send you periodic newsletters.
How can I access and update my information?
Data collected by OneLogin: If your personal information changes, or if you no longer desire to use the Service, you may correct, update, delete or deactivate it by making the change within the Service or by emailing Customer Success at support@onelogin.com. We will respond to your request within 3 business days. OneLogin will retain your information for as long as your account is active or as needed to provide you the Service and to comply with our legal obligations, resolve disputes, and enforce our agreements.
Data collected by Subscribers on behalf of their users: OneLogin has no direct relationship with the end users that are part of a Service Subscription plan. An end user who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to their designated Client Administrator (the data controller). The Client Administrator can modify your account information at any time in the Service’s Account settings or by contacting our Customer Success Team. If the Client Administrator requests OneLogin to remove the data, we will respond to their request within 30 business days.
We will retain end user information for as long as the Subscription is active, the Client Administrator requests the deletion of the same, or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. There might be some latency in deleting archived subscription data from our systems after it’s removed from Production. Although OneLogin owns the software, code, databases, and all rights to the Web site and the Service, the Visitors and Subscribers, respectively, retain all rights and accountability for the data held by OneLogin on their behalf.
Does OneLogin share information with third parties?
OneLogin uses a third party intermediary to perform credit card processing when registering for the paid Subscription plans of the Service. This intermediary is not permitted to store, retain, or use your billing information except for the sole purpose of credit card processing on OneLogin’s behalf.
OneLogin may also transmit personal information to its third party vendors and the hosting partners that provide the necessary hardware, software, networking, storage, and other technology and maintenance services required to operate and maintain the Web site and the Service. This may require that your personal information be transferred from Your current location to the offices and servers of OneLogin and these authorized third parties.
Does OneLogin share the information I provide?
Except as described in this policy, OneLogin will not give, sell, rent, share or loan any personal information to any third party other than as outlined in this policy.
Legal reasons: We may disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law. Legal requests must meet the following requirements before we will consider complying with them:
• Must be in writing and legally issued by a relevant government entity, e.g., data belonging to a foreign entity or foreign citizen requires an order under the Foreign Intelligence Surveillance Act
• Must be as narrowly defined as possible, e.g., limited to records specific to the individual or entity in question In addition, we strive to be as transparent as possible and we will periodically publish the number of requests received and responded to annually per the current Department of Justice guidelines.
Business Transitions: If OneLogin is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
• Statistical analysis: OneLogin may provide non-personal, summary or group statistics about our customers, sales, traffic patterns, and related Web site information to reputable third-party vendors, but these statistics will include no personally identifiable information.

• Links to other sites: This Web site contains links to other sites that are not owned or controlled by OneLogin. Please be aware that we, OneLogin, are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every Web site that collects personally identifiable information. This privacy statement applies only to information collected by this Web site.

Social Media Widgets: Our Web site includes Social Media Features, such as the Facebook and Twitter buttons and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.
• Public Forums: Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at privacy@onelogin.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Our blog functionality is also managed by a third party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog on these applications. You will need to contact or login into the third party application if you want the personal information that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy policy.

• Testimonials: We post customer testimonials on our Web site which may contain personally identifiable information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. If you want your testimonial removed please contact us at privacy@onelogin.com.

• Surveys: From time-to-time we may provide you the opportunity to participate in surveys. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact information, such as email or phone number. We use this information to improve our Service to send our customers update on how we are improving the Service based on their feedback.

How does OneLogin protect my information?
OneLogin maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access. When you enter sensitive information (such as your login information) on our Web site or connect to our Service, we encrypt the transmission of that information using Transport Layer Security (TLS). However, no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure. If you have any questions about security on our Web site, you can contact us at privacy@onelogin.com.
Can I opt out?
You may set your browser to block all cookies, including cookies associated with our Service. Users who disable their browsers’ ability to accept cookies will be able to browse our Web site, but will not be able to access or take advantage of the Service.
You can also opt out of our newsletters and surveys and you may follow the unsubscribe/opt out instructions contained in each of those communications.
How will you notify me of changes to this policy?
OneLogin may update this policy from time to time. You can review the most current version of this Privacy Policy at any time at http://www.onelogin.com/privacy. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. Your only remedy, if you do not accept the terms of this Privacy Policy, is to discontinue use of the Site and Service.
Contact Us
If you have any questions regarding this Privacy Policy you may contact us at privacy@onelogin.com or via postal mail at:
OneLogin, Inc.
150 Spear Street
Suite 1400
San Francisco, CA 94105