Overview
.svg){kind=small}
One AI
Data Mesh
.svg){kind=icon}
One AI Assistant
Data Stories
Enterprise AI
Employee Engagement
.svg){kind=small}
Talent Retention
-1.svg){kind=small}
HR Dashboards
Succession Planning
.svg){kind=small}
Talent Acquisition
Workforce Analytics
Why One Model
-2.svg){kind=small}
Whitepapers
Blog
-2.svg){kind=icon}
Events & Webinars
.svg){kind=icon}
Product Innovation Blog
-1.svg){kind=small}
Roles in People Analytics
.svg){kind=small}
Contact Us
-3.svg){kind=small}
Partners
About US
-3.svg){kind=icon}
Careers
-1.svg){kind=icon}
News
One Model Privacy Policy
Effective as of October 1, 2025.
1. Introduction
One Model Inc. ("One Model," "we," "us," or "our") is committed to protecting the privacy of individuals who interact with our website and marketing activities. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our website at onemodel.co (the "Website") and our associated marketing and recruiting activities (collectively, the "Services").
Important Scope Limitation. This Privacy Policy governs personal information collected through our Website and marketing activities. It does not apply to personal information that we process on behalf of our enterprise customers ("Subscribers") when providing the One Model People Analytics platform or One AI products. Processing of Subscriber data is governed exclusively by the applicable Data Processing Agreement ("DPA") between One Model and each Subscriber. If you have questions about how a Subscriber processes your personal information through the One Model platform, please contact that Subscriber directly.
Our Website and Services are designed for business professionals and enterprises. We do not knowingly direct our Services to individuals acting in a personal, family, or household capacity, and we treat all personal information we collect as relating to individuals in their professional capacity.
2. Definitions
For the purposes of this Privacy Policy, the following terms have the meanings set out below. Capitalized terms used but not defined here have the meanings given to them in our DPA.
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Process" / "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
- "Data Controller" means the entity that determines the purposes and means of Processing Personal Data. For Website visitors, One Model acts as the Data Controller.
- "Data Processor" means an entity that Processes Personal Data on behalf of a Data Controller.
- "Sub-processor" means a third party engaged by One Model to Process Personal Data in connection with the Services. See our Sub-processor List.
- "Subscriber" means an enterprise customer that accesses the One Model platform under a subscription agreement.
3. Personal Information We Collect
3.1 Information You Provide Directly
| Category | Examples |
|---|---|
| Contact Data | First and last name, professional title, company name, business email address, mailing address, phone number |
| Account & Profile Data | Username, password, linked social network profiles, account preferences |
| Professional & Employment Information | Job title, department, employer, employment history (e.g., when provided in a job application) |
| Communications | Inquiries, support requests, feedback, and other messages submitted through the Website or via email |
| Marketing Preferences | Opt-in/opt-out status for marketing communications and records of engagement |
| Transactional Data | Order numbers, billing information, and transaction history |
| Payment Information | Payment card details or bank account information, collected and processed via our PCI-compliant payment processors |
| User-Generated Content | Comments, messages, or other content you post or transmit through the Website |
| Other Data | Any additional information you voluntarily provide |
Information We Collect Automatically
When you visit our Website, we and our service providers may automatically collect:
- Device & Technical Data: IP address, browser type and version, operating system, device identifiers, and general geographic location derived from IP address (city/country).
- Usage Data: Pages visited, navigation paths, time spent on pages, referring URLs, links clicked, and search queries.
- Communication Interaction Data: Email open rates, click-through rates, and other engagement metrics related to our marketing communications.
This data is collected using cookies, web beacons, pixel tags, and similar technologies. Please see Section 9 (Cookie Notice) for further details.
Information We Receive from Third Parties
We may receive Personal Data about you from:
- Public Sources: Publicly available professional profiles (e.g., LinkedIn), company websites, government registries, and similar sources.
- Data Enrichment Providers: Third-party data providers (including ZoomInfo) that supplement contact and firmographic information to support our sales and marketing activities. See Section 8 for details on ZoomInfo's BuyerID feature.
- Marketing & Referral Partners: Co-marketing partners and event organizers from whom we receive referral leads with your consent.
- Social Media Platforms: If you interact with our social media pages or use social login features.
4. How We Use Personal Information
We use Personal Data only where we have a valid legal basis to do so. The purposes for which we Process Personal Data, and our legal bases for each, are set out below.
| Purpose | Legal Basis (GDPR Art. 6) | Notes |
|---|---|---|
| Operating and improving the Website and Services | Legitimate interests (Art. 6(1)(f)) | |
| Responding to inquiries and providing customer support | Legitimate interests / Contract performance (Art. 6(1)(b), (f)) | |
| Sending product updates, newsletters, and promotional content | Consent (Art. 6(1)(a)) or Legitimate interests (Art. 6(1)(f)) | Opt-out available at any time |
| Conducting interest-based advertising | Consent (Art. 6(1)(a)) | See Cookie Notice |
| Evaluating employment applications | Pre-contractual steps (Art. 6(1)(b)) | |
| Analytics, benchmarking, and product development | Legitimate interests (Art. 6(1)(f)) | |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) | |
| Preventing fraud and enforcing our agreements | Legitimate interests (Art. 6(1)(f)) | |
| Processing payments | Contract performance (Art. 6(1)(b)) | |
| Any other purpose disclosed at collection | Consent (Art. 6(1)(a)) |
We may also use Personal Data in an anonymized or aggregated form that cannot reasonably be used to identify an individual. Such data is not subject to this Privacy Policy.
5. How We Share Personal Information
We do not sell, rent, or trade your Personal Data. We may share Personal Data in the following limited circumstances:
- Service Providers & Sub-processors: We share Personal Data with vetted third-party service providers and Sub-processors who assist us in operating the Website and delivering our Services (e.g., cloud hosting, CRM, analytics, email delivery). All Sub-processors are subject to data processing agreements that impose obligations consistent with this Privacy Policy and applicable law. A current list of our Sub-processors is available at onemodel.co/privacy-policy/subprocessors.
- Professional Advisors: We may share Personal Data with lawyers, accountants, auditors, and insurers where necessary for professional services.
- Business Transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, Personal Data may be transferred as part of that transaction, subject to confidentiality obligations.
- Legal Requirements: We may disclose Personal Data to comply with applicable law, regulation, legal process, or enforceable governmental request; to protect the rights, property, or safety of One Model, our users, or the public; or to detect, prevent, or respond to fraud, security incidents, or technical issues.
- With Your Consent: We may share Personal Data for any other purpose with your explicit consent.
6. International Data Transfers
One Model is headquartered in the United States. If you are located in the European Economic Area ("EEA"), United Kingdom ("UK"), Canada, or another jurisdiction with data transfer restrictions, please be aware that your Personal Data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home jurisdiction.
Where required by applicable law, we implement appropriate safeguards for such transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA;
- UK International Data Transfer Agreements (IDTAs) or UK Addenda to SCCs for transfers from the UK;
- Adequacy decisions where applicable; and
- Other lawful transfer mechanisms as required.
You may request a copy of the applicable transfer mechanism by contacting us at privacy@onemodel.co.
7. Data Retention
We retain Personal Data for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include:
- Whether the data is necessary to maintain an ongoing relationship with you or to perform a contract;
- Whether we have a legal obligation to retain the data (e.g., tax, financial, or employment records);
- Whether retention is advisable in light of our legal position (e.g., applicable statutes of limitations); and
- Whether you have exercised a right to erasure, subject to overriding legal bases.
When Personal Data is no longer required, we will securely delete or anonymize it in accordance with our data retention schedule.
8. Data Security
We implement technical, organizational, and physical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, and destruction. Our measures include, but are not limited to:
- Encryption in Transit and at Rest: All Personal Data exchanged with us and our Sub-processors is encrypted in transit using TLS 1.2 or higher and is stored encrypted at rest.
- Access Controls: Access to Personal Data is restricted on a need-to-know basis and governed by role-based access controls ("RBAC"), Single Sign-On ("SSO"), and Multi-Factor Authentication ("MFA").
- Audit Logging and Monitoring: Access to Personal Data systems is logged, monitored, and periodically reviewed. Logs are retained for compliance and incident response purposes.
- Vendor Management: We conduct due diligence on all Sub-processors and require them to maintain appropriate security standards.
Notwithstanding these measures, no method of electronic transmission or storage is entirely secure. We cannot guarantee the absolute security of your Personal Data, and you should take steps to protect the information you transmit to us.
In the event of a Personal Data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law.
9. ZoomInfo BuyerID and Third-Party Data Enrichment
We use ZoomInfo's BuyerID feature on our Website to improve our understanding of website visitors and enhance the effectiveness of our marketing activities. ZoomInfo may set third-party cookies on your browser for the purpose of cross-domain visitor identification and firmographic data enrichment.
- Purpose: To associate website visit activity with a known company or contact record in order to improve sales and marketing outreach.
- Data Collected: Firmographic and contact information (company name, job title, business contact details) derived from ZoomInfo's proprietary database.
- Restrictions on Use: Data collected via ZoomInfo BuyerID is not sold to third parties and is used solely for the purposes described in this Privacy Policy.
- Legal Basis (GDPR): This processing constitutes cross-context behavioral advertising and requires opt-in consent from visitors in the EEA and UK. Consent is collected via our cookie consent banner.
- CCPA/CPRA: This processing may constitute "sharing" of Personal Information for cross-context behavioral advertising purposes. California residents have the right to opt out. See Section 11 for details.
- Opt-Out: You may opt out by declining advertising cookies via our cookie consent banner, adjusting your browser settings, or using the industry opt-out tools listed in Section 10.
10. Cookie Notice
10.1 What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function properly, to store user preferences, and to provide information to site owners. We also use related technologies such as web beacons, pixel tags, and local storage (collectively referred to as "cookies" in this Notice).
10.2 Categories of Cookies We Use
| Category | Purpose | Consent Required? |
|---|---|---|
| Strictly Necessary | Essential for the Website to function (e.g., authentication, session management). These cookies cannot be disabled. | No |
| Functionality | Remember your preferences and settings (e.g., language, region). | Yes |
| Analytics & Performance | Collect aggregated information about how visitors use our Website to help us improve performance and user experience. | Yes |
| Advertising & Targeting | Deliver interest-based advertising and measure campaign effectiveness. Includes ZoomInfo BuyerID cookies. | Yes |
10.3 Managing Your Cookie Preferences
You can manage your cookie preferences at any time by:
- Using our Cookie Preference Center (accessible via the cookie banner on our Website);
- Adjusting your browser settings to block or delete cookies (note: blocking strictly necessary cookies may impair Website functionality);
- Using the following industry opt-out tools:
Please note that opt-out choices may be stored as cookies. If you clear your browser cookies, you may need to renew your opt-out preference.
11. Your Privacy Rights
Depending on your location, you may have the following rights with respect to your Personal Data. To exercise any of these rights, please contact us at privacy@onemodel.co.
11.1 Rights Under GDPR (EEA & UK Residents)
If you are located in the EEA or UK, you have the right to:
- Access a copy of the Personal Data we hold about you (Art. 15 GDPR);
- Rectification of inaccurate or incomplete Personal Data (Art. 16 GDPR);
- Erasure ("right to be forgotten") of Personal Data where there is no overriding legal basis for continued processing (Art. 17 GDPR);
- Restriction of processing in certain circumstances (Art. 18 GDPR);
- Data Portability – receive your Personal Data in a structured, commonly used, machine-readable format (Art. 20 GDPR);
- Object to processing based on legitimate interests or for direct marketing purposes (Art. 21 GDPR);
- Withdraw Consent at any time where processing is based on consent, without affecting the lawfulness of prior processing;
- Lodge a Complaint with your local supervisory authority (e.g., the UK ICO at ico.org.uk or the relevant EU supervisory authority at edpb.europa.eu).
We will respond to your request within 30 days (or as otherwise required by applicable law). We may need to verify your identity before processing your request.
11.2 Rights Under CCPA/CPRA (California Residents)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), grants you the following rights:
- Right to Know: Request disclosure of the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
- Right to Delete: Request deletion of your Personal Information, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate Personal Information.
- Right to Opt Out of Sale or Sharing: We do not sell Personal Information for monetary consideration. However, we may "share" Personal Information (as defined by CCPA/CPRA) for cross-context behavioral advertising. You have the right to opt out by clicking "Do Not Sell or Share My Personal Information" in the footer of our Website or by contacting us at privacy@onemodel.co.
- Right to Limit Use of Sensitive Personal Information: To the extent we collect Sensitive Personal Information (as defined by CCPA/CPRA), you have the right to limit its use to purposes authorized by law.
- Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.
To submit a verifiable consumer request, contact us at privacy@onemodel.co. We will verify your identity and respond within 45 calendar days (extendable by an additional 45 days with notice).
Authorized Agents: California residents may designate an authorized agent to submit requests on their behalf by providing written authorization.
CCPA Metrics: We will make annual CCPA disclosure metrics available upon request.
11.3 Rights Under PIPEDA (Canadian Residents)
If you are a Canadian resident, you have the right to:
- Access the Personal Information we hold about you;
- Challenge the accuracy of that information and request correction;
- Withdraw consent to our use of your Personal Information, subject to legal and contractual constraints;
- Lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.
12. Children's Privacy
Our Website and Services are not directed to individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect Personal Data from children. If you believe we have inadvertently collected Personal Data from a child without appropriate consent, please contact us at privacy@onemodel.co and we will promptly delete such data.
13. Third-Party Websites and Services
Our Website may contain links to third-party websites, integrations, or services that are not operated by One Model. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party websites or services you visit, as we have no control over and assume no responsibility for their content, privacy practices, or terms.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will indicate the "Last Updated" date at the top of this page. For material changes, we will provide prominent notice through the Website or by email (where we have your email address) at least 30 days prior to the changes taking effect, to the extent required by applicable law. Your continued use of the Website after the effective date of any update constitutes acceptance of the revised Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our privacy practices, please contact our Privacy team:
One Model Inc. Email: privacy@onemodel.co Mail: 12-C Ledgebrook Drive, Suite 4, Mansfield Center, CT 06250
For inquiries related to data processing under a DPA, please contact your account representative or email privacy@onemodel.co referencing your Subscriber agreement.
16. Supervisory Authorities
If you are not satisfied with our response to your privacy inquiry, you may have the right to lodge a complaint with the relevant data protection authority:
| Jurisdiction | Authority | Website |
|---|---|---|
| United States | U.S. State Department Privacy Office | state.gov |
| United Kingdom | Information Commissioner's Office (ICO) | ico.org.uk |
| European Union | European Data Protection Board (EDPB) | edpb.europa.eu |
| Canada | Office of the Privacy Commissioner | priv.gc.ca |
| Australia | Australian Communications and Media Authority (ACMA) | acma.gov.au |
This Privacy Policy should be reviewed by qualified legal counsel prior to publication. It does not constitute legal advice.
How to contact the appropriate authorities
If you would like more information about data protection laws, please reference these websites:
Ready to learn more?
Request a tailored demo to see how One Model could help you.
