OneTrust’s commitment to trust begins and ends with privacy, security and compliance. We strive to not only comply and implement best practices, but to stay one step ahead, pioneering the future of privacy & security as technology continues to evolve.
Privacy
As a global leader in privacy and data protection, our goal is to make our practices as transparent as possible and to give you control over your data. Privacy is at the core of what we do, which is why we are at the forefront of driving and adopting industry standards and best practices.
Security
Security is embedded throughout our organization, from our products to the people. We’ve put the controls and processes in place to safeguard your data, taking a risk-based approach and making continuous improvement a mandate.
Compliance
Our in-house Integrated Management System (IMS) Team uses OneTrust tools to operationalize privacy, security and third-party risk management. Compliance is a company imperative as we continually undergo independent third-party audits to validate our commitments.
Reliability
Deployed in the cloud or on-premises, our platform is designed to deliver stable solutions so our customers can scale with confidence. OneTrust’s SOC 2 report provides assurance that our team has designed an effective system of security, availability and confidentiality controls.
Certifications

ISO 27001 Certification

ISO 27701 Certification

SOC 2 Type II
Options for EU Customers In Light of "Schrems II" Decision
On July 16, 2020 the Court of Justice of the European Union invalidated EU-US Privacy Shield as a data transfer mechanism between the EU and US. Since then, additional guidance on supplementary measures for international data transfers has been released by the European Data Protection Board, and updated draft Standard Contractual Clauses by the European Commission. OneTrust is dedicated to offering our customers flexible options that meet their unique business needs along with their interpretation of these new guidelines, and therefore offers the following options to our customers:
HOST ON-PREMISES IN COUNTRY OF YOUR CHOICE
Customers can choose to host OneTrust fully on-premises in their data center or in a private cloud, local to a country of their choice and under their control.
STANDARD CONTRACTUAL CLAUSE BASED SOLUTION - MULTI-TENANT SAAS
Customers can leverage a multi-tenant SaaS instance of OneTrust deployed in any of our 10 data centers, including Germany, France or Switzerland, with limited data transfers. These data transfers will be based on the updated SCCs from the European Commission as well as European Data Protection Board recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data
SAAS HOSTED WITH BRING YOUR OWN KEY (BYOK) ENCRYPTION
Customers can host in our cloud environments while maintaining full control to create, disable, and revoke access to their encryption keys, preventing OneTrust or any entity from having the ability to decrypt customer data.
OneTrust is committed to transparency in its privacy practices. We will continue to provide our policy for government and law enforcement requests for customer data and a publish Transparency Report that documents the number of requests received and how we responded to them. You can view this report at the link below
Going Cloud? Choose From 10 Global Data Centers
AUSTRALIA | BRAZIL | CANADA | FRANCE | GERMANY | INDIA | UNITED KINGDOM | UNITED STATES | SINGAPORE | SWITZERLAND
*Cloud hosting provided by Microsoft Azure
