<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=286651792909821&amp;ev=PageView&amp;noscript=1">

At One Inc, we take the protection of personal information seriously. This Privacy Policy explains what information we collect, how we use it, how we share it, how we protect it, and the rights you may exercise under Canadian privacy laws. 

We endeavor to comply with all applicable legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Act respecting the protection of personal information in the private sector (ARPPIPS), Alberta’s Personal Information Protection Act (PIPA), and British Columbia’s Personal Information Protection Act (PIPA)By accessing or using our website or online services, you are consenting to One Inc processing your personal information in accordance with Privacy Policy.

Scope

This Privacy Policy applies to anyone whose personal information is handled by One Inc in Canada, including: 
  • Visitors to our websites, applications, and digital platforms. When you browse our sites, use our apps, or interact with our online tools, we collect technical data (such as device details, IP address, and cookies) to keep our services secure and functioning properly. 
  • Customers, claimants, and other end users of our payment or insurance-related services. If you pay premiums, receive claim payouts, or otherwise use our payment solutions, we process your personal and financial information to complete transactions, prevent fraud, and comply with financial regulations. 
  • Insurance companies and business clients. We often receive personal information from insurers or partners so that we can issue payments or manage claims on their behalf. In these situations, the insurer or business client determines why the information is collected and how it is used, and One Inc acts on their instructions. We remain accountable for protecting the information in our custody and ensuring that our practices, and those of our service providers, meet Canadian legal requirements. 
  • Business partners, vendors, and service providers. We collect business contact details to manage relationships, carry out due diligence, and perform contractual obligations. 
  • Job applicants and prospective employees. If you apply for a role with us, we may collect information such as your résumé, employment history, references, and other recruitment-related details. 
  • Other individuals who interact with One Inc For example, individuals who contact us with questions, participate in surveys, or attend One Inc events may have their personal information processed in line with this policy. 

In limited circumstances, such as fraud detection, compliance with legal obligations, and improving our platform, One Inc may make independent decisions about how personal information is used. In those circumstances, we remain fully accountable under Canadian privacy laws for meeting our obligations.

Information We Collect

We collect only what we need to operate, comply with the law, and improve services.  We may collect information in the following ways:  

  • Directly from you. For example, when you log in, complete a payment, or contact our customer support, we collect details you provide such as your name, email, phone number, or payment card details. 
  • From insurance companies. In many cases, One Inc does not collect information directly from you but instead receives personal information from your insurance company so that we can process premium payments, issue claim payments, or deliver other payment services on their behalf. This may include: 
    • Identification and contact details (name, address, email, phone number). 
    • Payment instructions (policy number, claim details, settlement amount, preferred payment method). 
    • Limited claim-related information necessary to verify or complete the payment. 

When we receive this information, we handle it based on the insurer’s instructions. The insurer decides why the information is collected and how it is used.  

  • Financial and Transaction Data.  Card numbers, bank account details, and payment histories to process payments and manage settlements. When you provide credit or debit card information, it is collected and processed in compliance with the Payment Card Industry Data Security Standard (PCI DSS). 
  • Technical Data. Device identifiers, IP addresses, browser types, operating system details, and site usage logs to secure systems and detect fraud. 
  • Communications. Emails, chat transcripts, and call recordings when you interact with our support teams.
  • Sensitive Data and Government Identifiers. We only collect government identifiers, such as Social Insurance Numbers (Canada) or Social Security Numbers (U.S.), where required by law (for example, for tax or employment purposes).

How We Use Your Information

We use personal information for several connected purposes. In every case, we limit our use to what is reasonable and necessary to deliver secure payment services, meet our legal obligations, and improve the experience for our customers and partners. 

  • To process payments and claims. We use identity, financial, and transaction information to issue claim payouts, collect premiums, process refunds, and settle accounts with financial institutions. 
  • To verify identity and manage risk. Personal information helps us confirm that you are who you say you are, prevent identity theft, and detect or stop fraudulent transactions. 
  • To comply with laws and regulations. We may use personal information to comply with applicable laws, rules, and regulations.  For example, certain information is required for us to meet obligations under anti-money laundering (AML), counter-terrorist financing (CTF), tax, and financial reporting laws. 
  • To provide customer service. If you contact us for support, we use your details and communications history to respond to questions, resolve issues, and improve the quality of our service. 
  • To improve our services. We analyze personal information, including usage data, feedback, and performance metrics to make our platforms more reliable, secure, and user-friendly. Wherever possible, we use aggregated or de-identified data for this purpose.   
  • To prevent fraud and maintain security. We use personal information such as technical data, device identifiers, and behavioral signals to secure accounts, block suspicious activity, and keep transactions safe. 
  • To use artificial intelligence responsibly. We may apply AI tools in the scope of our services, such as fraud detection, security monitoring, ancillary office support, and trend analysis. 
  • To communicate with you. We may send you service-related messages, such as payment confirmations, claim updates, or regulatory notices. With your consent, we may also send you marketing communications (including by email or SMS) about new features or services. You can opt out of marketing at any time. 
  • To manage relationships with insurers, partners, and vendors. For our business clients, we use contact and business information for account management, compliance reviews, audits, billing, and contractual performance. 
  • To recruit and hire employees. For applicants, we use personal information submitted through résumés, applications, or references to evaluate candidacy and communicate about employment opportunities. 
  • To meet contractual obligations. In some cases, insurers and business partners require us to collect or handle certain information in order to perform services as agreed. 
  • To protect our rights and respond to legal demands. We may use or disclose personal information to investigate or resolve disputes, enforce our contracts, or comply with lawful requests from regulators, courts, or other governmental authorities.

Artificial Intelligence and Automation

We use artificial intelligence (AI) and machine-learning technologies to support and enhance the security, accuracy, and efficiency of our operations. For example, AI helps our teams identify patterns, reduce manual effort, and improve consistency — it does not currently make autonomous or legally binding decisions about individuals. 

If our use of AI evolves in the future to include automated decision-making that may significantly affect individuals, One Inc will update this Privacy Policy and provide additional information or notices as required by Canadian privacy laws, including (if applicable) Quebec’s ARPPIPS .

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our websites and applications to help them function properly, keep them secure, and improve your experience. A cookie is a small text file stored on your device when you visit a website. Some cookies are necessary for our services to work, while others help us understand site usage or measure performance. 

We use the following general types of cookies: 

  • Essential cookies – Required for secure operation and core functionality such as authentication, load balancing, and transaction processing. 
  • Functional cookies – Help remember your preferences (such as language, region, or display settings) to provide a consistent and personalized experience. 
  • Analytics cookies – Collect aggregated information about how visitors use our sites (for example, pages viewed, features used, or time spent) so we can analyze trends and improve usability and performance. 
  • Advertising cookies – Used by us or trusted partners such as Google, LinkedIn, or Meta to deliver relevant ads, limit repetition, and measure campaign effectiveness. 

Managing Your Preferences
You can manage or delete cookies at any time using your browser settings, which allow you to block, delete, or receive alerts about cookies. Additionally, you can use the Digital Advertising Alliance of Canada (DAAC) opt-out tools available at www.youradchoices.ca.

Sharing of Information

We share personal information only when necessary to provide our services, meet legal obligations, or fulfill the purposes described in this Policy. We do not sell personal information. 

We may share personal information in the following limited ways: 

  • With financial institutions and payment networks to authorize, process, and settle transactions. 
  • With insurers (our clients). When we receive your information from your insurance company, we handle it on their behalf and in accordance with their instructions and may share transaction status or settlement details back to them. 
  • With vendors.  If a vendor provides products or services in connection with an insurance claim, we may pay the vendor at the order of an insurer; in the process, we may share personal information with the vendor in connection with paying the vendor for its services.   
  • With service providers and subprocessors that support hosting, analytics, IT security, fraud prevention, cloud storage, and customer support — under written contracts requiring them to protect personal information and use it only for authorized purposes. 
  • With regulators, courts, law enforcement, or other authorities where required by law, regulation, or court order, or where otherwise in response to a lawful request. 
  • With affiliates for internal administrative, compliance, audit, or security purposes, subject to equivalent safeguards. 
  • With your consent or at your direction, when you instruct us to share information with a third party (for example, for claims processing or alternative payment methods).

Safeguards & Security

We take the protection of your personal information seriously and apply layered security measures to safeguard it. One Inc uses a combination of technical, organizational, and procedural controls to help ensure that your information remains confidential, accurate, and accessible only to authorized personnel. These safeguards are designed to prevent unauthorized access, misuse, disclosure, alteration, or loss of data. Our security program includes: 

  • Encryption and Secure Transmission 
    All sensitive information is encrypted both in transit and at rest using industry-standard encryption protocols (such as TLS and AES-256). This helps protect your information as it moves across networks and when it is stored within our systems. 
  • Access Controls and Authentication 
    Access to systems and data is governed by role-based access controls (RBAC) and least-privilege principles, ensuring that only individuals with a legitimate business need can view or handle personal information. We employ strong authentication mechanisms, including multi-factor authentication (MFA), for all critical systems and administrative tools. 
  • Network and System Security 
    We maintain firewalls, intrusion detection and prevention systems, endpoint protection, and continuous monitoring to detect, contain, and respond to threats quickly. Our infrastructure is regularly tested through vulnerability assessments and penetration testing conducted by qualified professionals. 
  • Incident Response and Monitoring 
    Security events are logged and analyzed by our monitoring systems to identify suspicious activity. In the event of an incident, our Incident Response Team follows a defined playbook to investigate, mitigate, and report as required by law. 
  • Payment Card Security and Tokenization 
    When you provide credit or debit card information, we use it only to complete your transaction. One Inc adheres to the Payment Card Industry Data Security Standard (PCI DSS) and implements strict controls, including encryption, tokenization, restricted access, and regular reviews to protect payment information throughout its lifecycle. 

We use network tokenization, an advanced security process that replaces sensitive card data (such as Primary Account Numbers) with a unique token issued by card networks (Visa, Mastercard). This token is used for payment processing instead of the actual card number, helping to minimize the risk of fraud and data breaches. Actual card data is not stored by One Inc and remains securely managed by the card network and issuing bank. 

  • Privacy by Design 
    Privacy and security are integrated into our systems and development processes from the earliest stages of product design.  
  • Privacy by Default (Quebec only) 
    In compliance with Quebec’s ARPPIPS, our systems and services are configured so that the default settings provide the highest level of privacy, ensuring that personal information is not collected, used, or disclosed beyond what is necessary to deliver the requested service. 
  • Employee Training and Awareness 
    All personnel receive regular privacy and security training appropriate to their roles and responsibilities to ensure personal information is handled safely and in compliance with applicable laws. 
  • Third-Party Risk Management 
    We assess and monitor our service providers through due-diligence reviews, contractual security obligations, and ongoing oversight to ensure they maintain comparable data protection standards.

International Transfers

Our services may be located in the United States, and data processed by our services may thus be stored in and subject to the laws of the United States.  Also, some of our service providers may operate outside Canada (for example, in the United States).   

Regardless of where processing takes place, One Inc remains accountable for ensuring that your personal information is protected in accordance with Canadian privacy laws.

Retention & Deletion

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as permitted or required by applicable laws and regulations. In determining how long information is kept, we consider factors such as: 

  • The type of information and its sensitivity. 
  • The business purpose for which it was collected. 
  • Statutory or regulatory retention periods (for example, financial or tax reporting requirements). 
  • The time needed to resolve disputes, enforce agreements, or protect our rights. 

Once information is no longer required, we securely destroy it or anonymize it so it can no longer be used to identify an individual. For more information about retention, you can contact us as set forth in this Policy.

Your Rights

Depending on your province, you may have the following rights regarding your personal information: 

  • Access. You may request access to the personal information we hold about you and receive details about how it is used. 
  • Correction. You may request correction of your personal information if it is inaccurate or incomplete. 
  • Deletion. You may request deletion of your personal information, subject to legal or contractual requirements. 
  • Withdrawal of Consent. Where our handling of personal information is based on your express consent, you may withdraw that consent at any time. 
  • Portability. In Quebec, you may request a copy of certain personal information in a structured, commonly used format that allows it to be transferred to another organization. 
  • Opt-Out. You may opt out of targeted advertising, profiling, or automated processing that uses your personal information. 
  • Automated Decisions. You may request human review of any decision that materially affects you and is based solely on automated processing, including AI. As of the effective date of this Policy, One Inc. does not make such automated decisions.  

We may ask you to verify your identity before responding to requests. We will not deny services or penalize you for exercising your rights. 

We will respond to privacy rights requests within the timelines required by law (generally 30 days). Requests are subject to limitations provided by law.  For example, in some cases, access may be refused, for example if disclosure reveals another individual’s personal information, if the information is subject to legal privilege, or if prohibited by law. If we refuse, we will explain the reason. 

Exercising Your Privacy Rights 
You may exercise your privacy rights (such as access, correction, deletion, withdrawal of consent, portability, or de-indexation in Quebec) by contacting our Privacy Officer: 

Email: privacyinquiries@oneincsystems.com 
Mailing Address: One Inc Privacy Officer, 620 Coolidge Drive, Suite 200, Folsom, CA 95630

Children's Privacy

Our services are not intended for minors under 18. We do not knowingly collect or use personal information from such minors.

Breach Notification & Incidents

If we discover or suspect that personal information has been accessed, used, or disclosed without authorization, we will act promptly to investigate, contain, and mitigate the incident. 

Where the incident creates a real risk of significant harm (as defined under PIPEDA, Alberta PIPA, and BC PIPA) or a risk of serious injury (as defined under Quebec’s ARPPIPS), we will notify affected individuals and the appropriate privacy regulator(s) without undue delay, in accordance with applicable law.  You consent to receive notice electronically at contact information One Inc. has on file for you, such as an email address.   

We maintain internal incident-response procedures designed to detect, assess, and respond to potential security breaches, document incidents as required, and implement corrective measures to prevent recurrence.

Marketing & Communications

You may receive promotional emails or notifications from us only if you have provided your consent in accordance with Canada’s Anti-Spam Legislation (CASL) or applicable provincial law. 

You can opt out of marketing messages at any time by using the unsubscribe link in those emails or by contacting us at our privacy address/email. Withdrawing consent will not affect your ability to receive essential services or transactional messages.

Complaints

If you have concerns about how we handle your personal information: 

  1. Contact our Privacy Officer using the contact information below. 
  2. If we don’t resolve your concern, you may contact:
    • Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca 
    • Commission d’accès à l’information du Québec (CAI) — cai.gouv.qc.ca 
    • Office of the Information and Privacy Commissioner of Alberta (OIPC) — oipc.ab.ca 
    • Office of the Information and Privacy Commissioner of BC (OIPC) — oipc.bc.ca

Updates to This Policy

We may update this policy to reflect changes in our practices, technology, or laws. Significant updates will be highlighted, and we will revise the effective date.

Contact Information

We have appointed a Privacy Officer who is responsible for ensuring that One Inc complies with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Act respecting the protection of personal information in the private sector (ARPPIPS), Alberta’s Personal Information Protection Act (PIPA), and British Columbia’s Personal Information Protection Act (PIPA). 

You may contact our Privacy Officer with any questions, requests, or complaints about how we handle personal information: 

Privacy Officer
One Inc
620 Coolidge Drive, Suite 200
Folsom, CA 95630
Email: privacyinquiries@oneincsystems.com

 

Privacy Policy