Last updated: April 20, 2026
This Privacy Policy explains how OneClickApp, LLC (“OneClick,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with our website at oneclickapp.com (the “Site”) and our software-as-a-service platform and related mobile applications (together, the “Services”).
This Policy applies to:
OneClick provides the Services to customers located in the United States, Puerto Rico, and Canada. If you are located outside these jurisdictions, please do not use the Services or submit information to us.
OneClick is established in the United States and the Services are hosted on infrastructure located in the United States. Personal information collected or submitted in connection with the Services, including personal information of individuals located in Canada or Puerto Rico, is transferred to, stored in, and processed in the United States. By using the Services or submitting personal information to us, you acknowledge this cross-border transfer. Customers located in Canada are responsible for providing any notices to, and obtaining any consents from, their own personnel as required under applicable Canadian privacy law in connection with such cross-border transfers.
Capitalized terms not defined in this Policy have the meanings given to them in OneClick’s Terms of Service, available at oneclickapp.com/terms.
OneClick is a business-to-business software provider. Our role with respect to personal information depends on who provided the information and why:
Controller role. OneClick acts as the “business” (under CCPA/CPRA) or “controller” (under other state privacy laws) for personal information we collect directly from Site visitors, prospects, Customers (as organizations), and individuals acting on Customer’s behalf, including account contacts and billing contacts. This Policy governs those uses.
Service-provider / processor role. OneClick acts as a “service provider” (under CCPA/CPRA) or “processor” (under other state privacy laws) for personal information that a Customer submits to the Services as part of Customer Data, including information about the Customer’s employees and other personnel. Our handling of that information is governed by the Terms of Service and, where applicable, OneClick’s Data Processing Addendum (“DPA”), not by this Policy. If you are an employee of a Customer and want to understand how your personal information is used in the Services, please contact your employer.
3.1 Information you provide directly. We collect information you provide to us when you:
3.2 Information Customers submit to the Services (Customer Data). Customers and their Authorized Users submit information to the Services in the ordinary course of using them. This may include employee names, contact information, role and scheduling information, shift records imported from third-party scheduling systems, sales data, checklists, notes, and messages. This information is “Customer Data” as defined in the Terms of Service. Customer Data belongs to the Customer. OneClick processes Customer Data only as a service provider on the Customer’s behalf and in accordance with the Terms of Service and the DPA.
3.3 Information we generate from use of the Services (Usage Data). We generate and collect data about how the Services are used, including logs of Authorized User actions, feature-usage frequencies, position and schedule events, operational metrics, performance data, inferences and model outputs derived from Customer Data and user activity, and diagnostic, telemetry, and error data. This information is “Usage Data” as defined in the Terms of Service. As between OneClick and the Customer, OneClick owns Usage Data.
3.4 Information collected automatically. When you visit the Site or use the Services, we automatically collect certain information, including your IP address, browser type and version, operating system, referring and exit pages, pages viewed, features used, dates and times of access, and device identifiers. We collect this information using cookies and similar technologies as described in Section 8.
3.5 Information from third parties. We may receive information about you from third parties such as payment processors, marketing-analytics providers, data-enrichment services, and events or partner channels from which you requested information about OneClick. We combine that information with information we already have about you.
3.6 Contextual and publicly available reference data. To operate and improve the Services, including demand-forecasting, scheduling recommendations, and operational analytics, we obtain reference data from third-party sources and from publicly available sources. This includes weather and climate data, public-event calendars, traffic and mobility data, public holidays and school calendars, economic and demographic indicators, publicly available business information (including information about store openings, locations, and hours), and similar contextual information. We collect publicly available information only from sources that do not require authentication to access. This reference data is generally not personal information; where it contains information that may be associated with an identified or identifiable individual, we treat it in accordance with this Policy and applicable law.
3.7 Recorded communications. Phone calls with our sales, support, and customer-success teams may be recorded for quality-assurance, training, and compliance purposes. Video calls, screen-share sessions, and chat conversations may also be recorded or logged. Where required by applicable law, you will be notified at the start of the call.
We use the information described in Section 3 for the following purposes:
When acting as a service provider or processor with respect to Customer Data, we process Customer Data only for the purposes described in the Terms of Service and the DPA, and in accordance with the Customer’s documented instructions.
We may create de-identified and aggregated data from Customer Data, Usage Data, and information collected automatically. “De-Identified Data” has been modified using reasonable technical and organizational measures so that it does not identify and cannot reasonably be linked, directly or indirectly, to any individual, household, or business, consistent with the standards of CCPA/CPRA and analogous state laws. “Aggregated Data” has been combined with data from other sources or customers such that it does not identify and cannot reasonably be used to identify any individual or business.
OneClick may use, reproduce, distribute, and otherwise exploit De-Identified Data and Aggregated Data for any lawful business purpose, including to develop, improve, and commercialize the Services and other products and services, to benchmark, to publish industry insights and research, and to share with third parties. OneClick will not attempt to re-identify De-Identified Data and will maintain reasonable technical and contractual safeguards against re-identification, consistent with CCPA/CPRA requirements.
We share personal information only as described in this Section.
6.1 Subprocessors and service providers. We share personal information with third-party subprocessors and service providers that perform functions on our behalf, such as cloud hosting, database and analytics infrastructure, payment processing, customer support tooling, email and messaging delivery, product-analytics services, and security monitoring. Each subprocessor is bound by contractual obligations to use personal information only for the purposes for which we engaged them and to protect it consistent with the requirements of applicable law.
6.2 Affiliates. We may share personal information with OneClick affiliates under common ownership, subject to the same use restrictions and confidentiality obligations described in this Policy.
6.3 Customers. Where OneClick acts as a service provider or processor, personal information in Customer Data is accessible to the applicable Customer and its Authorized Users in accordance with the Customer’s account configuration and the Terms of Service.
6.4 Corporate transactions. We may disclose personal information in connection with a merger, acquisition, reorganization, financing, sale of all or substantially all of our assets, or similar transaction, or in preparation for any of the foregoing, provided that any successor in interest is bound by this Policy or a successor policy with respect to personal information transferred.
6.5 Legal compliance and protection. We may disclose personal information when we believe in good faith that disclosure is necessary to (a) comply with applicable law or valid legal process; (b) respond to lawful requests from governmental authorities; (c) enforce the Terms of Service or this Policy; or (d) protect the rights, property, or safety of OneClick, our Customers, our personnel, or the public.
6.6 With your consent or at your direction. We may share personal information with third parties where you have directed us to do so or have otherwise consented to the sharing.
6.7 De-Identified and Aggregated Data. We may share De-Identified Data and Aggregated Data with third parties without restriction, as described in Section 5.
6.8 No sale or sharing for cross-context behavioral advertising. OneClick does not “sell” or “share” personal information within the meaning of CCPA/CPRA or analogous state laws, and has not done so in the twelve (12) months preceding the date of this Policy. OneClick does not use personal information contained in Customer Data for cross-context behavioral advertising.
6.9 SMS opt-in data. Phone numbers collected through SMS opt-in, and other information collected through our SMS program, will not be shared with any third party or affiliate for marketing purposes.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary based on the type of information and the context in which it was collected, and include the following:
Where you have asked us not to send you marketing communications, we will retain sufficient information about you to honor your request.
We and our service providers use cookies, pixels, tags, software development kits, and similar technologies (together, “cookies”) to operate the Site and the Services, remember user preferences, authenticate users, measure and analyze performance, and deliver marketing communications.
We use the following categories of cookies:
Most browsers allow you to control cookies through their settings preferences. If you limit our ability to set cookies, your experience on the Site may be diminished, and some features may not work as intended. To learn more about cookies generally, visit www.allaboutcookies.org.
We do not currently respond to “Do Not Track” browser signals. Where required by law (including California’s opt-out-preference-signal requirements), we will honor recognized universal opt-out signals such as the Global Privacy Control.
We maintain a written information-security program that includes administrative, physical, and technical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and destruction, consistent with generally accepted industry practices for SaaS providers of similar size and scale. These measures include access controls, encryption in transit and at rest where appropriate, network monitoring, employee training, and routine review of our security practices.
No system is completely secure. If we learn of a security incident that affects personal information, we will notify affected Customers and, where required by law, affected individuals and regulatory authorities, consistent with applicable notification requirements and the commitments in the Terms of Service.
10.1 Consumer Site. The Site and our marketing activities are not directed to children. We do not knowingly collect personal information from children under the age of thirteen (13) through the Site. If we learn that we have collected personal information from a child under thirteen (13) without verifiable parental consent, we will promptly delete that information. If you believe a child under thirteen (13) has provided personal information to us, please contact us using the information in Section 14.
10.2 Customer Data concerning Minor Employees. OneClick’s Customers may employ individuals under the age of eighteen (18) and may submit personal information about those individuals to the Services as part of Customer Data. In that context, OneClick acts as a service provider or processor, and the Customer is the business or controller. The Customer is responsible for (a) compliance with all applicable minor-labor, child-privacy, and parental-consent laws; (b) providing all notices required to be given to employees and, where applicable, parents or guardians; and (c) obtaining and maintaining any required consents. Requests from or on behalf of minor employees regarding personal information contained in Customer Data should be directed to the applicable employer.
11.1 Marketing communications. You may opt out of marketing communications from OneClick at any time by clicking the “unsubscribe” link in any marketing email, replying STOP to any SMS message, or contacting us at support@oneclickapp.com. We will process your request within a commercially reasonable time, typically within ten (10) business days. Transactional communications relating to your account or the Services are not subject to opt-out.
11.2 Rights under state privacy laws. Depending on where you reside, you may have certain rights with respect to personal information that OneClick processes as a business or controller, including rights under CCPA/CPRA (California), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Texas Data Privacy and Security Act, and analogous laws. Subject to the conditions and exceptions in those laws, these rights may include:
11.3 Privacy rights for Canadian residents. If you are a resident of Canada, you have rights with respect to personal information that OneClick processes as an organization under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and, as applicable, provincial privacy laws. Subject to the conditions and exceptions in those laws, these rights include the right to access personal information OneClick holds about you, to request correction of inaccuracies, to withdraw consent to our processing (subject to legal or contractual restrictions), and to challenge our compliance with applicable privacy law. Residents of Quebec may have additional rights under the Act Respecting the Protection of Personal Information in the Private Sector, as amended by Law 25, including data portability and rights with respect to automated decision-making. To exercise these rights, contact us using the information in Section 14.
11.4 How to exercise your rights. To exercise any of these rights with respect to personal information OneClick processes as a business, controller, or organization, submit a request to privacy@oneclickapp.com or write to us at the address in Section 14. We will verify your request using the personal information we already maintain about you. You may designate an authorized agent to act on your behalf; we will require written authorization and may require verification directly from you.
11.5 Customer Data. For personal information contained in Customer Data, OneClick acts as a service provider or processor on behalf of the applicable Customer. If you are an employee, contractor, or other personnel of a Customer and wish to exercise rights with respect to that information, please contact your employer. If you contact OneClick directly, we will refer your request to the applicable Customer and cooperate with the Customer’s response as required under the Terms of Service and the DPA.
11.6 Complaints. If you believe we have not handled your personal information in accordance with this Policy or applicable law, you may file a complaint with the U.S. Federal Trade Commission, with the attorney general of your state of residence, or, if you are a resident of Canada, with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy commissioner. In California, you may also file a complaint with the California Privacy Protection Agency.
The Site and the Services may contain links to, or integrations with, third-party websites, products, and services. We are not responsible for the privacy practices of those third parties, and this Policy does not apply to them. We encourage you to review the privacy policies of third-party sites and services before providing personal information to them.
We may update this Policy from time to time. For changes that materially affect your rights, we will provide at least thirty (30) days’ prior notice by email (to Customers and to individuals whose email addresses we have on file) or by prominent notice on the Site, and will update the “Last updated” date at the top of this Policy. Non-material changes (including clarifications, formatting, and corrections) may be made without individual notice and take effect when posted. Your continued use of the Site or the Services after a change takes effect indicates your acceptance of the updated Policy.
If you have questions about this Policy or our privacy practices, please contact us at:
OneClickApp, LLC
Attn: Privacy Officer
2701 N. Thanksgiving Way #100
Lehi, UT 84043
privacy@oneclickapp.com