Privacy Policy

Last Revised: 3/9/2025

Welcome! Below you will find the privacy policy for One Morning LLC (“One Morning” “we” or “us”). We are dedicated to protecting your privacy and handling any personal information we obtain from you with care and respect. This privacy policy (the “Policy” or the “Privacy Policy”) is designed to answer your questions regarding how we collect, protect, use, and share information obtained through the One Morning platform, including our website www.onemorning.com and its associated subsites (collectively, the “Services” or “Site”). We also may maintain other websites, which are governed by their own privacy policies.

Please see our separate Terms of Use (www.onemorning.com/terms), which governs the use of the Services. Any capitalized terms not defined herein shall have the same meaning as described in the Terms of Use. We encourage you to read this Policy before using the Services, and not to use the Services if you disagree with any part of this Policy. By using the Services, you accept and agree to this Policy. It is our policy to post any changes we make to our Privacy Policy on this page. The date the Privacy Policy was last revised is identified at the top of the page. If we make changes to this Policy, we will take reasonable steps to alert users of the Services that the Policy has been updated.

Our Site is not intended for minors under 18 years of age. No one under age 18 may provide any information, personal or otherwise, to or on the Site. We do not knowingly collect information from minors under 18 years of age. If you are under 18, do not use or provide any information on this Site or on or through any of its features or provide any information about yourself to us. If we learn we have collected or received personal information from a minor under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about anyone under 18, please contact us at privacy@onemorning.com or at P.O. Box 119, Springboro, OH 45066.

Residents of certain states under 18 years of age may have additional rights regarding the collection and sale of their personal information. See Your State Privacy Rights.

YOU UNDERSTAND THAT ONE MORNING IS NOT A HEALTH CARE PROVIDER, HEALTH CARE CLEARINGHOUSE, OR A HEALTH PLAN, AS THOSE TERMS ARE USED AND DEFINED IN THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, AS AMENDED (HIPPA). HOWEVER, SOME CUSTOMERS OF ONE MORNING MAY QUALIFY AS A COVERED ENTITY UNDER HIPAA, AND AS A RESULT, ONE MORNING MAY BE TREATED AS A BUSINESS ASSOCIATE OF SUCH CUSTOMER, IN WHICH CASE, ONE MORNING WOULD BE REQUIRED TO COMPLY WITH APPLICABLE RESTRICTIONS AND OBLIGATIONS IMPOSED UNDER HIPAA AND RELATED RULES AND REGULATIONS AS IT RELATES TO PROTECTED HEALTH INFORMATION, AS THAT TERM IS DEFINED UNDER HIPAA.

I. Information that we collect on or through the services

Users of the Services can engage in a variety of different activities on the Site, including registering for an account and posting User Content or reading and viewing content that is on the Site, including without a registered account (“Read Only User”). Those who do register for an account with the Site will become registered members (“Members”). Only authorized personnel of an organization with an active Engagement Catalyst Agreement with One Morning can be Members, and only Members may post User Content on the Site, as described in the Terms of Use. The information we collect from users of the Services may vary depending on whether you are a Member or a Read Only User.

If you wish to become a Member (and are an authorized person of an organization with an active Engagement Catalyst Agreement with One Morning), you must provide us with certain Personal Information as part of the registration process, including, for example, name, email address, employer or employee information, benefits or benefit provider information, and password. If you are granted access to Member account (for example, an organization’s account), your organization or a designated administrator thereof may be able to control, view, modify, and administer details of your account, for example, by deciding your access rights or requiring you to take certain actions (for example, use location tracking to access the Member account). If your access rights are amended by your organization or a designated administrator
thereof, then you may lose access to the information that is in the control of your organization. Similarly, your use of the Site and/or the Apps as part of an organization’s account may be subject to the organization’s policies, which may be different from this Policy. We are not responsible for the privacy or security practices of other organizations, and you should consider both the organization's policies and whether you are comfortable enabling the organization with access to your information prior to connecting to their services.

If you decide that you no longer want to be a Member, you can request us to delete your account at any time. If you delete your account any User Content posted on the Site will remain on the Site unless you specifically request in writing that the User Content be removed. You can contact us at privacy@onemorning.com and request that we delete your content and account for you.

A. Personal Information

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

B. WHEN DO WE COLLECT PERSONAL INFORMATION?

Members. We collect Personal Information:

  • directly from you when you provide it to us;
  • automatically as you navigate through the Site, including usage details, IP addresses, and information collected through cookies and other tracking technologies, as further described herein; and
  • from third parties on your behalf, including, for example, information collected from a Member’s employer or benefits provider.

The information we collect directly from Members on or through the Services may include:

  • Information that you provide by filling in forms on the Site and/or information provided to complete registration as a Member. We may also ask you for information when you report a problem with the Services or provide Feedback.
  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Your search queries on the Site
  • User Content posted on the Site

Read Only Users. We may collect Personal Information automatically as you navigate through the Site, including usage details, IP addresses, and information collected through cookies and other tracking technologies, as further described herein.

As Members and Read Only Users navigate through the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your use of the Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Site.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

The technologies we use for this automatic data collection may include information collected through cookies or other tracking technologies. A cookie is a small data file stored on your computer, mobile phone, tablet, or similar device to identify you as a previous visitor to the Site which may help us to personalize your experience when you arrive or help us to do other important things (such as keep our network secure). These cookies are invisible to you, and any portion of our Services may contain them. The information collected by cookies may relate to the browser you are using (e.g., Safari, Internet Explorer, Chrome, Mozilla Firefox, etc.), the internet address from which you linked to the Services, the operating system of your device (e.g., Microsoft Windows, iOS, Android, etc.) and/or the unique IP address of the device you used to access our Services. Some cookies are necessary cookies, and enable the core operation of the Services and cannot be switched off in our systems. They include cookies that we use to help control secure areas of the Site and to make sure they are accessible to you. You can set your browser to block or alert you about these cookies, but some parts of the Services may not work as a result. We may use other types of tracking technologies that allow us to collect certain information such as the number of users that have visited a page. We use these technologies to measure the effectiveness of our content. This allows us to learn what content is most attractive to our users.

Some content or applications on the Site are served by third-parties that we use to support our business operations of the Services, including service providers that provide data analysis, Site infrastructure, information technology services, benefits information, content personalization, email delivery services, market research, or other services to help improve or operate our Services. These third parties may use cookies alone or in conjunction with other tracking technologies to collect information about you when you use our Site. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services.

II. How We Use Information Collected on the Site

We use information that we collect about you or that you provide to us, including any Personal Information:

  • To present the Services and its contents to you.
  • To create your Member account, if you are a Member.
  • To provide you with information, products, or services that you request from us or that may be of interest to you.
  • To respond to service requests from you and support your needs.
  • To personalize your experience on the Site.
  • To aggregate user information to better understand our users’ needs.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including any applicable Engagement Catalyst Agreement and the Terms of Use.
  • To notify you about changes to the Services.
  • To allow you to participate in interactive features on the Site.
  • To enable us to estimate our audience size and usage patterns, speed up your searches, and recognize you when you return to the Site.
  • To improve the Services interface, experience, or functionality.
  • To tailor our content to engage with the interested online community.
  • To carry out our obligations and enforce our rights arising from any misuse of the Services.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

Service Email. We may send you Service-related announcements, which are not promotional in nature, on occasions when it is necessary to do so. For example, if our Service is temporarily suspended for maintenance, we may send you email notification.

Customer Service. Based upon the information you provide us, we may communicate with you in response to your inquiries in order to provide the Services you request and/or to manage your account. We may communicate with you by email or telephone.

Newsletters and Promotions. We may provide you with the opportunity to opt-in to additional newsletters or promotional communications sent by email. If you have opted in or otherwise qualify to receive these forms of communication, we will use your name and email address to communicate with you. Out of respect for your privacy, we provide you a way to unsubscribe by following the instructions included in each communication.

Testimonials. We display personal testimonials of satisfied customers on our Site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at privacy@onemorning.com

III. Disclosure of Your Information

We may disclose aggregated information about our users and such other information that does not identify any individual or device, without restriction.

In addition, we may disclose Personal Information that we collect or you provide to us:

  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use in connection with the Services including service providers that provide data analysis, Site infrastructure, information technology services, benefits information, content personalization, email delivery services, market research, or other services to help improve or operate our Services. These service providers are given access to Personal Information needed to perform their functions, but are restricted from using the Personal Information for purposes other than providing services for us. When we engage a third party who will need to access and process your Personal Information as part of their services, we ascertain that the third party is capable and obligated to provide at least the same level of data privacy and protection as we hold ourselves to.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of One Morning’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by One Morning about the Services users is among the assets transferred.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

We may also disclose your Personal Information:

  • To comply with any court order, law, or legal process, including responding to any government or regulatory request.
  • To enforce or apply our rights arising from any contracts entered into between you and us, including the Terms of Use and Engagement Catalyst Agreement between One Morning and your organization.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of One Morning, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We do not and will not sell Personal Information to third parties. We do not share Personal Information with third parties except as described in this Policy.

We follow all relevant U.S. data protection laws, such as the California Consumer Privacy Act (CCPA), as amended, and to the extent applicable, the Health Insurance Portability and Accountability Act of 1996, as amended. These regulations give you certain rights, including the right to access your data, request deletion, and be assured that we do not sell or misuse your information

IV. Third Party Websites, Products, and Services

For your convenience and information, we may provide links to websites and other third-party services and content that is not owned or operated by us. The third-party websites, services, and content to which we link may have separate privacy notices or policies. We are not responsible for the privacy practices of any entity that we do not own or control. The inclusion of a link or such third-party services/content on the Site does not imply our endorsement of the linked site or that content or service.

When you use the Site, certain third parties may provide us with information about you, your organization, or your device, including those you specifically request or authorize or with which you are affiliated (for example, your employer). Accordingly, we may collect such information:

  • When you sign into a third-party service with your account or when you connect your account to a third-party service.
  • From your employer or the organization in connection with which you use or access the Site.
  • From your service providers, including benefits providers.

V. Choices About How We Use and Disclose Your Information

A. TRACKING TECHNOLOGIES

You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. You can choose whether or not to allow the Services to collect information through other tracking technologies. If you disable or refuse cookies or block the use of other tracking technologies, please note that some parts of the Services may then be inaccessible or not function properly. You also may be able to opt-out of automatic tracking by emailing us at privacy@onemorning.com.

B. location information

You can choose whether or not to allow the Services to collect and use real time information about your device’s location through the device’s privacy settings. If you block the Services’ use of location information, some parts of the Services may then be inaccessible or not function properly.

c. ACCESSING AND CORRECTING YOUR INFORMATION

If you are a Member or a Read Only User, you may send us an email at privacy@onemorning.com to request access to, correct or delete any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

VI. Data Security

We maintain measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls and we have taken other industry standard precautions to protect your Personal Information. That said, the safety and security of some of your information ultimately depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet or mobile platforms is not completely secure. We make no guarantees on the security of your Personal Information transmitted through the Services. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

A. SECURE DATA STORAGE AND TRANSFER

We understand that the security of Personal Information is essential. All personal data stored in our systems, including names, email addresses, and phone numbers, is encrypted to prevent unauthorized access. This encryption applies both when data is stored on our servers and when it’s transmitted, ensuring continuous protection.

For more detailed information on Microsoft Azure’s security features, see Security - Azure App Service.

B. CONTROLLED ACCESS TO DATA

Access to our systems is limited strictly to authorized One Morning personnel and service providers who need it to support our services. We use secure login processes, including requiring passwords to meet security thresholds and using additional verification steps, to ensure that only authorized personnel can access your information. Regular audits of access rights further ensure that data is only accessible to those with a legitimate need.

C. NETWORK AND SYSTEM SECURITY

Our Site is equipped with advanced security features designed to block unauthorized access, prevent attacks, and maintain data integrity. Built-in protections include:

  • Firewalls and Access Controls: Barriers are in place and designed to prevent unauthorized access, along with strict policies that limit who can reach different parts of the system.
  • Real-Time Monitoring: We strive to continuously monitor system activity for any signs of suspicious behavior. If unusual activity is detected, our team is alerted immediately to assess and respond to the situation.
  • Regular Backups and Data Recovery: In the rare event of a system failure, regular data backups are designed to enable us to restore data quickly. This ensures data continuity and availability in the event of an issue.

Employees are further instructed to avoid accessing unsecured networks with devices containing, or otherwise having access to, your personal information.

For more on data protection within Azure SQL Database, see Azure SQL Database Security Overview.

D. INTEGRATION WITH TRUSTED PARTNERS

For features like email and SMS messaging, we work with established partners such as Twilio/SendGrid, who follow stringent security practices. We only share the necessary data, such as names, email addresses, and phone numbers, and securely integrate with their systems to protect your information at every step.

To learn more about Twilio/SendGrid’s security features, visit Twilio Security Practices and SendGrid Security Practices.

E. MONITORING AND INCIDENT RESPONSE

Our systems are designed to detect any unusual or potentially harmful activities. In the event of a security incident, our team has a structured response plan to contain the issue quickly. Immediate steps are taken to secure data and minimize impact, followed by a thorough investigation to identify the cause and address any vulnerabilities.

If any security incident affects customer data, regardless of whether required by law, One Morning will promptly inform affected customers. We will communicate the nature of the incident, including what information was implicated, outline the actions taken to address it, and provide guidance on any steps customers may need to take. This transparent approach helps build trust and ensures that customers are always informed.

Following any security incident, we conduct a full review to understand the root cause and implement necessary improvements. This process helps us refine our security practices and reduce the likelihood of future incidents.

F. REGULAR ADVANCEMENTS

Threats are ever-evolving, and so are we. That is why, even in the absence of any security incidents, we are committed to ensuring that we are utilizing sophisticated and appropriate methods, procedures, systems, and protocols in the protection of your Personal Information. As a result, in addition to conducting regular audits of various systems, as noted in this policy, we may update this policy as we determine necessary to implement changes we find necessary to ensure the security of your information.

VII. Information Retention

Unless you specifically ask us to delete your Personal Information, we retain your Personal Information as long as it is necessary to comply with our data retention requirements and provide you with the benefits of the Services. However, even if you request a deletion, we may be required to maintain your information for as long as necessary to (i) comply with our legal or regulatory compliance needs (e.g. maintaining records of transactions you have made with us); (ii) to exercise, establish or defend legal claims; and/or (iii) to protect against fraudulent or abusive activity on our Services.

There may be occasions where we are unable to fully delete, anonymize, or de-identify your information due to technical, legal, regulatory compliance or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your Personal Information from any further processing until we are able to delete, anonymize, or de-identify it.

VIII. State-Specific Rights

If you are a Vermont resident, you may have the following rights:
We will not share your non-public Personal Information with unaffiliated third parties unless you authorize us to make those disclosures without your consent, other than as permitted by law. Further, we will not share credit reports with our affiliates without your consent.

If you are a California resident, you may have the following rights:

  • Access. You may have the right to access:
  • the categories of Personal Information we have collected about you;
  • the sources from which that information was collected;
  • the business or commercial purpose for collecting your Personal Information;
  • the categories of third parties with whom we share your Personal Information;
  • the specific pieces of Personal Information we have collected about you;
  • the categories of Personal Information we sold about you;
  • the categories of third parties to whom we sold Personal Information about you; and
  • the categories of Personal Information we disclosed for a business purpose.

Deletion.  We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, including to comply with applicable legal, regulatory, contractual, and operational requirements. Retention periods may vary depending on the nature of the information and the requirements of laws in the jurisdictions in which One Morning operates or is contractually bound. We endeavor to delete or anonymize Personal Information when it is no longer necessary for these purposes, unless further retention is required or permitted by law."

You may have the right, under certain circumstances, to request that we delete the Personal Information you have provided to us.

Non-discrimination. You have the right to be free from discrimination related to your exercise of any of your California privacy rights.

Verification. In order to protect your Personal Information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you are not a Member, or if we suspect that your Member account has suffered fraudulent or malicious activity, we may ask you to provide additional Personal Information for verification. If we are subsequently unable to confirm your identity, we may refuse your rights request.

Authorized agents. You may use an authorized agent to submit a rights request. If you do so, the agent must present signed written authorization to act on your behalf, and you may also be required to independently verify your identity or your legal authority or ownership of the Personal Information with us.

Please note that we may claim legal exemptions for certain types of Personal Information from all or certain parts of the CCPA pursuant to various CCPA exemptions.

Privacy Management. You may:

  • Update your privacy settings by contacting us at privacy@onemorning.com.
  • Download a copy of your Personal Information. You may request a copy of your Personal Information by emailing us at privacy@onemorning.com.
  • Correct your personal information. You can edit and correct your Personal Information at any time by changing it directly in your account if you are a Member. You may also request us to correct your Personal Information by emailing us at privacy@onemorning.com.
  • Delete your Personal Information. You may request us to delete your Personal Information by emailing us at privacy@onemorning.com.
  • Cookies and other tracking technologies. You may be able to opt-out of automatic tracking by emailing us at privacy@onemorning.com or otherwise disables cookie and other tracking technologies on your device.

IX. Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

One Morning, LLC
P.O. Box 119
Springboro, OH 45066
privacy@onemorning.com

© 2025 One Morning, LLC “One Morning” is a trademark of One Morning, LLC, with the U.S. Serial Number 98581917.

Back to top
Terms of UsePrivacy Policy