OneTrust
OneTrust is a privacy and data governance platform founded in 2016 by Kabir Barday, a former product manager at AirWatch.
Profile
Privacy and data governance platform that helps enterprises comply with global privacy laws, manage vendor risk, govern AI use, and enforce data policies in real time.
OneTrust is a privacy and data governance platform founded in 2016 by Kabir Barday, a former product manager at AirWatch. The Atlanta-based company has grown into the de facto reference platform for enterprise privacy compliance, GRC (governance, risk, compliance), and data governance. With over 14,000 customers including 75% of the Fortune 100 and roughly half of the Fortune 500, OneTrust serves regulated enterprises across financial services, healthcare, technology, and retail.
The platform helps organizations operationalize privacy across multiple jurisdictions, enforce data governance policies in real time, manage vendor risk, and increasingly, govern the use of AI. In February 2026, Barday transitioned to a board advisory role as the company appointed John Heyman, former CEO of Radiant Systems and Snap One, as chief executive. The move signals a maturation phase: OneTrust is now cash-flow positive with over $550 million in annual recurring revenue and is reportedly in discussions with major private equity firms (Vista, Blackstone, KKR, Silver Lake, among others) regarding a potential sale at a valuation exceeding $10 billion—more than double its last official $4.5 billion valuation from July 2023.
The company has faced organizational challenges, including a major 2022 reorganization that cut 25% of its workforce and a March 2026 reduction of 110 employees (approximately 5%). OneTrust has recently doubled down on AI governance, launching a Privacy Breach Response Agent in partnership with Microsoft in November 2025 and expanding its product portfolio into AI risk assessment and consent-aware data clean rooms.
Who buys this
- Large financial services and insurance companies (Aetna, major banks)
- Fortune 100 technology and software platforms (Adobe, Microsoft, Databricks, Snowflake)
- Healthcare systems and life sciences requiring HIPAA and multi-regional compliance
- Retail and consumer goods companies managing privacy across global operations (Samsung)
- Enterprise customers operating across 10+ jurisdictions needing unified governance and consent management
Publicly disclosed clients
- Aetna
- Adobe
- Samsung
- Carrefour
- Match Group
Strengths and what to watch
Strengths
- Dominant market position serving 14,000+ customers and 75% of Fortune 100; only major competitor TrustArc operates at significantly smaller scale
- Operationally profitable and cash-flow positive with $550M+ ARR; does not require capital, making exit on founder/investor terms possible
- Consistent analyst leadership: ranked highest in Forrester Wave Privacy Management Software (Q4 2025) and IDC MarketScape (2025) for both offering and strategy
Watch for
- Active private equity sale discussions (reported November 2025) could result in ownership change and historically correlate with customer price increases
- Recent organizational turbulence: 25% workforce cut in June 2022 and 5% reduction in March 2026 suggest structural challenges; employee sentiment on Glassdoor cites leadership friction, turnover, and culture concerns
- Customer concentration risk: over-reliance on Fortune 100/500 accounts may expose to churn if PE ownership triggers pricing shock or if competitors gain traction in mid-market with lower-cost alternatives
Recent moves
- 8w ago OneTrust integrates consent signals with Snowflake Data Clean Rooms; Doug Owens appointed CFO
- 4mo ago OneTrust appoints John Heyman as CEO; founder Kabir Barday moves to board advisory role
- 7mo ago OneTrust in active private equity discussions with Vista, Blackstone, KKR, and others; rumored valuation exceeds $10 billion
- 7mo ago OneTrust launches Privacy Breach Response Agent built with Microsoft Security Copilot to automate breach notification workflows
- 7mo ago OneTrust named Leader in Forrester Wave Privacy Management Software Q4 2025; ranks highest in Current Offering and Strategy
Key Information
- Industry
- Data Catalog / Governance
- Founded
- 2016
- Employees
- 1001-5000
- Headquarters
- Atlanta, GA
Frequently Asked Questions
What is OneTrust?
OneTrust is a privacy and data governance platform founded in 2016 that helps enterprises comply with global privacy laws, manage vendor risk, govern AI use, and enforce data policies in real time. It serves over 14,000 customers, including 75% of Fortune 100 companies.
Who uses OneTrust?
OneTrust serves regulated enterprises across financial services, healthcare, technology, and retail sectors globally. Notable customers include Aetna, Adobe, Microsoft, Databricks, Snowflake, Samsung, Carrefour, and Match Group. The platform specifically supports Fortune 100/500 companies and organizations needing compliance enforcement across 10+ jurisdictions.
What are OneTrust's main features?
OneTrust operationalizes privacy compliance, enforces data governance policies in real time, manages vendor risk, and increasingly governs AI use. It helps organizations comply with global privacy laws across multiple jurisdictions with unified consent management, data policies, and recently launched a Privacy Breach Response Agent powered by Microsoft.
Is OneTrust profitable?
Yes. OneTrust is operationally profitable and cash-flow positive with over $550 million in annual recurring revenue. The company does not require external capital, making it financially independent. Founded in 2016, it has grown to serve 14,000+ customers and achieve market leadership in enterprise privacy governance.
Who is OneTrust's CEO?
John Heyman became OneTrust's CEO in February 2026, replacing founder Kabir Barday, who transitioned to a board advisory role. Heyman previously served as CEO of Radiant Systems and Snap One. The leadership change signals the company's maturation phase as a market-leading privacy governance platform.
Is OneTrust being acquired?
OneTrust is reportedly in active discussions with major private equity firms including Vista, Blackstone, KKR, and Silver Lake regarding a potential sale at a valuation exceeding $10 billion. This is more than double its last official $4.5 billion valuation from July 2023, reflecting strong market demand for privacy governance solutions.
How OneTrust compares
Direct head-to-head against 3 competitors. Picked by 7wData.
OneTrust
- Positioning
- Privacy and data governance platform that helps enterprises comply with global privacy laws, manage vendor risk, govern AI use, and enforce data policies in real time.
- Customer segments
- Large financial services and insurance companies (Aetna, major banks)
- Strengths
- Dominant market position serving 14,000+ customers and 75% of Fortune 100; only major competitor TrustArc operates at significantly smaller scale
- Watch for
- Active private equity sale discussions (reported November 2025) could result in ownership change and historically correlate with customer price increases
- Recent moves
- OneTrust integrates consent signals with Snowflake Data Clean Rooms; Doug Owens appointed CFO
TrustArc
- Positioning
- Enterprise privacy compliance platform ranked alongside OneTrust as a top-two vendor in privacy management software by MarketsandMarkets.
- Customer segments
- Mid-to-large enterprises in financial services, healthcare, retail, and technology. Buyers: Chief Privacy Officers, Data Protection Officers, compliance teams.
- Strengths
- Nymity Research: 50,000+ expert-written regulatory references updated daily, embedded as a proprietary compliance database no competitor replicates at equivalent depth.
- Watch for
- Second PE ownership change in a short window (Main Capital, October 2025) with stated European expansion focus raises roadmap continuity concerns for US-centric buyers.
- Recent moves
- December 2025: Arc platform reached general availability, a full product rebuild, following the October 2025 acquisition by Main Capital Partners.
BigID
- Positioning
- Enterprise DSPM and data privacy platform covering discovery, classification, security posture, and AI governance across cloud and hybrid environments.
- Customer segments
- Fortune 500 enterprises in finance, healthcare, tech, and retail. Buyers: CISOs, privacy leaders, compliance officers at large organizations.
- Strengths
- Petabyte-scale sensitive data discovery with pre-trained classifiers across 100-plus languages, scored highest in 19 Forrester Wave Q4 2025 criteria.
- Watch for
- May 2026 layoffs cut 20-23 percent of staff, including core Tel Aviv engineers, raising product continuity and support capacity concerns.
- Recent moves
- Acquired illow (consent management startup) January 2025, then launched BigID CMP Express as a standalone consent platform in November 2025.
Collibra
- Positioning
- Enterprise data governance platform. Positioned as the system of record for data assets, policies, and lineage across regulated industries.
- Customer segments
- Global 2000 enterprises. Primary buyers: data governance leads, CDOs, compliance officers in financial services, healthcare, and public sector.
- Strengths
- End-to-end data lineage tracking across structured and unstructured sources, unified with access policy enforcement across Snowflake, Databricks, AWS, Azure, and GCP.
- Watch for
- Buggy releases require premium support every 2 to 4 weeks. New versions (including 2025.02) introduce regressions. Implementation costs significantly exceed upfront quotes.
- Recent moves
- Acquired Raito (data access governance) June 2025 and Deasy Labs (unstructured data classification) July 2025. No new funding round since Series G in late 2021.
Sources
- www.onetrust.com — Company overview, product portfolio, customer base, and recent announcements
- www.prnewswire.com — ARR milestone of $500M+, customer count (14,000+), Fortune 100 penetration (75%), and strategic partnerships
- www.corporatecomplianceinsights.com — CEO leadership transition (John Heyman appointed, Kabir Barday to board) in February 2026
- techcrunch.com — July 2023 funding round ($150M at $4.5B valuation), ARR growth ($400M doubled from 2021), and employee headcount
- news.crunchbase.com — Historical funding rounds and down-round valuation context
- secureprivacy.ai — November 2025 private equity discussions, rumored valuation ($10B+), and interested PE firms
- www.onetrust.com — Privacy Breach Response Agent launch and AI governance product strategy
- www.channelfutures.com — June 2022 workforce reduction of 950 employees (25%) and reorganization rationale