Security at One
At One, your account security is paramount. We implement the following to keep your One account secure.
Encryption
One protects data in-transit and at-rest with industry-leading, 256-bit AES level encryption. All accounts are protected by requiring multi-factor authentication for login, as well as a multi-layered risk and anomaly analysis of each login attempt. In addition, customers can use biometric identification, such as Face ID and fingerprint authentication, to open the One app after their first login.
Please read our Privacy Policy to learn more about the information we collect and how we use it. Member deposits for One Cash account are FDIC Insured for up to $250,000 through our FDIC Partner, Coastal Community Bank.
Notifications
One customers may receive alerts regarding actions taken on their account. To receive and action these alerts, turn on notifications during account setup or in your phone's settings.
Instantly block transactions
If your One debit card is lost or unauthorized use is suspected, you can block all your One debit card transactions. Open the One app, go into One Cash, and tap to access card details. Select “Freeze card” to block transactions on your physical debit card. Mobile wallet transactions, like Apple Pay and Google Pay, will still be approved while your physical debit card is frozen. You can unfreeze your card from the same menu. Or if your card is lost or stolen, select “Replace card” from the Card menu, then tap "My card was lost or stolen" to deactivate your current debit card, disable transactions, and immediately prevent new debit purchases or ATM withdrawals, including on any mobile wallets. We will send a new debit card to your mailing address. Please note that any transactions authorized before freezing or replacing your card may still be posted to your account.
What is Phishing?
Phishing is when a scammer sends a message designed to trick a victim into revealing sensitive personal information or allow the scammer to plant malicious software into the victim’s accounts.
Please be aware that One will never ask for any sign-in information, such as your app Passcode or one-time verification code, full Social Security number (aside from when you open an account), or account passwords. Any email correspondence from One will be sent from an address ending in @onefinance.com or @one.app.
Privacy Policy
Privacy Policy: Our Privacy Policy describes our policies and practices with respect to the collection, protection, use, and sharing of your personal information when you use our website and mobile app.
Responsible Disclosure for Security Researchers
One is committed to protecting the confidentiality, integrity, and availability of our customer's data. We value collaboration with the security research community and welcome reports of potential vulnerabilities through One's Vulnerability Disclosure Program (VDP). Reports may be sent to responsible-disclosure@one.app. We ask all researchers to operate in good faith and to notify us as soon as possible once a potential vulnerability is found. We also ask that researchers adhere to the below rules:
- Do not publicly disclose vulnerabilities or discuss them outside the VDP without prior consent from One.
- Do not perform denial of service (DoS or DDos) tests or other tests that could potentially impair access to One's systems.
- Do not perform tests or actions that have the possibility of viewing, modifying, or destroying other users' data.
Social Community Guidelines
We ask that all community members who engage with our social platforms do so in a respectful way. We will always do our best to listen to our community’s feedback, answer your questions honestly, and be as transparent as possible about information sharing. If you post to any of our social platforms, you agree to abide by our community guidelines (as described in detail below). One reserves the right to moderate its community platforms and to determine what content, comment, or account should be removed or blocked. The opinions, statements, and viewpoints expressed in the comments on One’s posts are from the community members—including One employees or partners—and do not necessarily reflect the views of our company. They are the author’s responsibility and reflect the view of the community member who posts the comment.
One strives to create an engaging, informative, and supportive community. We will do our best to moderate and quickly respond to comments and feedback; however, we can’t guarantee that we’ll reply to every comment. Generally, we check the community threads several times during business hours and as time permits on non-business days (weekends and observed holidays).
Every member can help us keep our community safe. If you see something that may violate our guidelines, please help us by direct messaging our account on that social platform. Our team will address the content in question and decide how to move forward. We want to note that other community members may express comments on one or any of our platforms that you might disagree with but are not in violation of our community guidelines. We ask that all users engaging on our platforms read our community guidelines:
Keeping Personal Information Safe
For the safety of our community, you may not publish or post personal information of others on the platforms (for example, full name, job title, where that person lives or works, private contact information such as phone number or email, etc.) We will remove comments that include personal information.
This is a public community, and others can view anything you post. You should not post personal or sensitive information you would not want to publicize. For example, you should never post your Social Security number, account number, passwords, PINs, or other non-public personal information on any of our social media channels.
Remember that your posts are subject to the website’s privacy and data security practices and policies. Even if you delete a post later, it may have already been viewed by others.
Customer Service Inquiries
If you are a One customer with a specific question about your account, you can get help by:
- Chat with us 24/7 in-app
- Call us at (855) 830-6200 between 9 a.m. - 9 p.m. ET, 7 days a week.
- Submitting a help ticket email
We have a presence in various social media/social networking outlets and may occasionally identify and respond to customers seeking assistance with account-related issues.
Local and Federal Laws
You may not use the platforms for any unlawful purpose or to further illegal activities. We will remove any comments that appear legally objectionable or encourage and/or condone a criminal offense of any form. You may not promote violence against, threaten, or harass other people. We will not tolerate any form or threat of violence or harassment. Any user found to be in violation will have any and all comments removed and will be blocked from the platforms.
Repetitive Comments, Spam, and Bots
You may not engage in spamming (repetitive, personal promotion, third-party promotion of sites, initiatives, or products). Accounts found to be engaged in such activity will have their comments removed and blocked from the platform if necessary.
For your online safety, avoid opening any third-party links unless you trust the source. These links may pose a risk to your computer or take you to inappropriate sites.
Vulgar, Misleading, or Obscene Comments
We encourage open, honest dialogue with us and within our community comments. Any account posting disrespectful or hateful comments will have any and all comments removed and will be blocked from the platforms. We reserve the right to determine what content, comment, or account should be removed.
You may not post obscene, misleading, explicit, vulgar, harassing, culturally-, racially-, or socially-insensitive comments on the platforms. We may delete comments or posts that we deem to be:
- Profane, obscene, vulgar, inappropriate, disruptive, or unrelated.
- Indecent, sexually explicit, or pornographic material of any kind—including masked profanity where symbols, initials, intentional misspellings, or other characters are used to suggest profane language.
- Threats; personal attacks; abusive, defamatory, derogatory, or inflammatory language; or stalking or harassment of any individual, entity, or organization.
- Discriminatory or containing hateful speech of any kind regarding age, gender, race, religion, nationality, sexual orientation, gender identity, or disability.
- False, inaccurate, libelous, or otherwise misleading in any way.
Endorsements and Sponsorships
We may occasionally post links to third-party sites or share content. Please note that this does not in any way constitute an official endorsement of the individual, website, or company.
In addition, One has many advertising relationships. Some linked third-party sites may contain content from sponsors, or sponsorships, paid by One. These paid sponsors may disclose this relationship on their websites or in their social media posts.
About One
One is a financial app that helps you save, spend, and grow your money — all in one place.
One investors include Walmart and Ribbit Capital. Banking Services and One debit card provided by Coastal Community Bank, Member FDIC.