OneTrust Talking to Private Equity to Sell

Did Captain Compliance just buy OneTrust the Atlanta-based “trust intelligence” platform that helps enterprises manage privacy, AI governance, security and ethics company? No, not quite but we are helping to report on the exciting news as we continue to see increased demand to help clients who switch from OneTrust to Captain Compliance for their data privacy needs.

OneTrust’s Private Equity Talks and the Trend of Privacy-Tech Consolidation

According to external reporting, the nine-year-old company, last valued at $4.5 billion when they were doing $250 million in ARR, has held discussions with private equity firms about a possible transaction. The potential buyers are rumored as follows:

Vista Equity Partners:  One of the most active and specialized PE firms focused exclusively on enterprise software. Their model is to buy mature, mission-critical software companies and optimize their operations. Comparable deals such as buying out KnowBe4, Cvent, Marketo, Pipedrive, and Gainsight (majority stake).
Thoma Bravo: A top PE firm with a deep focus on software and technology, particularly in cybersecurity, which is closely related to OneTrust’s privacy and compliance space. Comparable deals such as buying out Sophos ($3.8B), Proofpoint ($12.3B), Veritas, and a significant stake in McAfee.
Blackstone: One of the largest alternative asset managers globally, with a massive technology investment group capable of multi-billion-dollar deals. They have a focus on high-growth areas like digital transformation. Comparable deals such as buying out Ancestry ($4.7B), Veeam (majority stake), and Bumble (majority stake in 2019).|
Silver Lake: Focuses on large-scale technology buyouts and growth equity investments. They often target companies that are undergoing significant technological and operational change.Buying out Dell (a key part of its $24.9B take-private), First Advantage, and significant investments in Broadcom’s software division.
Kohlberg Kravis Roberts (KKR): A major global PE player with a dedicated Technology Group. They seek to acquire market-leading technology platforms. Buying out Cloudera, BMC Software, and Corel. Hellman & Friedman (H&F). Known for large-scale buyouts of market-leading companies, often in high-growth or regulatory-driven sectors, which aligns with the privacy/compliance space. Comparable deals such as buying out Verisure and major investments in Splunk.
Marlin Equity Partners: California based private equity shop that owns numerous compliance, GRC, and privacy companies including Didomi/Source Point.

Current Cap Table Investors to Buy Out OneTrust

Insight PartnersMajor Investor: Led the Series A funding and has participated in multiple subsequent rounds, making them a highly informed potential buyer.
TCV (Technology Crossover Ventures): A Major Investor. Led a significant Series C round. They are a large tech-focused investment firm known for scaling software giants.

Coatue ManagementSignificant Investor: A major participant in earlier funding rounds.
Generation Investment Management: Latest Lead Investor. Led the $150M funding round in 2023, giving them the most recent deep diligence on the company’s $4.5B valuation.

While no deal has been officially announced and terms remain undisclosed, the talks underscore how far the privacy-tech sector has come and how quickly it’s consolidating. A recent insider reports that OneTrust is closer to $550 million in ARR now up from $505 million in July and yet on the other side of the coin a privacy tech competitor stated that 1/3rd of their net new clients are coming from the privacy giant.

“Great companies are always ‘for sale’ if there is the right buyer or opportunity,” said Richard Wells, managing director at Insight and a board member at OneTrust, in a statement. “While there is no formal process for a OneTrust sale, there has been a recent increase in investor interest.”

Representatives for OneTrust didn’t respond to a request for comments.

OneTrust by the Numbers

Founded in 2016, OneTrust grew rapidly on the back of regulations such as the EU GDPR and the California Consumer Privacy Act, expanding from buying the Optanon cookie banner and consent management software from the United Kingdoms Gilbert Hill a true visionary in the privacy space. That deal was led by co-founder Alan Dabbiere and John Marshall founders of AirWatch who funded OneTrust and initially and set them up for sucess. From there OneTrust expanded into data discovery, privacy operations, third-party risk and AI governance.

Public disclosures show a steep funding and valuation curve:

• July 2019 – Series A: $200 million at a roughly $1.3 billion valuation. This was courtesy of the AirWatch and Manhattan Associates founders.
• February 2020 – Series B: $210 million at about $2.7 billion.
• December 2020 – Series C: $300 million at a $5.1 billion valuation, led by TCV with Insight Partners and Coatue participating.
• July 2023 – Growth round: $150 million led by Generation Investment Management at a $4.5 billion valuation, bringing total funding to more than $1 billion.

In May 2024, OneTrust announced it was on track to surpass $500 million in annual recurring revenue (ARR) later in the year while maintaining positive free cash flow, serving more than 14,000 customers including 75% of the Fortune 100.

That profile — high recurring revenue, profitability and a large enterprise footprint is exactly the kind of asset that attracts private equity interest.

What’s Actually Happening With the Sale Talks?

The Information reported on November 13, 2025, that OneTrust, last valued at $4.5 billion, has discussed a sale with private equity buyers.
The reporting frames OneTrust as part of a broader pattern: mature, venture-backed software companies with strong recurring revenue and slower IPO markets are increasingly exploring secondary sales or buyouts.

Since July: A Privacy-Tech M&A Wave

The timing of OneTrust’s PE talks coincides with a sharp pickup in privacy and consent-tech deals since mid-2025. Several notable transactions involve companies that sit directly in OneTrust’s competitive and adjacent landscape. This comes on the heels of Wirewheel a venture backed startup that was taken over by competitor Osano and BigID’s purchase of Illow.io a LatAm focused consent management platform earlier this year. It is also rumored that BigID is also exploring sale talks which would leave Captain Compliance as one of the only privacy focused platforms left with founder leadership that has not sold.

Didomi and Sourcepoint: Consolidation in Consent Management

In April 2025, French privacy and consent platform Didomi announced a majority growth investment from private equity firm Marlin Equity Partners, raising roughly €72 million (about $80–83 million). The investment was structured to support international expansion and to finance acquisitions, including the purchase of server-side tagging specialist Addingwell.

On July 8, 2025, Marlin’s portfolio company Didomi then acquired rival CMP Sourcepoint, a data privacy and consent technology vendor with strong publisher market share and more than 200 enterprise customers.

Sourcepoint is being merged into Didomi, creating a combined platform targeting privacy-respecting data collection and consent across web, app and CTV environments. The financial terms were not disclosed, but the move effectively counts as a sale of Sourcepoint into the Didomi/Marlin platform and cements Didomi and Marlin Equity as a potential buyer for OneTrust to create one mega-platform.

Securiti AI: $1.73 Billion Exit to Veeam

In October 2025, data resilience and backup provider Veeam announced it would acquire data privacy and AI governance company Securiti AI for approximately $1.7–1.73 billion in cash.

Securiti AI, founded in 2018–2019, built a “Data Command Center” platform that combines data discovery, privacy, security posture management and AI governance across multi-cloud and SaaS environments.

Veeam, itself owned by Insight Partners, is positioning the acquisition as a way to deliver a unified data resilience and AI-trust platform — from backup and recovery to data mapping, privacy controls and AI risk management. The deal, expected to close in Q4 2025, is one of the largest pure-play privacy/AI governance exits to date and puts direct pressure on other data-privacy platforms to articulate their AI story. Revenue from Securiti AI has been rumored to be in the range of $70 million to as high as $300 million.

TrustArc: Private Equity Ownership via Main Capital Partners

Also in October 2025, long-standing privacy management vendor TrustArc was acquired by European private equity firm Main Capital Partners.

The transaction, announced mid-October and highlighted in late-October portfolio and law-firm releases, transferred ownership from prior investor Bregal Sagemount to Main Capital. Financial terms were not disclosed but insiders have said it traded on a very generous multiple showcasing strength for the privacy tech industry.

TrustArc and Main Capital have indicated that the investment will be used to:

• Accelerate expansion in Europe and India, and
• Invest further in AI-driven user experiences for privacy compliance and risk management.

The IAPP recently framed the Securiti AI and TrustArc sales as the first “major” privacy-tech vendor acquisitions in several years, noting that they could signal a renewed appetite among investors for this category after a quieter period.

How OneTrust Fits Into This Consolidation Trend

Taken together, the Didomi/Sourcepoint combination, Securiti AI’s sale to Veeam, TrustArc’s sale to Main Capital and now OneTrust’s PE conversations all point in the same direction: privacy-tech is entering a consolidation phase.

Some themes emerging from these deals:

• Scale and platform breadth matter. Buyers want platforms that span privacy, security, AI governance and data resilience, not isolated point tools.
• AI is now central, not optional. Securiti AI’s exit and TrustArc’s stated focus on AI-enhanced workflows show that privacy tools are increasingly judged on how well they help organizations use AI safely, not just manage cookie banners or DSARs.
• Private equity is comfortable with privacy-tech fundamentals. Recurring revenue, sticky enterprise contracts and regulatory tailwinds make these companies attractive leveraged-buyout candidates.

In that environment, OneTrust — with over $550 million in ARR, positive free cash flow and a large enterprise installed base — looks like a natural candidate for private equity ownership, whether in the form of a full buyout or a large minority stake that insiders expect to come in at over $10 billion.

What This Means for Buyers of Privacy and Consent Software

For legal, privacy and security teams, the current wave of deals has practical implications:

• Vendor stability vs. change. Private equity owners often push for efficiency and cross-selling. That can mean stronger roadmaps and more integrations, but it also can mean product rationalization, price changes or support model shifts.
• Contract lock-in. If your organization is mid-renewal with OneTrust, TrustArc or Securiti AI, it’s worth carefully negotiating data exit rights, SLAs, and price-protection terms, given potential ownership changes.
• Room for independent challengers. As big platforms consolidate, there is still strong demand — especially in the mid-market — for nimble, AI-forward alternatives that can deploy quickly and integrate well with existing marketing and data stacks.

In that mid-market segment, independent platforms like us here CaptainCompliance.com are positioned as lighter-weight, faster-to-deploy alternatives to the large “trust suites,” focusing on rapid consent deployment, dynamic notices and automation rather than multi-year, multi-module rollouts.

What to Watch Next

For now, OneTrust’s private equity discussions are just that — discussions. But combined with:

• Marlin’s majority investment in Didomi and its acquisition of Sourcepoint,
• Veeam’s $1.7+ billion deal for Securiti AI, and
• Main Capital Partners’ acquisition of TrustArc,

…it’s clear that investors see enduring value in privacy, consent and AI-governance infrastructure.

When OneTrust does complete a transaction, the deal size, structure (full buyout vs. minority growth investment) and post-close strategy will likely set expectations for how late-stage privacy-tech unicorns are valued and managed in this next phase of the market. Even if no sale materializes, the fact that a company with this scale and profile is openly entertaining private equity options is itself a signal: privacy-tech has matured from “fast-growing niche” to a core, buyout-worthy part of the enterprise software stack.