Effective Date: April 25, 2013
Okta, Inc. ("Us," "We," "Our," "Okta," or the "Company") is committed to protecting the privacy of your information. This Privacy Statement describes Okta's Web site privacy practices.
Okta complies with the U.S. – E.U. Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Okta has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Okta's certification, please visit http://www.export.gov/safeharbor/.
Okta's Web sites may contain links to other Web sites. Okta is not responsible for the information practices or the content of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.
Okta offers a variety of applications and services that are collectively referred to as the "Services". Okta collects information from individuals who visit the Company's Web sites ("Visitors") and individuals whose employer has elected to use the Services ("Users").
Personal Information You Provide to Us. We receive and store any information you enter when expressing an interest in obtaining more information about the Service, registering and using the Service, or provide to us in any other way. For example, when expressing an interest in obtaining information about the Services or registering to use the Services on Our web site, Okta may require you to provide personal contact information, such as name, company name, address, phone number, email address, and any other information necessary for us to provide you with access to the various aspects of the Services (collectively "Personal Information"). You can choose not to provide us with certain information, but then you may not be able to take advantage of many of our special features. The Personal Information you provide is used for such purposes as answering questions, improving the content of the Web site, customizing the content you see, and communicating with you about Okta's Services, including specials and new features.
Personal Information Collected Automatically. As you navigate or interact with Okta's Web sites and Services, Okta may also automatically collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons.
If you have chosen to identify yourself to Okta, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your account is placed your browser. These session cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Session cookies are required to use many features of the Services.
Okta also uses an opt-in persistent cookie to remember your username. This opt-in persistent cookie allows you to log into the Okta Service without entering your username every time you use the Service.
Most browsers have an option for turning off cookies, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave cookies activated, however, because many aspects of the Service require that cookies be enabled in order to function properly.
Okta uses Web beacons alone or in conjunction with cookies to compile information about your usage of the Web site and Services, interaction with emails from the Company, and to operate and improve the Services. Web beacons are invisible electronic images that can recognize certain types of information on your computer, such as (1) cookies, (2) the time you viewed a particular Web site tied to the Web beacon, or (3) a description of a Web site tied to the Web beacon.
When you visit or use the Services, the Company collects your Internet Protocol ("IP") addresses, browser information and operating system to track and aggregate non-personal information. For example, Okta uses IP addresses to monitor the regions from which Users and Visitors navigate the Company's Web sites.
Okta engages third parties, which use web beacons, images, and scripts, to help us better manage content on our website. For example, Okta's uses third parties to assist in marketing initiatives and such third parties may use web beacons to better track the effectiveness of Our campaigns. Okta does not provide Personal Information to the third parties but We may tie the information gathered from third party tracking to our Users' or Visitors' Personally Identifiable information for marketing purposes.
Okta also collects IP addresses from Users when they log into the Services as part of the Company's "Identity Confirmation" and "IP Range Restrictions" security features. Okta may use the collected Personal Information and other information Okta collects about your use of the Service to operate and make the Service available to you; for billing, identification and authentication; to send updates about our company and our products; to contact you about your use of the Service; for research purposes, and to generally improve the content and functionality of the Service and Web site.
Okta may also transmit or share your Personal Information with its third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and other technology and services required to operate and maintain the Service, which may require that your Personal Information be transferred from your current location to the offices and servers of Okta and the authorized third parties referred to in this paragraph. Unless we tell you differently, Okta's agents and service providers do not have any right to use Personal Information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information for the above purposes.
We may occasionally run contests or other special promotions on the Website in which we ask persons who choose to participate for contact information (like an e-mail address) or demographic information (like a zip code, industry or country). We may use the data we collect from you in these contests and promotions to send you promotional material about our company or our partners. Your contact information collected from these contests and promotions may be used to administer the contest and notify winners and contact you when necessary.
Except as described in this policy, Okta will not give, sell, rent, or loan any identifiable Personal Information to any third party, without your prior consent. We may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law. Okta may also provide non-personal, summary or group statistics about our customers, sales, traffic patterns, and related Services information to reputable third-party vendors, but these statistics will include no Personal Information.
If Okta is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Personal Information you enter in to the Services is protected by a password for your privacy and security. You need to ensure that there is no unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer (or other device) and browser by signing off after you have finished accessing your account.
The security of your Personal Information is important to us. When you enter sensitive information, we encrypt the transmission of that information using secure socket layer technology (SSL).
Okta maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access. However, no data transmission over the Internet or information storage technology is 100% secure; and Okta cannot guarantee the security of user account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. If you have any questions about security on our web site, you can contact us at firstname.lastname@example.org.
Users may update their Personal Information by editing their user information in the Service. If you're a Visitor and your Personal Information changes, or if you no longer desire information on our Service, you may have your Personal Information updated or removed from our records by emailing email@example.com or by contacting us by telephone or postal mail at the contact information listed below.
We will respond to your request within 30 days.
We post customer testimonials/comments/reviews on our web site which may contain personally identifiable information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Okta collects information under the direction of its customers and has no direct relationship with the individual Users/employees whose personal data it processes. Okta works with its customers to help them provide notice to their employees concerning the purpose for which personal information is collected.
We collect information for our customers. If you are an employee of one of our customers and would no longer like to use Okta's service, please contact your Employer directly. Okta may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers.
Okta has no direct relationship with the individuals whose Personal Information it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to their Employer. If the Employer/ Okta's Customer requests that Okta remove the data, we will respond to their request within 30 business days.
Okta will retain Personal Information we process on behalf of our customers for as long as needed to provide services to our customer. Okta will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Written inquiries may be addressed to:
Chief Security Officer,
301 Brannan Street, Suite 300
San Francisco, CA 94107