Privacy Policy

Effective Date: April 25, 2013

Introduction

Okta, Inc. ("Us," "We," "Our," "Okta," or the "Company") is committed to protecting the privacy of your information. This Privacy Statement describes Okta's Web site privacy practices.

Okta has been awarded TRUSTe's Privacy Seal signifying that this privacy policy and practices have been reviewed by TRUSTe for compliance with TRUSTe's Program Requirements and the TRUSTed Cloud Program Requirements including transparency, accountability and choice regarding the collection and use of your personal information. TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy policy or practices, please contact us at info@okta.com. If you are not satisfied with our response you can contact TRUSTe here .

Okta complies with the U.S. – E.U. Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Okta has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Okta's certification, please visit http://www.export.gov/safeharbor/.

Web Sites Covered

Okta has established this Privacy Policy to help you to understand how Okta collects and uses personally identifiable information. This Privacy Policy covers the information practices of Web sites that link to this Privacy Policy, including, but not limited to http://ww.okta.com.

Okta's Web sites may contain links to other Web sites. Okta is not responsible for the information practices or the content of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.

Information Collected by Okta

Okta offers a variety of applications and services that are collectively referred to as the "Services". Okta collects information from individuals who visit the Company's Web sites ("Visitors") and individuals whose employer has elected to use the Services ("Users").

Personal Information You Provide to Us. We receive and store any information you enter when expressing an interest in obtaining more information about the Service, registering and using the Service, or provide to us in any other way. For example, when expressing an interest in obtaining information about the Services or registering to use the Services on Our web site, Okta may require you to provide personal contact information, such as name, company name, address, phone number, email address, and any other information necessary for us to provide you with access to the various aspects of the Services (collectively "Personal Information"). You can choose not to provide us with certain information, but then you may not be able to take advantage of many of our special features. The Personal Information you provide is used for such purposes as answering questions, improving the content of the Web site, customizing the content you see, and communicating with you about Okta's Services, including specials and new features.

Personal Information Collected Automatically. As you navigate or interact with Okta's Web sites and Services, Okta may also automatically collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons.

  1. Cookies

    Okta uses cookies to make interactions with the Services easy and meaningful. When you visit or interact with the Services, Okta's servers send a cookie to your computer. Standing alone, cookies do not personally identify you. They merely recognize your Web browser. Unless you choose to identify yourself to Okta, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a "Contact Me" or a "30 Day Free Trial" Web form), Okta has no way to associate this cookie data with your Personal Information.

    Okta uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you log out of the Okta Service, close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer.

    If you have chosen to identify yourself to Okta, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your account is placed your browser. These session cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Session cookies are required to use many features of the Services.

    Okta also uses an opt-in persistent cookie to remember your username. This opt-in persistent cookie allows you to log into the Okta Service without entering your username every time you use the Service.

    Most browsers have an option for turning off cookies, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave cookies activated, however, because many aspects of the Service require that cookies be enabled in order to function properly.

    Okta's Service connects users to third party services, with whom Okta partners with to provide the Service. The use of cookies by our partners is not covered by our privacy statement. We do not have access or control over these cookies. Our partners use session ID cookies to manage a user's connection to the partner's service.

  2. Web Beacons

    Okta uses Web beacons alone or in conjunction with cookies to compile information about your usage of the Web site and Services, interaction with emails from the Company, and to operate and improve the Services. Web beacons are invisible electronic images that can recognize certain types of information on your computer, such as (1) cookies, (2) the time you viewed a particular Web site tied to the Web beacon, or (3) a description of a Web site tied to the Web beacon.

  3. IP Addresses and Browser Information

    When you visit or use the Services, the Company collects your Internet Protocol ("IP") addresses, browser information and operating system to track and aggregate non-personal information. For example, Okta uses IP addresses to monitor the regions from which Users and Visitors navigate the Company's Web sites.

  4. Other Third Party Tracking

    Okta engages third parties, which use web beacons, images, and scripts, to help us better manage content on our website. For example, Okta's uses third parties to assist in marketing initiatives and such third parties may use web beacons to better track the effectiveness of Our campaigns. Okta does not provide Personal Information to the third parties but We may tie the information gathered from third party tracking to our Users' or Visitors' Personally Identifiable information for marketing purposes.

Use of Information Collected

Okta also collects IP addresses from Users when they log into the Services as part of the Company's "Identity Confirmation" and "IP Range Restrictions" security features. Okta may use the collected Personal Information and other information Okta collects about your use of the Service to operate and make the Service available to you; for billing, identification and authentication; to send updates about our company and our products; to contact you about your use of the Service; for research purposes, and to generally improve the content and functionality of the Service and Web site.

Okta may also transmit or share your Personal Information with its third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and other technology and services required to operate and maintain the Service, which may require that your Personal Information be transferred from your current location to the offices and servers of Okta and the authorized third parties referred to in this paragraph. Unless we tell you differently, Okta's agents and service providers do not have any right to use Personal Information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information for the above purposes.

We may occasionally run contests or other special promotions on the Website in which we ask persons who choose to participate for contact information (like an e-mail address) or demographic information (like a zip code, industry or country). We may use the data we collect from you in these contests and promotions to send you promotional material about our company or our partners. Your contact information collected from these contests and promotions may be used to administer the contest and notify winners and contact you when necessary.

Except as described in this policy, Okta will not give, sell, rent, or loan any identifiable Personal Information to any third party, without your prior consent. We may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law. Okta may also provide non-personal, summary or group statistics about our customers, sales, traffic patterns, and related Services information to reputable third-party vendors, but these statistics will include no Personal Information.

If Okta is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Protection of Information

Personal Information you enter in to the Services is protected by a password for your privacy and security. You need to ensure that there is no unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer (or other device) and browser by signing off after you have finished accessing your account.

The security of your Personal Information is important to us. When you enter sensitive information, we encrypt the transmission of that information using secure socket layer technology (SSL).

Okta maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access. However, no data transmission over the Internet or information storage technology is 100% secure; and Okta cannot guarantee the security of user account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. If you have any questions about security on our web site, you can contact us at info@okta.com.

The Service may contain links to other sites. Okta is not responsible for the privacy policies and/or practices on other sites. When linking to another site you should read the privacy policy stated on that site. This Privacy Policy only governs information collected on the Website.

Access to Personally Identifiable Information

Users may update their Personal Information by editing their user information in the Service. If you're a Visitor and your Personal Information changes, or if you no longer desire information on our Service, you may have your Personal Information updated or removed from our records by emailing accounts@okta.com or by contacting us by telephone or postal mail at the contact information listed below.

We will respond to your request within 30 days.

What Choices Do I Have?

  • As stated previously, you can always opt not to disclose information, even though it may be needed to take advantage of or register for certain features of the Services.
  • You may request deletion of your Okta account by sending an e-mail to accounts@okta.com.
  • If you do not wish to receive email or other mail from us, please indicate this preference during the registration process, by changing your account settings, following the unsubscribe mechanism within the message or by notifying us at accounts@okta.com. Please note that if you do not want to receive legal notices from us, such as this Privacy Policy, those legal notices will still govern your use of the Website, and you are responsible for reviewing such legal notices for changes.

Customer Testimonials/Comments/Reviews

We post customer testimonials/comments/reviews on our web site which may contain personally identifiable information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at info@okta.com.

Public Forums:

Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at info@okta.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Social Media Widgets

Our Web site includes Social Media Features, such as the Facebook and Twitter buttons and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

Information Collected on Behalf of our Customers using the Service

Okta collects information under the direction of its customers and has no direct relationship with the individual Users/employees whose personal data it processes. Okta works with its customers to help them provide notice to their employees concerning the purpose for which personal information is collected.

We collect information for our customers, if you are an employee of one of our customers and would no longer like to use Okta's service, please contact your Employer directly. Okta may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers.

Okta has no direct relationship with the individuals whose Personal Information it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to their Employer. If the Employer/ Okta's Customer requests that Okta remove the data, we will respond to their request within 30 business days.

Okta will retain Personal Information we process on behalf of our customers for as long as needed to provide services to our customer. Okta will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Changes to Privacy Policy

Okta may amend or update this policy from time to time. You can review the most current version of this privacy policy at any time at http://www.okta.com/privacy/index.html. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make material changes in the way we use Personal Information, we will notify you by posting an announcement on the Website or sending you an email prior to the change becoming effective. Your continued use of the Services following any such change constitutes your agreement to be bound by such changes to the privacy policy. Your only remedy, if you do not accept the terms of this privacy policy, is to discontinue use of the Services.

Contact Us

If you have any questions about this Privacy Policy or this Web site, please contact us directly at: info@okta.com.

Written inquiries may be addressed to:

Okta, Inc.,
Chief Security Officer,
301 Brannan Street, Suite 300
San Francisco, CA 94107

(888) 722-7871