Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Effective Date: May 25, 2018

Introduction

Okta, Inc., including its wholly-owned subsidiaries (collectively, "Us," "We," "Our," "Okta," or the "Company") is committed to protecting the privacy of individuals who visit the Company’s Web sites (“Visitor(s),” “You,” and derived adjective “Your”), individuals who register to use the Service as defined below (“Customers”), and individuals who register who attend the Company’s corporate events (“Attendees”). This Privacy Statement describes Okta's privacy practices with regards to its Web sites and the related services and applications offered for production use by Okta to its customers that purchase commercial subscriptions (collectively, the “Service”).

If You have questions or complaints regarding Okta’s Privacy Statement or practices, please contact Us at [email protected].

Okta complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. 

Web Sites Covered

Okta has established this Privacy Statement to help You to understand how Okta collects and uses personally identifiable information. This Privacy Statement covers the information practices of Web sites that link to this Privacy Statement, including, but not limited to http://www.okta.com, http://www.identityis.com, and http://www.oauth.com.

Okta's Web sites may contain links to other Web sites. Okta is not responsible for the information practices or the content of such other Web sites. The Company encourages You to review the privacy statements of other Web sites to understand their information practices.

Information Collected by Okta

Okta does not collect email addresses from the Service for marketing use. Okta does collect information from Visitors. This information is collected in accordance with this Privacy Statement, from sources that include but are not limited to content syndication, Web site registration forms, webinar registration forms and conferences.

Personal Information You Provide to Us. Okta collects information from Visitors to the Okta Web sites and Customers of the Service. Okta receives and stores any information entered when expressing an interest in obtaining more information about the Service or registering to use the Service. When a Visitor expresses an interest in obtaining information about the Service or registering to use the Service on Okta’s Web sites, Okta may require the Visitor to provide personal contact information, such as name, company name, address, phone number, email address, and any other information necessary for Us to provide Visitors with access to the various aspects of the Service (collectively, “Personal Information”). The Personal Information Visitors provide may be used for such purposes as answering questions, improving the content of the Web sites, customizing the content, and communicating with Visitors about Okta's Service, including special offers, announcements, and new features.

Personal Information Collected Automatically. As Visitors navigate or interact with Okta's Web sites, Okta may also automatically collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons.

Other Third Party Tracking

Okta engages third parties, which use Web beacons, images, and scripts, to help better manage content on Okta’s Web sites. Okta does not provide Personal Information to the third parties, but may tie the information gathered from third party tracking to Visitors’ Personal Information for marketing purposes.

  1. Cookies:

    Okta uses cookies to make interactions with the Web sites easy and meaningful. When a Visitor interacts with the Web sites, Okta's servers send a cookie to the Visitor’s computer. Standing alone, cookies do not personally identify the Visitor; they merely recognize the visitor’s Web browser. Unless the Visitor chooses to identify themself to Okta, either by responding to a promotional offer, opening an account, or filling out a Web form, Okta has no way to associate this cookie data with the Visitor’s Personal Information.

    For the Web sites, Okta uses cookies that are session-based. Session cookies exist only during one session. They disappear from the Visitor’s computer upon closing their browser software or turning off their computer.

    Most browsers have an option for turning off cookies, which will prevent the browser from accepting new cookies, as well as (depending on the sophistication of the browser software) allowing the Visitor to decide on acceptance of each new cookie in a variety of ways.

    Okta's Web sites connect Visitors to third party service providers, with whom Okta partners with to provide the relevant content. The use of cookies by Okta’s partners is not covered by Okta’s Privacy Statement. Okta does not have access or control over these cookies. Okta’s partners use session ID cookies to manage a Customer's connection to the partner's service.

  2. Web Beacons:

    Okta uses Web beacons alone or in conjunction with cookies to compile information about Visitors’ usage of the Web sites, interaction with emails from Okta, and to operate and improve the Web sites. Web beacons are invisible electronic images that can recognize certain types of information on a Visitor’s computer, such as (1) cookies, (2) the time a particular Web site is viewed to the Web beacon, or (3) a description of a Web site tied to the Web beacon.

  3. IP Addresses and Browser Information:

    When a Visitor interacts with the Web sites, Okta collects the Visitor’s Internet Protocol ("IP") address(es), browser information and operating system to track and aggregate non-personal information. For example, Okta uses IP addresses to monitor the regions from which Visitors navigate the Web site, and for marketing purposes.

  4. Other Third Party Tracking:

    Okta engages third parties, which use Web beacons, images, and scripts, to help better manage content on Okta's Web sites. Okta does not provide Personal Information to the third parties but may tie the information gathered from third party tracking to our Visitors' Personal Information for marketing purposes.

Use of Cookies by Okta

Cookies are small text files placed on an individual’s computer by Web sites that the individual has visited. They are used to make Web sites work more effectively and efficiently. Cookies may also provide information to the owner of a Web site. No Personal Information is stored within them; however, details are below to describe the cookies Okta and its service providers use, and to explain why they are used.

On this page, We provide a list of  cookies and services that may set cookies on Your device that have provided such information to Us. We also provide links to each of those third-party services' privacy policies and opt-out information. Not all third party services provide information to opt out of their cookies. If You do not wish to have cookies set on Your device for any reason, You may opt out of all cookies via Your browser.

Performance Cookies

These cookies help Us understand how Visitors interact with our Web sites by providing information about the areas visited, the time spent on the Web site, and any issues encountered, such as error messages. This helps us improve the performance of our Web sites.

Cookies

Name

Purpose

Cookies/Privacy Policy Link

Google Analytics

 

  • _utma
  • _utmb
  • _utmc
  • _utmz

Google Analytics cookies are used to collect information about how Visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of Visitors to the site, where Visitors have come to the site from, and the pages they visited. Opt Out

Privacy Policy

Optimizely

 

  • optimizely Buckets
  • optimizely EndUserId
  • optimizely Segments

 

Optimizely uses cookies to identify a Visitor's browser and track Web site usage while on a partner site. The cookies come from partner website domains and from our log subdomain. You can reset your web browser's cookies to clear these cookies. For more information, see Optimizely's full privacy policy. Opt Out.

Privacy Policy

Bizible

 

  • _biz_acctSettingsA
  • _biz_ctA
  • _biz_EventA
  • _biz_frmA
  • _biz_nA
  • _biz_PendingA
  • _biz_sid
  • _biz_uid

 

Bizible Marketing Analytics is a plug-in that helps companies make decisions by connecting marketing and sales data together.

Privacy Policy

Formisimo.com

 

  • formisimosession

 

Formisimo is a web analytics tool that helps Web site owners understand how their visitors interact with forms. Formisimo collects aggregated anonymous information and it reports Web site trends without identifying individual Visitors. Formisimo uses a single cookie within a session to determine how Visitors progress through a form. The cookie will expire when a Visitor closes their browser window.

Privacy Policy

New Relic Inc.

 

  • JSESSIONID

 

The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. The cookie value is generated by Jetty. JSESSIONID is a session cookie that is deleted when the browser closes.

Privacy Policy

Targeting or Advertising Cookies

Targeting and Advertising Cookies are used for marketing purposes.

Okta uses targeting and advertising cookies for marketing purposes, but only with respect to our public-facing Web sites, and not with respect to our production environment Service.  You may opt out of behaviorally-targeted ads anytime by deleting your browser's cookies. You can also prevent some targeted ads by submitting opt outs to these companies: http://preferences-mgr.truste.com/

Additionally, You may opt out of cookies from targeting or advertising services here: http://www.youronlinechoices.com/uk/your-ad-choices

Cookies

Name

Purpose

Cookies/Privacy Policy Link

Okta

 

  • _okta_trk
  • _okta_dom
  • _okta_cvent

These cookies allow Okta to deliver different content based on your Visitor status and provide extra functionality.

Privacy Policy

AdRoll (Semantic Sugar)

 

  • _arV4

AdRoll provides interest-based advertisements to show our ads on other Web sites. The technology to do this is made possible by cookies and as such we may place a so called “remarketing cookie” during your visit. The whole process is entirely anonymous. Opt Out

Privacy Policy

DoubleClick by Google

 

  • id

 

DoubleClick uses cookies to improve advertising. Some common applications are to target advertising based on what’s relevant to a Visitor, to improve reporting on campaign performance, and to avoid showing ads the Visitor has already seen. DoubleClick cookies contain no Personal  Information. Sometimes the cookie contains an additional identifier that is similar in appearance to the cookie ID. This identifier is used to identify an ad campaign to which a Visitor was exposed previously; but no Personal Information is stored by DoubleClick in the cookie. Opt Out

Privacy Policy

Third Party Services

We use some third-party services. These third-party services may place cookies on Your device to gather, for example, usage information and session preferences. We do not have control over the cookies these third-party services may set in order to make their service run properly or the cookies they may set to collect usage data and preferences.

Cookies

Name

Purpose

Cookies/Privacy Policy Link

Vimeo (player)

 

Vimeo sets a number of cookies on any page that embeds a Vimeo video. While we have no control over these cookies, they may include a mixture of pieces of information to measure the number and behavior of Vimeo viewers, to hold information about current viewing video settings as well as a personal identification token, if you are logged into Vimeo.

Privacy Policy

Google Inc. (maps)

 

  • _biz_acctSettingsA
  • _biz_ctA
  • _biz_EventA
  • _biz_frmA
  • _biz_nA
  • _biz_PendingA
  • _biz_sid
  • _biz_uid

 

Google sets a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they may include a mixture of pieces of information to measure the number and behavior of Google Maps users. Opt Out

Privacy Policy

IP2Location

 

  • ip2l

 

IP2Location is a geo IP solution to help Web developers identify a Visitor's geographical location – i.e., country, region, city, latitude, longitude, ZIP code, time zone, connection speed, ISP and domain name, IDD country code, area code, weather station code and name, using a proprietary IP address lookup database and technology.

Privacy Policy

MaxMind

 

  • ip2l_c

 

MaxMind uses GeoIP intelligence to deliver services including content personalization, ad targeting, traffic analysis, digital rights management.

Privacy Policy

caniuse.com

 

 

"Can I use" provides up-to-date browser support tables for support of front-end web technologies on desktop and mobile web browsers. This widget may set Google Analytics cookies to track usage.

 

influitive

 

  • _influitive_app_session

 

Influitive AdvocateAnywhere cookies are used to track the current Visitor submitting challenge responses to AdvocateHub. It does not record any information about a Visitor's browser or location. The cookie is used to track when a member of the hub completes a challenge. If the Visitor returns to the Web site, the service will have retained data indicating  what challenges were previously completed. No Personal Information is tracked unless a Visitor inputs their name and email address when completing a challenge.

Privacy Policy

Social Sharing

Our Web sites include social media features, such as the Facebook “Like” button, the LinkedIn button, Twitter button, and the “Share This” widget. These features may collect Your IP address and information regarding the page(s) that You are visiting on Okta’s Web sites, and may set a cookie to enable the feature at issue to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Web sites. Your interactions with a particular  feature are governed by the applicable privacy policy of the company providing such feature.

Cookies

Name

Purpose

Cookies/Privacy Policy Link

Twitter

 

  • guest_id

We use Twitter share buttons on this Web site. Twitter may use cookies to better understand how you interact with their services, to monitor aggregate usage by Twitter users and web traffic routing to their services. You can remove or block cookies using the settings in your browser, but in some cases, this may impact your ability to use Twitter.

Privacy Policy

LinkedIn

 

  • bscookie

Some of our pages use sharing buttons or other features from LinkedIn, a social media network. LinkedIn may set cookies for this service.

Privacy Policy

Opt Out of All Cookies

Below are instructions on how to opt out of all cookies via Your web browser. Please note this will impact all Web sites you frequent and not just www.okta.com.

Chrome: Opt Out

Explorer: Opt Out

Firefox: Opt Out

Safari: Opt Out

Other browsers: Please refer to your browser options for further information.

Use of Information Collected

Okta may occasionally run contests or other special promotions on the Web sites, in which Visitors are invited to participate, and in connection with such activities, Okta may ask Visitors to submit contact information (for example, an e-mail address) or demographic information (for example, their zip code, employing industry, or country of residence). Okta may use the data collected in these contests and promotions to send promotional material about Okta or our partners to the Visitor who submitted such information. Contact information collected from these contests and promotions may be used to administer the contest and notify winners and contact Visitors when necessary.

Except as described in the Privacy Statement, Okta will not give, sell, rent, or loan any identifiable Personal Information to any third party, without either a Visitor’s prior consent or another legal basis. Okta may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise its legal rights or defend against legal claims. Okta may also share such information if the Company believes it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Okta’s terms of service or other, related contract terms, or as otherwise required by law. Okta may also provide non-personal, summary or group statistics about Okta’s Customers, sales, traffic patterns, and related Service information to reputable third-party vendors, but such statistical data will not include Personal Information.

If Okta is involved in a merger, acquisition, or sale of all or a portion of its assets, Visitors will be notified via a prominent notice on Okta’s Web site of any change in ownership or uses of Personal Information, as well as any choices Visitors may have regarding their Personal Information.

We work with a global network of partners who provide consulting, implementation, training and other services around our Service.  Some of these partners also help us to market and promote our Service, generate information about prospective customers for us, and resell subscriptions to our Service.  We may receive information from these partners, such as billing information, technical contact information, company name, what Okta Service editions You have purchased subscriptions for, or may be interested in, evaluation information You have provided, what events You have attended, and what country You are in.

How We use the information we collect depends in part on which Service a Customer uses, how the Customer uses the Service, and any preferences a Customer may have communicated to us.  Below are the specific purposes for which We use the information We collect.

Provision of the Service

To provide the Service and personalize Customers’ experience, We use information about our Customers and their users to provide the Service to them, including to process transactions with Customers, authenticate users when users log in, provide support to Customers, and operate and maintain the Service.  For example, We use the name and identifying information that Customers provide to the Service in order to help keep the Service secure. Our Service also includes features that personalize Customers’ users’ experience, enhance users’ productivity, and improve users’ ability to collaborate effectively.  

Improvement of the Service

We are always looking for ways to make Our Service smarter, faster, secure, integrated, and useful to Customers.  We use collective learnings about how people use Our Service and feedback provided directly to Okta to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Service.  For example, We examine aggregated usage patterns of Our Customers to determine which third-party applications that integrate with Our Service are most frequently used by Customers, in order to ensure that the Service performs as well as possible. In some cases, We apply these learnings across the Service editions to improve and develop similar features or to better facilitate the interoperability of the third-party applications that Customers use with the Service. We also may test and analyze certain new features with some users before making those feature available to all users.  

Security of the Service

For security purposes, We use information about Customers and their use of the Service to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies, and to assist Customers in their monitoring of such suspicious or fraudulent activity.

Our Legitimate Interests

To protect Our legitimate business interests and legal rights, and where required by law or where We believe it is necessary to protect our legal rights, interests and the interests of others, We use information about You in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.  

Your Consent

With Your consent, We use information about You where You have given us consent to do so for a specific purpose not listed above.  For example, We may publish testimonials or featured Customer stories to promote the Service, with Your permission.  

Legal Bases for Processing (for EEA Users)

If You are an individual in the European Economic Area (EEA), We collect and process information about You only where we have a legal basis or bases for doing so under applicable EU laws.  The legal bases depend on the Service edition(s) that You use and how you use them, and/or how You interact with the Web site(s), and/or whether You have a business relationship (for example, if You are an employee) with an Okta Customer or prospective Customer. This means We collect and use Your Personal Information only where:

  • We need it to provide You the Service, including to operate the Service, provide Customer support and personalized features and to protect the safety and security of the Service;
  •  
  • It satisfies a legitimate interest (which is not overridden by Your data protection interests, in Okta’s assessment after Okta’s analysis in compliance with applicable data protection laws), such as for research and development, to market and promote the Service and provide information to Customers and prospective Customers in such regard, and to protect Our legal rights and interests;
  •  
  • You give Us consent to do so for a specific purpose; or
  •  
  • We need to process Your Personal Information to comply with a legal obligation.

 

Protection of Information

Okta’s Web sites offer publicly-accessible blogs and community forums. Any information provided in these areas may be read, collected, and used by others who access them.

The security of Okta’s and Our third party providers’ infrastructure is a critical priority for Okta, and We implement safeguards designed to protect Your data, including Personal Information.  However, no security system is impenetrable, and due to the inherent nature of the Internet, We cannot guarantee that data, including Personal Information, during transmission through the Internet or while stored on Our systems or otherwise in Our care, is absolutely safe from intrusion or other unauthorized access by others.

Okta’s Web sites includes social media features, such as the Facebook and Twitter buttons, and certain widgets, such as the “share this” button or interactive mini-programs that run on the Web site. These features may collect a Visitor’s IP address, data regarding the page(s) each Visitor visits on the Web site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on Okta’s Web site. A Visitor’s interactions with these features are governed by the privacy policy of the company providing it. Okta has no direct relationship with the individuals whose Personal Information it processes.

Okta will retain Personal Information it processes on behalf of Visitors for as long as needed to provide Web site services to Visitors.  Okta will retain and use this Personal Information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Access to Personally Identifiable Information

Customers may update their Personal Information by editing their users’ information in the Service. If you're a Visitor and Your Personal Information changes, or if You no longer desire to receive information about Okta’s Service, You may have Your Personal Information updated or removed from Okta’s records by emailing [email protected] or by contacting Us by telephone or postal mail at the contact information listed below.

We will respond to your request within 30 days.

What Choices Do I Have?

  • You can always opt not to disclose information, even though it may be needed to take advantage of or register for certain features of the Service or other content made available via the Web sites.
  • You may request deletion of Your Okta account by sending an e-mail to [email protected].
  • If You do not wish to receive email or other mail from Us, please indicate this preference during the registration process, by changing Your account settings, following the unsubscribe mechanism within the message or by notifying Us at [email protected]. Please note that if You do not want to receive legal notices from Us, such as this Privacy Statement, those legal notices will still govern Your use of the Web sites, and You are responsible for reviewing such legal notices for changes.

Customer Testimonials, Comments, & Reviews

We may post Customer testimonials, comments, and reviews on our Web sites, which may contain Personal Information. We do obtain the Customer's consent via email prior to posting the testimonial, in order to be able to post their name along with their testimonial. If You wish to update or delete Your testimonial, you can contact us at [email protected].

Public Forums

Our Web sites offer publicly accessible blogs or community forums. You should be aware that any information You provide in these areas may be read, collected, and used by others who access them. To request removal of Your Personal Information from Okta’s blog or community forum, contact Us at [email protected]. In some cases, We may not be able to remove Your Personal Information, in which case We will let You know if We are unable to do so and why.

Information Collected on Behalf of our Customers using the Service

Okta collects information under the direction of its Customers and has no direct relationship with the individual users (who are employees or agents of Customers, or third parties with whom a Customer does business) whose personal data it processes. Okta works with its Customers to help them provide notice to their employees concerning the purpose for which Personal Information is collected.

We collect information for Our Customers. If You are an employee of, or a user who has been assigned a subscription to the Okta Service by, one of Our Customers and would no longer like to use Okta's Service, please contact that Customer directly. Okta may transfer Personal Information to companies that help us provide the Service. Transfers to subsequent third parties are covered by: (1) the provisions in this Privacy Statement regarding notice and choice, and (2) the applicable agreement Okta has with our Customer that governs such Customer’s use of the Service.

Okta has no direct relationship with the individuals whose Personal Information it processes in its provision of the Service. Any such individual who seeks access to, or who seeks to correct, amend, or delete, inaccurate data, or who seeks to exercise any other right(s) they may have as a data subject, should direct their query to the Okta Customer (the data controller) that assigned such individual a subscription to the Service. If the Customer requests that Okta remove the Personal Information  to comply with data protection regulations, We will respond to their request within 30 business days.

Okta will retain Personal Information that We process on behalf of Customers for as long as needed to provide the Service to the Customer. Okta will retain and use this Personal Information as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements.  Such retention and use conforms to the timeframes set forth in the relevant agreements with Our Customers.

The security of data, which may include Personal Information, that is submitted by Customers to the Okta Service (“Customer Data”), is very important to Okta. We maintain a comprehensive, written information security program that contains industry-standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Customer Data. Okta designs its Service to allow Customers to achieve differentiated security configurations, enforce user access controls, and manage data categories.  Configuring these settings appropriately is the Customer’s responsibility. Additional information about the security settings and configurations can be found in the documentation related to the Okta Service made available to Customers.

By way of example, Personal Information contained in Customer Data can include first name, last name, email address, and mobile phone number.

If You install and use the Okta Mobile application (either the Android or iOS version) and are enrolled in the Okta Mobility Management program, You will grant Your company’s administrator the ability to manage Your user devices.  By using the Okta Mobile app, You understand and agree that You grant permission to Your company’s administrator, so that s/he may perform some or all of the following actions, as may be required: 

1.     Set passcode policies for the device in order to secure company data, including:

  •        Passcode required;
  •        Minimum passcode length;
  •        Require letter in passcode;
  •        Require symbol in passcode;
  •        Passcode expiration and history;
  •        Failed attempts before device/work profile is wiped;
  •        Lock device after X minutes of user inactivity;

2.     Clear the device passcode in cases when You have forgotten the passcode;
3.     Reset the device passcode in cases when You have forgotten the passcode;
4.     Lock the device when You have lost the device;
5.     Wipe all device data from a lost or stolen device;
6.     Wipe company data from a device, if You have left the company. 

Our Policy Towards Children

As an enterprise software company providing the Service to Customers, Our communications, business processes, and the Service itself are not directed to individuals under age 18.  We do not knowingly collect Personal Information from children under age 18. If We become aware that a child under age 18 has improperly provided Us with Personal Information, We will take steps to delete such information. If You become aware that a child has provided us with Personal Information, please contact Us.

Changes to Privacy Statement

Okta may amend or update this Privacy Statement from time to time. You can review the most current version of this Privacy Statement at any time at http://www.okta.com/privacy/. Use of information We collect is subject to the Privacy Statement in effect at the time such information is used. If we make material changes in the way we use Personal Information, We will notify you by posting an announcement on the Web sites or sending You an email prior to the change becoming effective. Your continued use of the Service following any such change constitutes Your agreement to be bound by such changes to the Privacy Statement. Your only remedy, if you do not accept the terms of this Privacy Statement, is to discontinue use of the Service.

Contact Us

Okta has appointed a Data Protection Officer responsible for overseeing the implementation of the privacy program across the Company.  If You have any questions about this Privacy Statement or Okta’s Web sites, please contact Us directly at: [email protected]. Written inquiries may be addressed to:

Okta, Inc.
Data Protection Officer
301 Brannan Street
San Francisco, CA 94107
(888) 722-7871

If You wish to contact Okta’s representative pursuant to Article 27 of the General Data Protection Regulation, inquiries may be directed to:

Okta UK LTD
ATTN: Legal, Article 27 GDPR Representative
20 Farringdon Road
ECIM 3HE 
London, United Kingdom

+44 020 3389 8779