Effective Date: January 1, 2023
Posted Date: December 19, 2022
I. Introduction
At Okta, data privacy is important to us. This Okta Privacy Policy (“Privacy Policy”) details our privacy practices for the activities described in this Privacy Policy. Please take the time to read this Privacy Policy carefully in order to understand how we collect, share, and otherwise process information relating to individuals (“Personal Data”), and to learn about your rights and choices regarding our processing of your Personal Data.
If you are a California resident, please review the section of this Privacy Policy for California residents.
In this Privacy Policy, “Okta,” “we,” “our,” and “us” each mean Okta, Inc. and the applicable Okta affiliate(s) involved in the processing activity. The addresses of our offices, where Okta, Inc. and our affiliates are located, can be found at https://www.okta.com/contact.
Auth0, Inc. is a subsidiary of Okta.
II. Okta’s Roles & Responsibilities
Okta is the controller of your Personal Data, as described in this Privacy Policy, unless otherwise stated. Please note that this Privacy Policy does not apply to the extent that we process Personal Data in the role of a processor (or a comparable role such as a “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers various cloud products and services, through which our customers (and/or their affiliates) connect their own websites and applications to our hosted platform (including our Auth0-branded services), sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Data via our cloud products and services.
Each of our customers, not Okta, controls whether they provide you with an account or other access to the Okta identity cloud service through their subscription, and if they provide you with such accounts or other access through their subscription, they control what information about you that they submit to our service. This content may include contact information (such as your first and last name, email address, and phone number), professional information (such as the department you work for at your place of employment), or other types of information that a customer chooses to submit. Use of this content by Okta is governed by agreements between Okta and the Customer.
For detailed privacy information applicable to situations where an Okta customer (and/or a customer affiliate) who uses Okta’s cloud products and services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy. If not stated otherwise either in this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a processor or service provider on behalf of a customer (and/or its affiliates), who is the responsible controller of the applicable Personal Data.
If your Personal Data has been submitted to us by or on behalf of an Okta customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the Okta customer who submitted your Personal Data to us. If we are able to verify the Okta customer, we will refer your request to that customer and support them as needed in responding to your request within a reasonable timeframe.
Additional information and safeguards regarding Okta’s data protection obligations (including for international transfers) to our customers are set forth in our subscription agreement form and related documents, including our Trust & Compliance Documentation, all of which are available online at https://www.okta.com/agreements
III. Personal Data We Collect and Data Sources
Covered Data Processing Activities
This Privacy Policy applies to the processing of Personal Data that we collect in the following ways, as detailed in this section.
We collect information about you when you provide it to us, when you interact with our websites and electronic systems, when you attend events and visit our offices, and when other sources provide it to us, as further described below.
Information you provide to us
Based on our current practices (and including our practices over the last 12 months), we collect the following categories of information about you:
Contact and Professional Data: We collect contact and/or professional data about you in person, through communications, including communications from you or your colleagues, and through our websites. For example, you provide your contact and professional information to us when you sign up to learn more about Okta’s products and services, download content, register for an event, and visit our offices. If you attend an event, we may also receive contact and professional details about you when you choose to scan your attendee badge or by providing a business card or other method(s) whereby you share Personal Data with us. Typically, contact data includes your name and contact methods, such as telephone number, email address, and office or other mailing address, and professional data includes details such as the organization you are affiliated with, your job title, and industry.
Administrator Data: When you sign up for an account to try Okta, subscribe to any Okta service via Okta or another entity (such as a marketplace or authorized reseller), have the ability to submit a support request, or are designated an administrator of any part of the Okta Service, then information is provided to us about you (“Administrator Data”). Administrator Data usually includes your name, email address, phone number, address, billing information, business contact information, credentials information (including Okta training and credentials), subscription and service configurations you select, and other details you may provide to us about you or include in your profiles in Okta communities and other support portals. We may also receive any Personal Data you share via tooling used to provide support, e.g., videoconferencing or other communication methods you participate in.
Biographical, Community, and Support Data: We may also collect various types of biographical, community, and support Personal Data from you via our help center and community support forums. For example, if you register for an online community that we host, we may ask you to provide a username, photo and/or biographical information, such as your occupation, organization name and areas of expertise. Additionally, you may provide Personal Data to us when you create user-genera