Effective Date: November 27, 2023

Posted Date: November 27, 2023

I. Introduction

At Okta, data privacy is important to us. This Okta Privacy Policy (“Privacy Policy”) details our privacy practices for the activities described in this Privacy Policy. Please take the time to read this Privacy Policy carefully in order to understand how we collect, share, and otherwise process information relating to individuals (“Personal Data”), and to learn about your rights and choices regarding our processing of your Personal Data.

If you are a California resident, please review the section of this Privacy Policy for California residents.

In this Privacy Policy, “Okta,” “we,” “our,” and “us” each mean Okta, Inc. and the applicable Okta affiliate(s) involved in the processing activity. The addresses of our offices, where Okta, Inc. and our affiliates are located, can be found at http://qczeih.zyluck.net/contact.

Auth0, LLC is a subsidiary of Okta. Any references to Customer Identity Cloud are inclusive of Auth0 by Okta.

II. Okta’s Roles & Responsibilities

Okta is the controller of your Personal Data, as described in this Privacy Policy, unless otherwise stated.  Please note that this Privacy Policy does not apply to the extent that we process Personal Data in the role of a processor (or a comparable role such as a “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers various cloud products and services, through which our customers (and/or their affiliates) connect their own websites and applications to our hosted platform (including our Auth0 by Okta-branded services), sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Data via our cloud products and services.

Each of our customers, not Okta, controls whether they provide you with an account or other access to the Okta identity cloud service through their subscription, and if they provide you with such accounts or other access through their subscription, they control what information about you that they submit to our service. This content may include contact information (such as your first and last name, email address, and phone number), professional information (such as the department you work for at your place of employment), or other types of information that a customer chooses to submit. Use of this content by Okta is governed by agreements between Okta and the Customer.

For detailed privacy information applicable to situations where an Okta customer (and/or a customer affiliate) who uses Okta’s cloud products and services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy. If not stated otherwise either in this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a processor or service provider on behalf of a customer (and/or its affiliates), who is the responsible controller of the applicable Personal Data.

If your Personal Data has been submitted to us by or on behalf of an Okta customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the Okta customer who submitted your Personal Data to us. If we are able to verify the Okta customer, we will refer your request to that customer and support them as needed in responding to your request within a reasonable timeframe.

Additional information and safeguards regarding Okta’s data protection obligations (including for international transfers) to our customers are set forth in our subscription agreement form and related documents, including our Trust & Compliance Documentation, all of which are available online at http://qczeih.zyluck.net/agreements.

III. Personal Data We Collect and Data Sources

Covered Data Processing Activities

This Privacy Policy applies to the processing of Personal Data that we collect in the following ways, as detailed in this section.

We collect information about you when you provide it to us, when you interact with our products and services, websites and electronic systems, when you attend events and visit our offices, and when other sources provide it to us, as further described below.

Information you provide to us

Based on our current practices (and including our practices over the last 12 months), we collect the following categories of information about you:

Contact and Professional Data. We collect contact and/or professional data about you in person, through communications, including communications from you or your colleagues, and through our websites. For example, you provide your contact and professional information to us when you sign up to learn more about Okta’s products and services, download content, register for an event, and visit our offices. If you attend an event, we may also receive contact and professional details about you when you choose to scan your attendee badge or by providing a business card or other method(s) whereby you share Personal Data with us. Typically, contact data includes your name and contact methods, such as telephone number, email address, and office or other mailing address, and professional data includes details such as the organization you are affiliated with, your job title, and industry.

Administrator Data. When you sign up for an account to try Okta, subscribe to any Okta service via Okta or another entity (such as a marketplace or authorized reseller), have the ability to submit a support request, or are designated an administrator of any part of the Okta Service, then information is provided to us about you (“Administrator Data”). Administrator Data usually includes your name, email address, phone number, address, billing information, business contact information, credentials information (including Okta training and credentials), subscription and service configurations you select, and other details you may provide to us about you or include in your profiles in Okta communities and other support portals. We may also receive any Personal Data you share via tooling used to provide support, e.g., videoconferencing or other communication methods you participate in.

Biographical, Community, and Support Data. We may also collect various types of biographical, community, and support Personal Data from you via our help center and community support forums. For example, if you register for an online community that we host, we may ask you to provide a username, photo and/or biographical information, such as your occupation, organization name and areas of expertise. Additionally, you may provide Personal Data to us when you create user-generated content (for example, by posting in a forum), provide Okta with feedback, or when you participate in interactive features, trainings, online surveys, contests, promotions, sweepstakes, activities, or events. Okta may receive Personal Data and Administrator Data in connection with an administrator's request for support for the Okta service.

Job Applicant Data. We collect contact and professional information, including your resume with educational and work background, that you provide when you apply for a job with Okta. We may also collect sensitive information, like your Social Security Number or other government identifier, criminal history information, racial or ethnic origin, or other such Personal Data that you provide in connection with your job application.

Contract and Payment Data. We may receive contract details (like signatures) from you or your organization and use payment processing services to collect payment and billing information, which may contain Personal Data such as billing name, billing address and payment card details, in connection with some of our products and services.

Audio, Electronic, or Visual Data. If you attend an Okta in-person or virtual event or agree to be recorded in a telephone or video meeting, we may record some or all of that event or meeting. For events, we may document the event in various ways, such as by taking photos at the event, interviewing you at the event, or recording your participation in a live question-and-answer or other interactive session. We use this information for business and marketing purposes to better inform the public about Okta, its events, and provide testimonials about our products and services, to the extent permitted by applicable law.

Consumer Products. If you use consumer products made available by Okta (“Okta Consumer Products”), then we may receive various types of information and content from you that you choose to share, including contact information (such as your first and last name, email address, and phone number), additional multi-factor authentication factor setup details, content you upload (such as identification or other documentation), and information regarding the websites and applications that you visit and use through Okta Consumer Products for authentication. We also receive Ancillary Data, including device data, Usage Data, and metadata, as described below for the purposes described below.

Depending on your jurisdiction, if we collect sensitive data from you, we will do so by providing you with additional notice or confirming your consent upon collection, if required by applicable law.

Personal Data We Collect From Other Sources

In the course of doing business (and over the 12 months preceding the effective date of this Privacy Policy), we receive Personal Data and other information from other third parties for our business or commercial purposes. This information varies and typically falls into a few categories:

  • Business contact information (such as name, job title, business email, phone number, and address), social profile (such as LinkedIn or XING) including other details about your organization for sales and marketing purposes, to better inform you about Okta products and services;
  • Third-party platform usernames and identifying information;
  • Details about you as a job candidate (which may include your name, resume, educational and work history, criminal history information, and feedback) as permitted under law; and
  • Data used for security purposes to protect our products and services.

We receive business contact information that contains Personal Data for commercial purposes, including details about your organization from third parties for marketing and business intelligence, such as analyzing business opportunities, identifying and communicating with potential customers, and providing our audience with more relevant content and advertising. Typically, and subject to applicable laws, we receive this information about you from a few sources, such as: (i) third-party marketing initiatives, such as events where we are a sponsor, or website forms hosted by third parties that may provide content about us; (ii) instances when you consent to having your attendee badge scanned at an event hosted by us or another entity; (iii) companies, such as information aggregators and similar entities, from whom we have licensed business contact information; (iv) referrals; or (v) resellers and channel partners, including those that offer joint marketing services. In some situations, we may combine such business contact information with other non-personal and Personal Data we possess or that you have provided to us. For example, we may combine business contact details with details about your organization, such as its address or revenue range, and analyze this information for business opportunities or use this to send you tailored content.

We also receive Personal Data to help with threat intelligence and to protect the safety and security of our service and our customers’ applications, such as breached website credentials from other entities. We use this Personal Data for various purposes, such as for security and fraud detection purposes and to enable our customers to configure the settings within the Okta products