Effective Date: June 25, 2015
Okta, Inc. ("Us," "We," "Our," "Okta," or the "Company") is committed to protecting the privacy of your information. This Privacy Statement describes Okta's web application privacy practices.
Okta complies with the U.S. â E.U. Safe Harbor Framework and the U.S. â Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Okta has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Okta's certification, please visit http://www.export.gov/safeharbor/.
Web Sites Covered
Okta's web application may contain links to other Web sites. Okta is not responsible for the information practices or the content of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.
Information Collected by Okta
Okta's web application and services are collectively referred to as the Services. Okta collects information from individuals (Users) whose employer has elected to use the Services (Customers). Okta does not use any information of its users within the Service for marketing purposes.
Personal Information You Provided to Us. Okta receives and stores any information you entered when registering and using the Services, or provided to Okta as a means to populate the Services with Customer data. For example, when registering to use the Services on our website, Okta may require you to provide personal contact information, such as name, company name, address, phone number, email address, and any other information necessary for us to provide you with access to the various aspects of the Services (collectively "Personal Information"). Customers can choose not to provide Okta with certain information, but then they may not be able to take advantage of many of the Services features. The Personal Information you provided is used for such purposes as answering Customers questions, improving the Services, customizing the Services features, and communicating with the Customers about Okta's Services updates.
Personal Information Collected Automatically. As Customers navigate or interact with Okta's Services, Okta may also automatically collect information through the use of commonly-used information-gathering tools, such as cookies.
If a Customer choses to identify themselves to Okta, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify them. Each time a Customer logs into the Services, a session cookie containing an encrypted, unique identifier that is tied to the Customer account and is placed in the browser. These session cookies allow the Company to uniquely identify the Customer when logged into the Services and to process online transactions and requests. Session cookies are required to use many features of the Services.
Okta also uses an opt-in persistent cookie to remember a Customer's username. This opt-in persistent cookie allows the Customer to log into the Okta Services without entering their username every time they use the Services.
Most browsers have an option for turning off cookies, which will prevent their browser from accepting new cookies, as well as (depending on the sophistication of the browser software) allowing the Customer to decide on acceptance of each new cookie in a variety of ways. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.
IP Addresses and Browser Information
When a Customer visits or use the Services, the Company collects their Internet Protocol ("IP") addresses, browser information, operating system and date/time stamp to track and aggregate non-personal information. For example, Okta uses IP addresses to monitor the regions from which Users navigate the Company's website.
Use of Information Collected
Okta collects IP addresses from Users when they log into the Services as part of the Company's "Identity Confirmation" and "IP Range Restrictions" security features. Okta may use the collected Personal Information and other information Okta collects about the use of the Services to operate and make the Services available; for billing, identification and authentication; to send updates about Okta and its products; to contact the Customer about usage of the Services; for research purposes, and to generally improve the content and functionality of the Services and website.
Okta may also transmit or share Personal Information with its third party vendors and hosting partners (collectively providers) to provide the necessary hardware, software, networking, storage, and other technology and services required to operate and maintain the Services, which may require that Personal Information be transferred from its current location to the offices and servers of Okta and the authorized third parties referred to in this paragraph. Unless informed differently, Okta's agents and Services providers do not have any right to use Personal Information shared with them beyond what is necessary to assist Okta. Customers consent to Okta's sharing of Personal Information for the above purposes.
Except as described in the policy, Okta will not give, sell, rent, or loan any identifiable Personal Information to any third party, without a Customer's prior consent. Okta may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise their legal rights or defend against legal claims. Okta may also share such information if they believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Services, or as otherwise required by law. Okta may also provide non-personal, summary or group statistics about our customers, sales, traffic patterns, and related Services information to reputable third-party vendors, but these statistics will include no Personal Information.
If Okta is involved in a merger, acquisition, or sale of all or a portion of its assets, customers will be notified via email and/or a prominent notice on Okta's website of any change in ownership or uses of personal information, as well as any choices a Customer may have regarding their personal information.
Protection of Information
Personal Information entered in to the Services is protected at a minimum by a username and password for a Customer's privacy and security. A Customer needs to ensure that there is no unauthorized access to thwir account and Personal Information by selecting and protecting their credentials appropriately and limiting access to their computer (or other device) and browser by signing off after they have finished accessing their account.
The security of Customer's Personal Information is important to Okta. When a Customer enters sensitive information, Okta encrypts the transmission of that information using secure socket layer technology (SSL).
Okta maintains reasonable security measures to protect a Customer's information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that data is safe, secure, and only available to a Customer and to those which a Customer provided authorized access. However, no data transmission over the Internet or information storage technology is 100% secure; and Okta cannot guarantee the security of user account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
The Services may contain links to other sites. Okta is not responsible for the privacy policies and/or practices on other sites.
Customer may update their Personal Information by editing their user information in the Services. If you're a customer and their Personal Information changes, or if they no longer desire information on our Services, Customers may have their Personal Information updated or removed from our records by emailing email@example.com or by contacting us by telephone or postal mail at the contact information listed on Okta's website (www.okta.com).
Okta collects information under the direction of its Customers and has no direct relationship with the individual users/employees whose personal data it processes. Okta works with its Customers to help them provide notice to their employees concerning the purpose for which personal information is collected.
Okta may transfer Personal Information to companies that help them provide their Services. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the Services agreements with Customers.
Okta will retain Personal Information they process on behalf of Customers for as long as needed to provide services to Customers. Okta will retain and use this Personal Information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
Access to Personally Identifiable Information
Users may update their Personal Information by editing their user information in the Service. If you're a Visitor and your Personal Information changes, or if you no longer desire information on our Service, you may have your Personal Information updated or removed from our records by emailing firstname.lastname@example.org or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request within 30 days.
What Choices Do I Have?
- As stated previously, you can always opt not to disclose information, even though it may be needed to take advantage of or register for certain features of the Services.
- You may request deletion of your Okta account by sending an e-mail to email@example.com.
Information Collected on Behalf of our Customers using the Service
Okta collects information under the direction of its customers and has no direct relationship with the individual Users/employees whose personal data it processes. Okta works with its customers to help them provide notice to their employees concerning the purpose for which personal information is collected.
We collect information for our customers. If you are an employee of one of our customers and would no longer like to use Okta's service, please contact your Employer directly. Okta may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers.
Okta has no direct relationship with the individuals whose Personal Information it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to their Employer. If the Employer/ Okta's Customer requests that Okta remove the data, we will respond to their request within 30 business days.
Okta will retain Personal Information we process on behalf of our customers for as long as needed to provide services to our customer. Okta will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Written inquiries may be addressed to:
Chief Security Officer,
301 Brannan Street, Suite 300
San Francisco, CA 94107