null

Privacy Policy

Effective Date: June 25, 2015

Introduction

Okta, Inc. ("Us," "We," "Our," "Okta," or the "Company") is committed to protecting the privacy of your information. This Privacy Statement describes Okta's web application privacy practices.

If you have questions or complaints regarding our privacy policy or practices, please contact us at info@okta.com. If you are not satisfied with our response, we have agreed to participate in the dispute resolution procedures of the panel established by the EU Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles, and to cooperate and comply with the Federal Data Protection and Information Commissioner of Switzerland.

Okta complies with the U.S. — E.U. Safe Harbor Framework and the U.S. — Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Okta has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Okta's certification, please visit http://www.export.gov/safeharbor/.

Web Sites Covered

Okta has established this Privacy Policy to help you to understand how Okta collects and uses personally identifiable information. This Privacy Policy covers the information practices of the web application that link to this Privacy Policy, https://[customer].okta.com.

Okta's web application may contain links to other Web sites. Okta is not responsible for the information practices or the content of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.

Information Collected by Okta

Okta is committed to protecting the privacy of its customers data and user information. Okta has established a privacy policy to help users understand how Okta collects and uses personal information within the Okta Single-Sign-On and Identity and Access Management Cloud Services, including our mobile applications.

Okta's web application and services are collectively referred to as the Services. Okta collects information from individuals (Users) whose employer has elected to use the Services (Customers). Okta does not use any information of its users within the Service for marketing purposes.

Personal Information You Provided to Us. Okta receives and stores any information you entered when registering and using the Services, or provided to Okta as a means to populate the Services with Customer data. For example, when registering to use the Services on our website, Okta may require you to provide personal contact information, such as name, company name, address, phone number, email address, and any other information necessary for us to provide you with access to the various aspects of the Services (collectively "Personal Information"). Customers can choose not to provide Okta with certain information, but then they may not be able to take advantage of many of the Services features. The Personal Information you provided is used for such purposes as answering Customers questions, improving the Services, customizing the Services features, and communicating with the Customers about Okta's Services updates.

Personal Information Collected Automatically. As Customers navigate or interact with Okta's Services, Okta may also automatically collect information through the use of commonly-used information-gathering tools, such as cookies.

  1. Tracking Technologies

    Okta uses cookies to make interactions with the Services easy and meaningful. When you visit or interact with the Services, Okta's servers send a cookie to their computer. Standing alone, cookies do not personally identify the Customer. They merely recognize their Web browser. Unless the Customer chooses to identify themselves to Okta, either by opening an account or filling out a Web form, Okta has no way to associate this cookie data with the Customers Personal Information.

    Okta uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from a Customer's computer upon log out of Okta's Services, close their browser software, or turn off their computer. Persistent cookies remain on a Customer's computer after closure of the browser or upon turn-off of the computer.

    If a Customer choses to identify themselves to Okta, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify them. Each time a Customer logs into the Services, a session cookie containing an encrypted, unique identifier that is tied to the Customer account and is placed in the browser. These session cookies allow the Company to uniquely identify the Customer when logged into the Services and to process online transactions and requests. Session cookies are required to use many features of the Services.

    Okta also uses an opt-in persistent cookie to remember a Customer's username. This opt-in persistent cookie allows the Customer to log into the Okta Services without entering their username every time they use the Services.

    Most browsers have an option for turning off cookies, which will prevent their browser from accepting new cookies, as well as (depending on the sophistication of the browser software) allowing the Customer to decide on acceptance of each new cookie in a variety of ways. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

    Okta's Services also connects Users to third party services, with whom Okta partners with to provide the Services and analyze trends. The use of cookies by our partners is not covered by Okta's privacy statement. Okta does not have access or control over these cookies. Okta's partners use session ID cookies to manage a User's connection to the partner's Services.

  2. IP Addresses and Browser Information

    When a Customer visits or use the Services, the Company collects their Internet Protocol ("IP") addresses, browser information, operating system and date/time stamp to track and aggregate non-personal information. For example, Okta uses IP addresses to monitor the regions from which Users navigate the Company's website.

Use of Information Collected

Okta collects IP addresses from Users when they log into the Services as part of the Company's "Identity Confirmation" and "IP Range Restrictions" security features. Okta may use the collected Personal Information and other information Okta collects about the use of the Services to operate and make the Services available; for billing, identification and authentication; to send updates about Okta and its products; to contact the Customer about usage of the Services; for research purposes, and to generally improve the content and functionality of the Services and website.

Okta may also transmit or share Personal Information with its third party vendors and hosting partners (collectively providers) to provide the necessary hardware, software, networking, storage, and other technology and services required to operate and maintain the Services, which may require that Personal Information be transferred from its current location to the offices and servers of Okta and the authorized third parties referred to in this paragraph. Unless informed differently, Okta's agents and Services providers do not have any right to use Personal Information shared with them beyond what is necessary to assist Okta. Customers consent to Okta's sharing of Personal Information for the above purposes.

Except as described in the policy, Okta will not give, sell, rent, or loan any identifiable Personal Information to any third party, without a Customer's prior consent. Okta may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise their legal rights or defend against legal claims. Okta may also share such information if they believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Services, or as otherwise required by law. Okta may also provide non-personal, summary or group statistics about our customers, sales, traffic patterns, and related Services information to reputable third-party vendors, but these statistics will include no Personal Information.

If Okta is involved in a merger, acquisition, or sale of all or a portion of its assets, customers will be notified via email and/or a prominent notice on Okta's website of any change in ownership or uses of personal information, as well as any choices a Customer may have regarding their personal information.

Protection of Information

Personal Information entered in to the Services is protected at a minimum by a username and password for a Customer's privacy and security. A Customer needs to ensure that there is no unauthorized access to thwir account and Personal Information by selecting and protecting their credentials appropriately and limiting access to their computer (or other device) and browser by signing off after they have finished accessing their account.

The security of Customer's Personal Information is important to Okta. When a Customer enters sensitive information, Okta encrypts the transmission of that information using secure socket layer technology (SSL).

Okta maintains reasonable security measures to protect a Customer's information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that data is safe, secure, and only available to a Customer and to those which a Customer provided authorized access. However, no data transmission over the Internet or information storage technology is 100% secure; and Okta cannot guarantee the security of user account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

The Services may contain links to other sites. Okta is not responsible for the privacy policies and/or practices on other sites.

Customer may update their Personal Information by editing their user information in the Services. If you're a customer and their Personal Information changes, or if they no longer desire information on our Services, Customers may have their Personal Information updated or removed from our records by emailing accounts@okta.com or by contacting us by telephone or postal mail at the contact information listed on Okta's website (www.okta.com).

Okta collects information under the direction of its Customers and has no direct relationship with the individual users/employees whose personal data it processes. Okta works with its Customers to help them provide notice to their employees concerning the purpose for which personal information is collected.

Okta may transfer Personal Information to companies that help them provide their Services. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the Services agreements with Customers.

Okta will retain Personal Information they process on behalf of Customers for as long as needed to provide services to Customers. Okta will retain and use this Personal Information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Okta may amend or update this policy from time to time. The most current version of this privacy policy at any time at https://[customer].okta.com/privacy. Use of information collected is subject to the Privacy Policy in effect at the time such information is used. If Okta makes material changes in the way they use Personal Information, they will notify Customers by posting an announcement on the website or sending an email prior to the change becoming effective. A Customers continued use of the Services following any such change constitutes agreement to be bound by such changes to the privacy policy. The only remedy, if a Customer does not accept the terms of this privacy policy, is to discontinue use of the Services.

Access to Personally Identifiable Information

Users may update their Personal Information by editing their user information in the Service. If you're a Visitor and your Personal Information changes, or if you no longer desire information on our Service, you may have your Personal Information updated or removed from our records by emailing accounts@okta.com or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request within 30 days.

What Choices Do I Have?

  • As stated previously, you can always opt not to disclose information, even though it may be needed to take advantage of or register for certain features of the Services.
  • You may request deletion of your Okta account by sending an e-mail to accounts@okta.com.
  • If you do not wish to receive email or other mail from us, please indicate this preference during the registration process, by changing your account settings, following the unsubscribe mechanism within the message or by notifying us at accounts@okta.com. Please note that if you do not want to receive legal notices from us, such as this Privacy Policy, those legal notices will still govern your use of the Website, and you are responsible for reviewing such legal notices for changes.

Information Collected on Behalf of our Customers using the Service

Okta collects information under the direction of its customers and has no direct relationship with the individual Users/employees whose personal data it processes. Okta works with its customers to help them provide notice to their employees concerning the purpose for which personal information is collected.

We collect information for our customers. If you are an employee of one of our customers and would no longer like to use Okta's service, please contact your Employer directly. Okta may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers.

Okta has no direct relationship with the individuals whose Personal Information it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to their Employer. If the Employer/ Okta's Customer requests that Okta remove the data, we will respond to their request within 30 business days.

Okta will retain Personal Information we process on behalf of our customers for as long as needed to provide services to our customer. Okta will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Changes to Privacy Policy

Okta may amend or update this policy from time to time. You can review the most current version of this privacy policy at any time at https://[customer].okta.com/privacy. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make material changes in the way we use Personal Information, we will notify you by posting an announcement on the Website or sending you an email prior to the change becoming effective. Your continued use of the Services following any such change constitutes your agreement to be bound by such changes to the privacy policy. Your only remedy, if you do not accept the terms of this privacy policy, is to discontinue use of the Services.

Contact Us

If you have any questions about this Privacy Policy or this Web site, please contact us directly at: info@okta.com.

Written inquiries may be addressed to:

Okta, Inc.,
Chief Security Officer,
301 Brannan Street, Suite 300
San Francisco, CA 94107

(888) 722-7871

2017.02-begin-75-ge8d0c732017-02-15T19:46:21 ok1-majorapp01c.aue1p.saasure.com0