Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Okta's Privacy Policy, which covers how Okta and its Auth0 product collect and use your personal information when you visit Okta's website, sign up for trials, attend events, or use Okta's identity and access management services. The most important thing to know is that Okta collects a broad range of data including your name, email, company information, device identifiers, and behavioral data, and shares it with advertising partners and third-party service providers, which means your browsing and product interactions may be used for targeted marketing. If you are a California resident or EU/UK user, you have specific rights to access, delete, or opt out of certain data uses, which you can exercise by contacting Okta's privacy team at privacy@okta.com.
This document is Okta's Privacy Policy governing the collection, use, sharing, and retention of personal data by Okta, Inc. and its subsidiaries including Auth0, across Okta's websites, marketing activities, and customer-facing identity platforms; the stated legal bases for processing include contractual necessity, legitimate interests, consent, and compliance with legal obligations. The policy states that Okta collects personal data including identifiers, usage data, device and log data, and professional information, and the terms authorize sharing this data with service providers, business partners, advertising networks, and in connection with corporate transactions such as mergers or acquisitions. Notably, the policy covers both Okta's own website visitor data and its role as a data processor for enterprise customers deploying Okta or Auth0 products, creating a layered data relationship where end users of enterprise deployments are governed by their employer's or developer's privacy terms rather than this policy directly; the practical scope of Okta's data controller role versus processor role may require independent evaluation depending on the specific product context. The policy engages GDPR and UK GDPR for EU and UK residents, CCPA and CPRA for California residents, and other applicable global privacy frameworks; material compliance considerations include the adequacy of disclosed cross-border data transfer mechanisms, the granularity of consent for marketing and analytics cookies, and the clarity of data subject rights procedures for individuals accessing Okta or Auth0 services through enterprise deployments.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trial1 important change detected
2 versions captured · Last updated: May 2026
Monitoring
Auth0 has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Product Data Carve-Out and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.