Auth0 · Auth0 Privacy Policy · View original document ↗

Data Subject Rights (GDPR and CCPA)

Medium severity Rare · 3 of 325 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Auth0 Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

If you live in the EU, UK, or California, you have legal rights to see, fix, delete, or get a copy of your personal data that Okta holds, and Okta cannot penalize you for exercising these rights.

This analysis describes what Auth0's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision grants meaningful legal rights to EU, UK, and California users to control their personal data held by Okta, including the right to request deletion of marketing profiles and opt out of behavioral advertising.

Consumer impact (what this means for users)

EU/UK residents can invoke GDPR rights including erasure (Art. 17) and portability (Art. 20), while California residents can request deletion of personal information and opt out of data sharing under CPRA — these are enforceable legal rights, not merely policy commitments.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Navigate to Okta's privacy policy page, locate the privacy rights request form link, select the type of request (access, deletion, correction, or portability), and submit with identity verification as prompted.
  • Export Your Data
    Use the same privacy rights request form to submit a data portability request; Okta must respond within 45 days (CCPA) or 30 days (GDPR).

How other platforms handle this

Runway Medium

In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...

ADP Medium

If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...

TransUnion Medium

Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...

See all platforms with this clause type →

Monitoring

Auth0 has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Depending on your location, you may have the right to access, correct, delete, or receive a copy of your personal data, the right to restrict or object to certain processing, the right to opt out of the sale or sharing of your personal information, and the right to non-discrimination for exercising your privacy rights. To exercise these rights, please submit a request through our privacy request form.

— Excerpt from Auth0's Auth0 Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: This provision directly implements GDPR Arts. 15-22 (data subject rights: access, rectification, erasure, restriction, portability, objection), UK GDPR equivalent provisions, and CCPA/CPRA §§1798.100, 1798.105, 1798.106, 1798.110, 1798.115, 1798.120, and 1798.125 (non-discrimination). Enforcement by Irish DPC, UK ICO, EU supervisory authorities, California AG, and CPPA. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    Failure to honor stated data subject rights constitutes an unfair or deceptive practice under FTC Act Section 5.
    File a complaint →
  • State AG
    California AG and CPPA enforce CCPA/CPRA data subject rights including access, deletion, and opt-out obligations.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Colorado AI Act
US-CO
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
Auth0 Privacy Policy
Entity
Auth0
Document last updated
May 5, 2026
Tracking information
First tracked
May 8, 2026
Last verified
May 8, 2026
Record ID
CA-P-006478
Document ID
CA-D-00692
Evidence Provenance
Source URL
https://auth0.com/privacy
Wayback Machine
View archived versions →
Content hash (SHA-256)
7467489294b6c3e5c585c1af9eb1550923af12e0ef92ef4d9ba87e44b4a4fce5
Analysis generated
May 8, 2026 10:38 UTC
Methodology
summarize_document-v7
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Auth0
Document: Auth0 Privacy Policy
Record ID: CA-P-006478
Captured: 2026-05-08 10:38:18 UTC
SHA-256: 7467489294b6c3e5…
URL: https://conductatlas.com/platform/auth0/auth0-privacy-policy/data-subject-rights-gdpr-and-ccpa/
Accessed: May 13, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories
Privacy rights

Other risks in this policy

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Auth0's Data Subject Rights (GDPR and CCPA) clause do?

This provision grants meaningful legal rights to EU, UK, and California users to control their personal data held by Okta, including the right to request deletion of marketing profiles and opt out of behavioral advertising.

How does this clause affect you?

EU/UK residents can invoke GDPR rights including erasure (Art. 17) and portability (Art. 20), while California residents can request deletion of personal information and opt out of data sharing under CPRA — these are enforceable legal rights, not merely policy commitments.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.

Is ConductAtlas affiliated with Auth0?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Auth0.