This privacy policy only covers Okta's own website and marketing activities — if you log into an app using Okta or Auth0, your data there is handled under a separate agreement between Okta and that app's operator, not this policy.
This analysis describes what Auth0's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Millions of end users authenticate through Okta-powered systems daily, but their authentication and access data is explicitly excluded from this policy, limiting their ability to directly exercise privacy rights against Okta.
If your personal data — including login history, device information, and access logs — is processed through an Okta-powered application, this policy does not protect you; you must seek rights through the application operator, who may have separate and less visible data practices.
Cross-platform context
See how other platforms handle Product Data Carve-Out and similar clauses.
Compare across platforms →Monitoring
Auth0 has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"This Privacy Policy does not apply to personal data that Okta processes on behalf of its customers as a data processor or service provider in connection with Okta's identity products and platform services, which are governed by the applicable agreements between Okta and its customers.— Excerpt from Auth0's Auth0 Privacy Policy
(1) REGULATORY FRAMEWORK: This carve-out implicates GDPR Art. 28 (processor obligations), GDPR Art. 26 (joint controller arrangements where applicable), CCPA/CPRA §1798.140(j) (service provider definition), and raises questions under GDPR Arts. 12-22 regarding which entity is the appropriate contact for data subject rights. The Irish DPC and UK ICO are primary enforcement authorities for EU/UK data subjects. (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Millions of end users authenticate through Okta-powered systems daily, but their authentication and access data is explicitly excluded from this policy, limiting their ability to directly exercise privacy rights against Okta.
If your personal data — including login history, device information, and access logs — is processed through an Okta-powered application, this policy does not protect you; you must seek rights through the application operator, who may have separate and less visible data practices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Auth0.