October 1, 2025
Okta maintains the following retention policy as it pertains to Customer Data, as that term is defined in the Master Subscription Agreement. Okta’s service is built on a multi-tenant infrastructure, and as a result, Customer Data retention is consistent for all customers. Customer Data includes all electronic data submitted by or on behalf of a customer to the Okta Service.
Data Deletion at Contract Termination
After the effective date of termination of the customer’s Master Subscription Agreement, Okta will delete Customer Data, including backup data, within 210 days, with the exception of infrastructure log data as described below.
Automatic Purging of Customer Data
Service Backup Data: Complete database snapshots are taken hourly and automatically purged after six months.
System Log: Application-generated system data (as presented in Okta’s System Log) and reporting based on log data older than 90 days is automatically removed.
If you would like to retain this data for longer than 90 days, we recommend downloading the data from the System Log user interface, API, or integrating with an external event management system (e.g. SIEM). Please refer to Exporting Okta Log Data for more information.
Access Governance Data: Certain Okta products generate access governance data (e.g. which users have access to applications and resources, how such access was granted, etc.). Such data will be automatically removed after three years.
Identity Security Posture Management Data: Complete database snapshots are taken daily and automatically purged after six months. Currently, logs are not available for download or export by the customer.
Infrastructure Log: As necessary to operate and secure the Service, Okta retains infrastructure log data, which may contain Customer Data, for up to 12 months after such log data is generated. Such log data may be held for longer if required for legal or compliance purposes.
Support
If you have any questions about the above policy, please reach out to Okta Support.
