The privacy policy for websites owned by the office of Federal Student Aid covers security, links to other sites, and nonpersonal information that Federal Student Aid records.

Learn about how we use the information we collect and how we protect your information.


Thank you for visiting Federal Student Aid's website and reviewing our privacy policy. Our policy is simple: We collect no personal information about you unless you choose to provide that information to us, such as when completing the FAFSA form. We do not sell any personal information to a third party.

If you want to know more about how we record nonpersonal information about your visit or how we use information that you voluntarily submit, read on. You can also view the U.S. Department of Education’s privacy policy.

Otherwise, enjoy your visit!

This privacy policy's latest update is effective as of Oct. 1, 2018.

Nonpersonal Information We Record
     How to Opt Out or Disable Cookies
Other Tools
Links to Other Sites
How Collected Information Is Used
      Information from the Contact Us Page
      Information Collected for the Federal Student Aid Feedback System
      Information Collected for the FAFSA® Form
How Uses Third-party Websites and Applications
How User Information in the "My Federal Student Aid" Section of the Website Is Protected
Security Controls
FAFSA® Privacy Act Statement
      Paperwork Reduction Act
Additional Information

Nonpersonal Information We Record

We use cookies to collect better data on how this site is working for you. If you wish to do so, you may disable the cookies in your browser settings.

If you do nothing during your visit but browse through the website, read pages, or download information, our server will automatically record some general information about your visit.

During your visit, our server will record the following:

  • The internet domain for your internet service, such as "" or "" if you use a private internet access account, or "" if you connect from a college or university domain
  • The type of browser (such as "Mozilla Firefox version x" or "Internet Explorer version x") that you are using
  • The type of operating system that you use (such as Macintosh, Unix, or Windows)
  • The type of device (desktop computer, tablet, or type of mobile device) that you are using
  • The date and time you visit our site, the web pages that you visit on our site, and the length of time you spend on each page
  • The address of the previous website you were visiting, if you linked to us from another website

The user is not identified in the collection of nonpersonal information.



The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies (PDF, 103KB), allows federal agencies to use session and persistent cookies subject to the limitations described within the guidance.

Cookies from web pages collect information only about your browser's visit to the site; they do not collect any personal information about you.

There are two types of cookies: single-session (temporary) and multi-session (persistent).

We use temporary session cookies for such technical purposes as enabling better navigation through our site. These temporary cookies let our server know that you are continuing a visit to our site. The OMB Memo 10-22 guidance defines our use of temporary session cookies as "Usage Tier 1-Single Session." The guidance states, "This tier encompasses any use of single-session web measurement and customization technologies." Single-session cookies last only as long as your Web browser is open. Once you close your browser, the cookie disappears.

We use persistent cookies to enable Google Analytics (third-party analytics provider) to differentiate between new and returning visitors to our site. Persistent cookies from Google Analytics remain on your computer between visits to for up to two years.

Google Analytics calculates how many individual users visited the website in a given time. Combined with total visits, these tools help us create a more comprehensive story about users and their visit patterns.

The OMB Memo 10-22 guidance defines our use of persistent cookies as "Usage Tier 2-Multi-session without Personally Identifiable Information (PII)." The guidance states, "This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected."

As mentioned above, uses a third-party analytics provider (Google Analytics) to analyze the data collected through the session and persistent cookies. These third-party analytics providers do not receive PII through these cookies and do not combine, match, or cross-reference information with any other information Please review Google Analytics’ privacy policy for additional information.

Pursuant to OMB Memo 10-22 Attachment 3, these cookies collect information similar to that automatically received and stored on the servers hosting These servers do not collect PII, and does not access or store the raw information collected through these cookies. We view aggregate statistical analyses prepared by our third-party analytics providers, but these analyses do not include any PII. We do not sell, rent, exchange, or otherwise disclose this information to individuals or organizations. will keep data collected long enough to achieve the specified objective for which they were collected.

The information we collect is aggregate, and is only available to website managers, members of their communications and web teams, and other designated federal staff and contractors who require this information to perform their duties.

How to Opt Out or Disable Cookies

Your website browser’s standard setting enables cookies by default. If you do not wish to have session or persistent cookies stored on your machine, you can opt out or disable cookies in your browser. You will still have access to all information and resources throughout the website. However, turning off cookies may affect the functioning of some content within Be aware that disabling cookies in your browser will affect cookie usage at all other websites you visit as well.

Other Tools

Many of the tools we use to gather visitor data and monitor the health of, such as Google Analytics, are deployed using Tealium iQ. Tealium iQ gives us an easy way to manage these tools.

In the future, we may consider using additional third-party tools that may improve site performance or customer outreach. We’ll provide information on any new tools used on below:

  • We use the third-party tool Crazy Egg on Crazy Egg is a tool that creates visual displays of overall site visitor activity on the website. If you wish to opt out of Crazy Egg collecting information when you visit, please see the Crazy Egg opt-out instructions.

Links to Other Sites

Our policy discloses the privacy practices for But provides links to other websites. When you leave, you will be going to sites that are beyond our control. We try to ensure that links that leave our site are clearly labeled. These other sites may send their own cookies to users, collect data, or solicit personal information. The privacy policies and procedures described here for do not apply to any external links. We encourage you to read the privacy policies of any site you link to from ours, especially if you share any personal information. Be informed. You are the person best qualified to protect your own privacy.


How Collected Information Is Used

Information from the Contact Us Page

If you decide to send us an email via our Contact Us page (including information you send to us regarding a problem or feedback you provide on a Customer Survey), the message will contain your return email address. If you include personally identifiable information in your email because you want us to address issues specific to your situation, we may use that information in responding to your request. This information is not maintained in a Privacy Act system of records.

Also, email is not necessarily secure against interception. Please send only information necessary to help us process your request. Do not send Social Security numbers (SSN) through email. If we need your SSN to assist you with your issue, we will contact you to obtain it.

Information Collected for the Federal Student Aid Feedback System

You may make a complaint anonymously. However, if you decide to lodge a complaint utilizing our Federal Student Aid Feedback System or by calling the designated Enterprise Feedback phone number, you may choose to include your email address or telephone number so that we can contact you regarding your complaint. Providing personally identifiable information, such as your Social Security number, is not required. However, without such information, we may not be able to conduct a full investigation into your complaint. If you provide personally identifiable information because you want us to address issues specific to your situation, we may use that information in contacting authorized third parties. Federal Student Aid maintains a system of records notice that permits private information to be disclosed to these authorized third parties when it is necessary to obtain further information about your complaint, request for assistance, or other inquiry, before it can be resolved.

Information Collected for the FAFSA® Form

When you apply for federal student aid using the Free Application for Federal Student Aid (FAFSA) form, the Office of Federal Student Aid is authorized to maintain a record of the transactions related to your application.

Under the Higher Education Act of 1965, as amended, we are allowed to ask for the information on this form so that we can determine whether you are eligible for aid, and, if so, how much. We will share the information with other agencies, such as the Social Security Administration, to verify the information you put on the application. If you do not give us all of the information we need to process your FAFSA form, your aid may be delayed or denied. Continue reading below for a complete description of the information we must tell you under the Privacy Act.

Privacy Notices

For the information that may be submitted through the FAFSA form, we have completed a Privacy Impact Assessment (PIA) and a System of Records Notice providing details about the privacy protections and redress options available for the information we collect. For further information, please reference the privacy compliance documentation below:

Privacy Impact Assessment for the Central Processing System
System of Records—Federal Student Aid Application File

State Certification

When you submit the FAFSA form, you are automatically applying for financial aid from your state of legal residence and, in some cases, the state in which your school is located. You are giving your state financial aid agency permission to verify information on your form and to obtain income tax information for all people who are required to report income on your form.

How Uses Third-party Websites and Applications

As a response to OMB Memo M-10-06, Open Government Directive, uses a variety of technologies and social media services to communicate and interact with citizens. These third-party website and application (TPWA) tools include popular social networking and media sites, open-source software communities, and more. Examples include Facebook, Twitter, and YouTube.

TPWAs are not exclusively operated or controlled by Users of TPWAs often share information with the general public, user community, and/or third-party websites, which may use this information in a variety of ways. TPWAs could also cause personally identifiable information (PII) to become available or accessible to and the public, regardless of whether the PII is explicitly asked for or collected by us.

For more information on third-party websites and applications, you can review our social media guidelines.


How User Information in the “My Federal Student Aid” Section of the Website Is Protected

“My Federal Student Aid” provides access to your federal student aid information in the National Student Loan Data System (NSLDS®). You can access this secure session by logging in with your FSA ID. For more information, view the U.S. Department of Education’s privacy policy.


Security Controls

In accordance with the Federal Information Security Management Act of 2002 (FISMA), must receive a signed Authority to Operate (ATO) from a designated senior Federal Student Aid official. The ATO process includes a rigorous assessment of security controls, a plan of action and milestones to remediate any identified deficiencies, and a continuous monitoring program to address threats in real time. received its initial ATO on July 12, 2012, and continues to maintain this ATO in accordance with federal security requirements.

FISMA controls implemented by comprise a combination of management, operational, and technical controls, and include the following control families: access control, awareness and training, audit and accountability, security assessment and authorization, configuration management, contingency planning, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, planning, personnel security, risk assessment, system and services acquisition, system and communications protection, system and information integrity, and program management.

For site security purposes and to make sure this service remains available to all users, this government computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. These programs collect no personally identifiable information, but they do collect information that could help us identify someone attempting to tamper with this website. Except for authorized law enforcement investigations, we make no other attempts to identify individual users or their usage habits. We only use raw monitoring data logs for determining trends in usage patterns and in diagnosing system problems. Unauthorized attempts to upload or change information on this site are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act. Server logs are scheduled for regular destruction in accordance with the National Archives and Records Administration General Schedule 20.

Your FAFSA data is protected by encryption. Encryption uses a mathematical formula to scramble your data into a format that is unreadable by anyone who might intercept it. If you are using a domestic browser, and the browser is configured correctly, encryption is done automatically when you connect to FAFSA on the Web.

FAFSA® Privacy Act Statement

Authority: Sections 483 and 484 of the Higher Education Act of 1965, as amended, give us the authority to ask these questions, and to collect Social Security numbers (SSN), from both you and your parents.

Purpose: We use the information provided on your Free Application for Federal Student Aid (FAFSA) form to determine if you are eligible to receive federal student financial aid and the amount that you are eligible to receive. Your SSN is used to verify your identity and retrieve your records. We may request your SSN again for these purposes. State and institutional student financial aid programs also may use the information provided on your FAFSA form to determine if you are eligible to receive state and institutional aid and the need that you have for such aid.

Routine Uses: The information you provide will not be disclosed outside of the U.S. Department of Education (Department), except with your consent, and as otherwise allowed by the Privacy Act of 1974, 5 U.S.C. 552a, pursuant to the routine uses identified in the Federal Student Aid Application File System of Records Notice. A routine use is a disclosure without your consent. The Department may disclose your information to third parties under a routine use published in the Notice linked to above. Significant routine use disclosures are as follows:

  • Under the published routine uses, we may disclose the information to private firms that assist the Department in administering the federal student financial aid programs. However, private firms that contract with the Department must maintain the safeguards required under the Privacy Act.
  • We will disclose the information provided on your FAFSA form to each college listed on your FAFSA form, the state agency in your state of legal residence, and the state agencies in the states for the colleges listed to determine if you are eligible to receive state and institutional aide, and the need you have for such aid.
  • The Department also may send your information to other federal agencies through computer matching programs to verify your eligibility for federal student financial aid, to perform debt collection under the federal loan programs, and to minimize and prevent waste, fraud, and abuse in the federal student aid programs. Such computer matching programs include matching programs with the Internal Revenue Service, Selective Service System, Social Security Administration, Department of Veteran Affairs, and Department of Homeland Security. The Department also exchanges information with the Department of Justice to enforce Section 5301 of the Anti Drug Abuse Act.
  • In addition, your name, address, SSN, date of birth, Expected Family Contribution, dependency status, and state of legal residence will be sent to the state agency in your state of legal residence. This disclosure will allow you to apply for state student financial aid without necessarily having to submit an additional application form. Your application information also will be sent to the college(s) listed on your FAFSA form, or its representative, and to the state agencies in the states of the colleges listed. The status of an application also may be sent to state agencies, local educational agencies and secondary schools having agreements with the Secretary, for the purposes of coordinating student aid and counseling students whose applications may be incomplete or in need of correction, and on FAFSA completion.
  • If you request us to do so, we may disclose your information to other Federal agencies, such as the Internal Revenue Service, to enable you to obtain information from other Federal agencies’ records that will assist you in completing the FAFSA form online. However, without your specific consent, we will not disclose your information for this purpose.
  • Lastly, we may send your information to members of Congress if you ask them to help with federal student aid questions and to your parents or your spouse if they provided information on your FAFSA form.
  • If information provided on your FAFSA form leads to litigation with the federal government, the Department, or an employee of the Department, we may send your information to the Department of Justice, a court, or an adjudicative body, if certain conditions are met. In addition, we may send your information to a foreign, federal, state, or local enforcement agency if the information submitted indicates a violation or potential violation of law, for which that agency has jurisdiction for investigation or prosecution. Finally, we may send your information to a consumer reporting agency if a claim is involved that is determined to be valid and overdue. This information includes identifiers from the record; the amount, status and history of the claim and the program under which the claim arose.
  • Additionally, DHS may share the information with facility operators, law enforcement or other government agencies as necessary to respond to potential or actual threats to transportation security, or pursuant to its published Privacy Act system of records notice.

Disclosure: Providing information, including your SSN, is voluntary; however, if you do not give us all of the information we need to process your FAFSA form, your aid may be delayed or denied. If you are applying solely for federal aid, you must answer all of the following questions that apply to you and are requested: 1–9, 14–16, 18, 22–23, 26, 28–29, 32–37, 39–59, 61–68, 70, 73–86, 88–105. If you want to apply for state financial aid, you must answer all the relevant questions.

Paperwork Reduction Act

According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. The valid OMB control number for this information collection is 1845-0045. Public reporting burden for this collection of information is estimated to average 1 minute per response, including time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. The obligation to respond to this collection is voluntary. If you have comments or concerns regarding the status of your individual submission of this survey, please contact the Federal Student Aid Information Center, P.O. Box 84, Washington, D.C. 20044 directly. Note: Please do not return the completed survey to this address.

Additional Information

For additional information, visit the U.S. Department of Education’s Privacy Program web page.