Certain information about your visit can be collected when you browse websites. During your visit to StudentLoans.gov, we, and in some cases our third-party service providers, can collect the following types of information about your visit:
- Domain (e.g., comcast.com, if you are using a Comcast account) from which you accessed the internet
- IP address (an IP or internet protocol address is a number that is automatically assigned to a device connected to the web)
- Device type (desktop computer, tablet, or type of mobile device)
- Type of operating system that you use (such as Macintosh, Unix, or Windows)
- Type of browser (such as "Chrome version x" or "Internet Explorer version x") that you use when visiting the site
- Date and time of your visit
- Web pages you visited on the site
- Address of the website that connected you to StudentLoans.gov (such as google.com or bing.com)
- Screen resolution
- Browser language
- Geographic location
- Time spent on page
- Scroll depth (i.e., how much of a web page was viewed)
- User events (things you do on the site, e.g., clicking on a button)
The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies, allows federal agencies to use session and persistent cookies subject to the limitations described within the guidance.
Cookies from StudentLoans.gov web pages collect information only about your browser's visit to the site. They do not collect any personal information about you.
There are two types of cookies:
- Session cookies: We use temporary session cookies for technical purposes such as enabling better navigation through our site. These temporary cookies let our server know that you're continuing a visit to our site. The OMB Memo 10-22 guidance defines our use of temporary session cookies as "Usage Tier 1-Single Session." The guidance states, "This tier encompasses any use of single-session web measurement and customization technologies." A single-session cookie lasts only as long as your web browser is open. Once you close your browser, the cookie disappears.
- Persistent cookies: We use persistent cookies to enable Google Analytics (third-party analytics providers) tracking. Persistent cookies from Google Analytics remain on your device between visits to StudentLoans.gov for up to two years. Other third-party tools on the site use persistent cookies, which can be stored on a user's local system and are set to expire at varying time periods depending upon the cookie. The OMB Memo 10-22 guidance defines our use of persistent cookies as "Usage Tier 2-Multi-session without PII (personally identifiable information)." The guidance states, "This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected."
StudentLoans.gov uses third-party analytics providers (e.g., Google Analytics) to analyze the data collected through the session and persistent cookies. These third-party analytics providers do not receive PII through these cookies and do not combine, match, or cross-reference StudentLoans.gov information with any other information. We view aggregate statistical analyses prepared by our third-party analytics providers, and these analyses do not include any PII. We do not sell, rent, exchange, or otherwise disclose this information to individuals or organizations.
Pursuant to OMB Memo 10-22, the session and persistent cookies collect information similar to that automatically received and stored on the servers hosting StudentLoans.gov. These servers do not collect PII, and StudentLoans.gov does not access or store the raw information collected through these cookies.
How to Opt Out or Disable Cookies
Your website browser's standard setting enables cookies by default. If you do not wish to have session or persistent cookies stored on your machine, find out how to opt out or disable cookies in your browser. You will still have access to all the information and resources throughout the StudentLoans.gov website. However, turning off cookies may affect the functioning of some content within StudentLoans.gov. Be aware that disabling cookies in your browser will affect cookie usage at all other websites you visit as well.
How Long Federal Student Aid Keeps Data
Federal Student Aid will keep data long enough to achieve the specified objective for which the data were collected. The StudentLoans.gov site issues session cookies-cookies that expire when you close your browser, ending your session on the site. Third-party tools on the site use persistent cookies, which can be stored on a user's local system and are set to expire at varying time periods depending upon the cookie. You can opt out or disable cookies in your browser.
Federal Student Aid uses the third-party tool, Google Analytics, to support website analytics. Federal Student Aid uses Google Analytics to collect basic site usage information:
- how many visits StudentLoans.gov receives
- the pages visited
- time spent on the site
- the number of return visits to the site
- the approximate location of the device used to access the site
- types of devices used
This information is then used to maintain the website including monitoring site stability, measuring site traffic, optimizing site content, and helping make the site more useful to visitors. You can opt out or disable tracking in your browser.
Digital Advertising Tools for Outreach and Education
Federal Student Aid uses third-party tools to support our digital advertising outreach and education efforts. These tools enable Federal Student Aid to reach new people and provide information to previous visitors. In order to use these tools, we may use the following technologies on StudentLoans.gov:
Click Tracking: Federal Student Aid may use click tracking to identify the messaging and/or ads that are most helpful to consumers and efficient for outreach. This enables Federal Student Aid to improve the performance of messaging or ads that consumers click on. When users click on links from any messaging or ad, data about what ad was viewed is collected. Reports are generated about ad performance, including the total number of views and clicks an ad received. You can opt out or disable tracking in your browser.
Conversion Tracking: Federal Student Aid may use conversion tracking to identify ads that are helpful to consumers and efficient for outreach. This enables Federal Student Aid to improve the performance of ads viewed by consumers. When a StudentLoans.gov ad is viewed on a third-party site (e.g., a banner ad), a cookie is placed in the browser of the device the ad was viewed on. If this device later visits StudentLoans.gov, the visit is linked to the ad viewed on the same device. This information helps Federal Student Aid determine which messaging and/or ads are more likely to generate visits to our websites. You can opt out or disable tracking in your browser. You also can click on the "AdChoices" icon in the corner of our ads to opt-out of this ad targeting. Users who have set their browser to "Do Not Track" will automatically be opted out of conversion tracking.
Many of the tools Federal Student Aid uses to gather visitor data and monitor the health of StudentLoans.gov, such as Google Analytics, are deployed using Tealium iQ. Tealium iQ gives Federal Student Aid and its staff and contractors an easy way to manage these tools.
In the future, Federal Student Aid may consider using additional third-party tools that may improve site performance or customer outreach. Federal Student Aid will provide information on any new tools used on StudentLoans.gov below:
- Federal Student Aid uses the third-party tool Crazy Egg on StudentLoans.gov. Crazy Egg is a tool that creates visual displays of overall site visitor activity on the website. If you wish to opt out of Crazy Egg collecting information when you visit StudentLoans.gov, please see the Crazy Egg opt-out instructions.
For security purposes and to make sure this service remains available to all users, we use special software programs for monitoring network traffic to identify unauthorized attempts to upload or change information, or otherwise to cause damage to this government computer system. These programs collect no personally identifiable information, but they do collect information that could help us identify someone attempting to tamper with this web site.
If you decide to send us an electronic mail message (e-mail), the message will usually contain your return e-mail address. If you include personally-identifying information in your e-mail because you want us to help you with a specific problem, we may use that information in contacting other federal agencies or our partners (such as colleges, lenders, or state agencies) about your student aid. In other limited circumstances, including requests from Congress or limited other parties, we may be required by law to disclose information that you submit.
Also, e-mail is not necessarily secure against interception. If your communication is very sensitive, or includes personal information such as data from your tax return or student loan account, you may prefer to send it by postal mail to:
If you have applied for federal student aid or have received a federal student loan, the Office of Federal Student Aid is authorized to maintain a record of all transactions related to your application or loan.
Review the System of Records notices, which list the authorized disclosures and the safeguards for Office of Federal Student Aid systems under the Privacy Act of 1974, as amended. The systems that apply specifically to loans that you receive under the Direct Loan Program are #18-11-05 called Title IV Program Files and #18-11-06 called National Student Loan Data System (NSLDS).
The fact that you have completed an electronic Master Promissory Note (MPN), Direct PLUS Loan Request or Entrance Counseling will be communicated to the school for which you are borrowing the money. The privacy of financial aid records (and admission, enrollment, and other records) kept by an educational institution is protected by the Family Educational Rights and Privacy Act. Click here to read the FERPA regulations.INTRODUCTION TO PRIVACY IMPACT ASSESSMENT
Section 208 of the E-Government Act of 2002 (P.L.107-347) requires FSA to complete a Privacy Impact Assessment for each new system that collects information from the public through the Internet.
During the Definition Phase of the FSA Solution Lifecycle, the System Security Officer must make sure that the team completes the attached Privacy Impact Assessment Questionnaire, must have it reviewed by the Chief Information Officer or equivalent official, and must file the completed form in the system's Security Notebook as part of the system's documentation. This Privacy Impact Assessment must also be made publicly available.Privacy Impact Assessment Questionnaire
System Name: Common Origination and Disbursement (COD)
System Owner: William Leith
System Manager: Nancy Hoover
System Security Officer: Don Dorsey
Privacy Impact Assessment Questionnaire Author: Don Dorsey
Officials and organizational components involved in the analysis and review of the Privacy Impact Assessment included the following: Department of Education Office of the Chief Information Officer, Federal Student Aid (FSA) CIO Computer Security Officer, and COD management, including the System Security Officer.
What information will be collected for the system (Ex. Name, Social Security Number, annual income, etc)?
- The COD system receives, processes and stores privacy act related data, such as names, social security numbers, current address, date of birth, place of birth, telephone numbers, and dollar amounts.
- The general public does not have access to COD.
Why is this information being collected?
The information is provided by the student applicants and the schools participating in the Title IV Higher Education Student Financial Aid Programs to enable the administration of the Federal Title IV grants and loans by the Department. The Title IV loans and grants are used by eligible students to attend those schools.
How will FSA use this information?
- FSA/COD uses this student-level detail to book loans, account for awarded grants and to enable the Department to reconcile school cash drawdowns from the Treasury to individual student disbursements.
- This information also is used to ensure the respective schools receive the appropriate amount of dollars during the respective time periods.
- Not routinely (This information can be made available for a civil or criminal law enforcement activity that is authorized by law, upon a written request by the agency).
- Extensive Privacy Act notices are posted at the web site of the Free Application for Federal Student Aid (FAFSA®) form at StudentAid.gov/fafsa. The basis for the data sent to COD by colleges is the FAFSA®, which is filled out by student applicants first. The FAFSA® is an OMB approved data collection instrument (OMB #1845-0001)
- All information is protected by a secure FSA ID or password and is monitored by automated and manual controls.
- COD is developed and maintained under a contract with Accenture, and is housed within a secure facility run under a subcontract with TSYS Inc., one of the largest credit card processors in the world.
- Interfacing ED systems are operated for the most part within FSA's Virtual Data Center (VDC), located in Plano, TX, which provides the respective security controls. The COD data is encrypted as it moves between COD system interfaces.
- System administrators outside of the VDC provide comparable security controls to protect the system and the information contained therein.
- A system of records notification has been submitted to update the previous system of record notification for the TEACH Program.