Skip to main content
US flag An official website of the United States government

Privacy & security

Your privacy is very important to us. We’re providing you with our privacy policy so you are aware of what information we collect, why we collect it, and what we do with it. login.gov does not collect your email address or phone number unless you choose to provide it. We do collect other limited information automatically from visitors who read or browse information from our site. We do this to better understand how the site is being used and how we can make it more helpful.

If you create an account, login.gov collects personally identifiable information (PII) from you, including your email address and phone number. We collect your email address and with your consent share it with each federal agency (“partner agency”) at which you are seeking to access information and services. We collect your phone number in order to enable two-factor authentication as a security measure for your login.gov account. Your phone number is only sent to a one-time password service provider, not any of the partner agencies.

Our privacy practices

hr

This privacy notice describes how we ask for, use, retain, and protect your personal information, as well as your obligation to disclose it.

Our goal is to protect your personal information, and we will not share it without your permission. For example, we will encrypt your personal information in transit and at rest and ask you before sharing your data with a partner agency. However, there may be circumstances where we are required to share certain data. For example: if the information is relevant and necessary for an authorized law enforcement purpose; in order to respond to a breach; or to assist another agency as it responds to a breach. For additional information, see the system of record notice number GSA/TTS-1 that GSA’s Technology Transformation Service (TTS) published on August 10, 2017.

Privacy Act statement

Authorities

The information you provide to access your login.gov account is collected pursuant to 6 USC § 1523 (b)(1)(A)-(E), the E-Government Act of 2002 (44 USC § 3501), and 40 USC § 501.

Purpose

The information that you submit is used to create or update your login.gov account. Once you create an account, with your consent, login.gov will share your email address with the partner agency to provide online access to government information and services.

Disclosure

You decide what information to give us. However, failure to provide complete and accurate information may delay access to the partner agency. The information you give login.gov will be shared with the applicable federal agency to provide access to information about you held by that agency as described in the associated systems of records notices. Please note that the login.gov system will record certain session-level information about your use of the service, including but not limited to, web browser type and version, and the length of your session. This information allows login.gov better understand how the site is being used and how it can be made more helpful.

Storage

All records are stored electronically in a database in GSA’s Amazon Web Services (AWS) environment. You can modify, or amend, either your email address or phone number by accessing it in your account. You should choose an email address through which you would like to receive correspondence from any partner agency whose services or information you might access. Changing that address will redirect all email correspondence with any partner agency.

Similarly, you should choose the number of a phone that you have access to in order to receive and respond with the one-time password(s) that are sent to that number.

Your email address and phone number will be maintained for at least six years in accordance with National Archives and Records Administration (NARA) guidance. However, GSA is authorized to maintain the information for longer if it is required for business use. login.gov must be able to provide users access to information and services at partner agencies and therefore may have a business need to retain the information longer than the six-year retention period.

Privacy Impact Assessment

View our Privacy Impact Assessment.

Our security practices

hr

login.gov uses a variety of security methods to protect this U.S. government service and your data, and to ensure the service remains available to all users. These methods include monitoring and recording network traffic (any data going in and out of login.gov) to identify unauthorized attempts to change information, or otherwise cause damage.

Unauthorized access or use of login.gov (e.g. use for criminal purposes, or to cause damage, etc) is against the law, and may subject you to criminal prosecution and penalties.

Vulnerability Disclosure Policy

login.gov authorizes the outside security community to perform security research for the intent of reporting discovered security vulnerabilities in the login.gov platform.

View our Vulnerability Disclosure Policy for details on this policy and how to report discovered vulnerabilities.

For more information

We are happy to answer questions about our security and privacy practices. For more information, please visit Help or contact us.