Privacy & security
Our privacy act statement
The Authority - Who authorizes the collection of this data?
The information you provide is collected pursuant to 6 USC § 1523 (b)(1)(A)-(E), the E-Government Act of 2002 (Pub. L. 107–347, 44 U.S.C. 3501 note), and 40 USC § 501.
The Purpose - Why do we need your information?
Login.gov partners with agencies that need secure and private access to their applications and services. Each agency may request different levels of security depending on their needs. When you create and sign in to a login.gov account, you’re provided with an electronic identity assurance credential. We need your personally identifying information, or PII, to generate that credential. Imagine this credential like a key that only you can use. The key securely opens the door to a partner agency’s service or application.
What information do we need?
- For authentication to establish a secure account, we need your name, email address, and an authentication method. Your authentication method could be a phone number where we share a SMS code, USB Security Key or other options.
- Identity proofing requires more sensitive information such as a social security number, address, phone number connected to your address, and U.S. based state ID or driver’s license.
Routine Uses - With whom is the information routinely shared?
- To third party identity proofing services, as necessary to identity proof an individual for access to a service at the required level of assurance.
- To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant.
- To the Government Publishing Office (GPO), when Login.gov needs to mail a user an address confirmation form or if a user requests mailed notifications of account changes or of proofing attempts.
This list is not comprehensive. Please see the system of records notice for all entities and individuals.
What happens to the information you share?
All records are stored electronically in a database in GSA’s Amazon Web Services (AWS) environment. You can modify, or amend, either your email address or phone number on your account page.
Your email address and phone number will be maintained for at least six years in accordance with National Archives and Records Administration (NARA) guidance. However, GSA is authorized to maintain the information for longer if it is required for business use. Login.gov must be able to provide users access to information and services at partner agencies and therefore may have a business need to retain the information longer than the six-year retention period.
There may be circumstances where we are required to share certain data. For example: if the information is relevant and necessary for an authorized law enforcement purpose; in order to respond to a breach; or to assist another agency as it responds to a breach. For additional information, see the system of record notice number GSA/TTS-1 that GSA’s Technology Transformation Service (TTS) published on August 10, 2017.
Even when we share the information with law enforcement, we cannot access PII because the information is encrypted in a manner that is unretrievable to the login.gov team.
Consent - How can you control what information is shared?
You decide what information to give us and can revoke consent at any time. Sharing your information is voluntary.
However, failure to provide complete and accurate information may delay access to the partner agency. Login.gov does not make any eligibility or suitability determinations; that is the responsibility of the government websites that use the login.gov service.
We will never share your information without your consent. Your data is encrypted and the only way to share it with a partner agency is if you, the authorized user, enter your password and explicitly grant consent to share the information.
When you create an account or visit a new partner agency website after you have created your account, you will see the option to consent to share your information with the partner agency. You are required to give consent yearly for each agency.
Remember you can revoke consent at any time through your account page or delete your account entirely on the same page.
Records - Where can you find more information?
Please see the Login.gov system of records notice (GSA/TTS–1) at www.gsa.gov/SORN.
Other data, like the pages you visit and the length of your session, are aggregated into reports to help us better understand how the site is being used and how we can make it more helpful. The data is anonymized. No personally identifying user information is tied to this data and it is only shared anonymously with the login.gov team.
Privacy Impact Assessment
View our privacy impact assessment at www.gsa.gov/PIA.Back to top