The CSU is committed to safeguarding the privacy of all visitors to our websites and applications. This notice describes our privacy policy as it relates to the collection, protection, and disclosure of information resulting from the use of University websites and applications; both information that is collected automatically and information that is provided voluntarily. In particular, we do not redistribute or sell personal information collected through our website and applications.

Law and Policy

The CSU complies with all applicable state and federal privacy statutes, including, but not limited to, the Information Practices Act, Higher Education Opportunity Act (HEOA), Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the California Public Records Act, the Integrated CSU Administrative Policy for Responsible Use, and associated Data Security Policies.

Scope of Policy

The CSU, by and through its academic research and administrative units, programs, and Auxiliaries, owns, controls, operates, and maintains, or maintains a contractual relationship with a number of websites and applications. This policy applies to these sites and applications.

Use of Personal Information

The University follows these principles in collecting and managing personal information:

  • We collect personal information on individuals only as allowed by law. We limit the collection of personal information to what is relevant and necessary to accomplish a lawful purpose of the University. For example, we may need to know someone’s physical address, telephone number, or email address, among other things, to properly consider them for enrollment at our campus.

Personal information, as defined in the Information Practices Act, is information that identifies or describes an individual including, but not limited to, name, Social Security number, physical description, home address, telephone number, education, financial matters, and medical or employment history.

  • We do not collect home, business, or email addresses, or account information from persons who simply browse our Internet website. The University collects personal information about individuals through our website only if an individual provides such information to the University voluntarily through forms or surveys. The information that the University automatically collects includes the domain name or Internet Protocol address that relates to the machine used to access the University’s website, the type of browser and operating system used, the date and time that the website is visited, web pages displayed, and any forms that are uploaded.

  • We use Google Analytics to help improve our website. The University uses Google Analytics to help understand how visitors interact with our website so that the site can be improved. Click here to read Google’s security and privacy policies for Google Analytics. A visitor can choose not to have their data used by Google Analytics by downloading their opt-out browser add-on. The University may use other data collection and analysis tools, providing they do not collect any form of Personally Identifiable Information (often referred to as PII). Please refer to ICSUAM 8025.00 for more specific information.

    We aggregate information from the above sources to help us improve our websites and applications by understanding how they are used and to maintain technical quality of systems and services.

    In addition, all web servers throughout the Internet collect basic details on connections in their server logs, including requesting IP addresses, resources requested, time of the request, and whether the request was successful.

  • We may use session cookies in some areas of the website to improve the overall usability of the site. Cookies are small text files placed on your computer, often without the visitor’s knowledge, to identify their computer while visiting certain Internet sites. For example, cookies are used by some sites to greet visitors personally, to post a list of their favorite books to purchase, or to remember what they had in their shopping cart the last time they visited.

    On this website, a temporary cookie may be placed on a visitor’s computer when they visit certain pages. The session cookies are used to facilitate the interaction between visitors and the site. The cookies are not used to collect or store information about visitors and do not track visitors if/when they return to our website. The cookie is temporary and will be deleted when you exit your browser.

    Visitors can prevent cookies from being placed on their computers by accessing their browser’s preferences menu and deleting existing cookies. There are also commercial programs available to help manage cookies. Before taking such steps, users should be aware that some websites may not work properly if the placement of cookies is blocked.

  • We use information security safeguards. We take reasonable precautions to protect the personal information collected or maintained by the University against loss, unauthorized access, and illegal use or disclosure. Such personal information is stored by the University, in secure locations. The University’s staff is trained in procedures for the management of personal information, including limitations on the release of information. Access to personal information is limited to those members of the University’s staff whose work requires such access. Confidential information is destroyed according to the University’s records retention schedule. The University conducts periodic reviews to ensure that proper information management policies and procedures are understood and followed.

    The University encourages all individuals to use appropriate safeguards to secure their computers and the information on those computers.

Information Provided Voluntarily

To access private data, websites and applications require user authentication. Once logged in, visitors may be asked to provide information such as name, email address, home address, birthday, student ID number, etc. While authenticated, visitors may also access and interact with private information, such as grades, enrollment, class activity, or other privileged information. Such information remains under the site visitor’s control and may only be shared through visitor’s direct action. CSU sites may provide tools to enable users to share information with others, but in no circumstance will any data be shared outside of the University and/or its contracted providers without users’ direct action and knowledge.

How We Use This Data

The University may use any automatically or voluntarily provided information, including visitors’ identify information, to tailor the content of web pages or other communications to your needs, interests, or role(s).

Links to Other Sites; Content Embedded in Our Site(s) From External Sources

The University’s websites and applications may include links to other websites and/or applications, or may display content from external services or providers. Except as part of formal business relationships between the University and service vendors, a link from a University site does not imply endorsement of a destination site. While the University strives to be a good steward of third-party embedded content, these third parties may have their own privacy policies. The University is not responsible for the privacy practices of these external third parties. For their own protection, visitors should review the privacy policy of any site linked from our website(s) or any site to which they provide personal information.

Opting Out of Tracking

Websites track users anonymously, using both first-party and third-party HTTP cookies to measure usage. These websites track visitors using first-party logging and reporting features as well as Google Analytics.

To opt out of tracking during their visit, website users can do any of the following:

This information is provided as a courtesy, and these features are not supported in any way by the University.

Questions, Comments, or Suggestions

To communicate with us about this policy, please contact the Information Security Team at

To Report a Violation of This Policy

If you believe that your personal information has been released without consent, please contact the Information Security Team at