Login.gov is committed to your privacy and security
This describes how we ask for, use, retain, and protect your personal information. Protecting your information is our priority at Login.gov.
The information that you submit is used to create or update your Login.gov account and give you access to Login.gov’s partner agencies. When you provide your email address or other proof of identity like a state ID, we can be sure it’s really you and grant you access to the account — and keep the bad actors away. This proof, called an electronic identity assurance credential, is like putting a key into a lock to securely open the door to the government agency’s application or service.
How we work with our partner agencies:
- Login.gov partners with government agencies to provide secure access to their website, application or service. The partner agency (e.g. United States Office of Personnel Management) selects the type of information we request from you.
- We ask primarily for information to authenticate your account and/or prove your identity.
- When you create a Login.gov account, you consent to share personally identifiable information (PII). The information that you need to share depends on the request of the partner agency.
- For authentication to establish a secure account, we need your name, email address, and an authentication method. Your authentication method could be a phone number where we share a SMS code, USB Security Key, or other options.
- Identity proofing requires more sensitive information such as a social security number, address, phone number, and U.S. based state ID or driver’s license.
- Images of your U.S. based state ID or driver’s licenses are retained in an encrypted format for two years. These images are only retrieved and decrypted upon the mutual determination of Login.gov and the partner agency, generally for law enforcement purposes due to suspected fraud.
- When completing identity proofing in person at the United State Postal Service (USPS) Office, we share your validated name and address with USPS so that clerks can confirm your identity in person.
- To safeguard from fraud such as account takeover and identity impersonation, Login.gov employs controls that assess risk through an examination of the device being used, the identity being proofed, and your behavior while interacting with the Login.gov site.
- When you visit Login.gov, we anonymously aggregate some data, which means that no individually identifying information is attached to it. We aggregate the pages visited, web browser type and version, and the length of the session to help us improve the Login.gov experience.For example, if you experience an error and we know your web browser type and version, we can better identify how to fix your issue.
- Your stored account information is encrypted at two levels. Encryption translates your data into code that is only accessible by you, the Login.gov account holder. This means you are the only one who can view and make changes to your account information.
- The Login.gov operators (i.e. our contact help center) cannot view your information or make any changes.
- Information is maintained in accordance with GSA’s Records Retention Schedule, GRS 03.2.
- IRS Services Only. When you access IRS services, Login.gov sends information about both successful and unsuccessful attempts during authentication and identity proofing, as well as any activities deemed to impact the security of your account. In contrast, Login.gov only sends successful attempts to other partner agencies. Each of these events is shared in a manner that only the IRS can access. Login.gov retains these events for no more than 168 hours and deletes event information once shared with the IRS. For further information as to how this attempts information is used by the IRS, please refer to the IRS’ Cybersecurity Data Warehouse Privacy and Civil Liberties Impact Assessment, CSDW PCLIA.