Thank you for visiting the Compliance Engine, a web tool of the National Association of Student Financial Aid Administrators (NASFAA). NASFAA uses electronic information to contact its members and other interested parties to provide information on national events related to the administration of financial aid as well as information on NASFAA events, services, and products. This notice explains NASFAA's information practices and how your information is collected and used on NASFAA's Web site and elsewhere.

Visitor Access
Visitors can view the NASFAA home page and many other Web pages without disclosing any personal information. Web site visitors who have NASFAA member benefits can access protected content by logging in to their member account. Passwords are provided either at the request of the member organization to which the visitor belongs or at the request of the individual. 

Use of Personally Identifiable Information
NASFAA collects personally identifiable information that non-member visitors may volunteer in the course of completing business transactions, including the purchase of products & services. It also collects personally identifiable information submitted by a member organization on its membership form or annual update about its employees who are entitled to receive member benefits. This information contains directory information about individuals employed by a member organization, and information about an individual's participation in certain NASFAA activities.

Personally identifiable information of individuals who have member benefits may be included in directories or other lists available to other persons having member benefits. Such directories are considered member benefits and a condition of using our service. Users may opt out of directory listing by logging into their member account and so indicating.

If NASFAA has personal data about you, the association will provide you with a readable copy of your data at no cost. To protect your privacy and security, NASFAA also will take reasonable steps to verify your identify before making corrections or releasing your information for review.  Factual errors in your personally identifiable information, including out-of-date information, can be corrected by sending us a request or updating your information online. Individuals can review their personal information in the NASFAA database by logging into their user account. 

Information contained in the membership database may on occasion be rented to other organizations for postal mailings. email addresses are never rented or provided to others. List purchasers must sign an agreement restricting the use of the mailing list information. Additional information and a copy of the mailing list rental agreement are available by contacting Membership Services.

NASFAA uses the information provided by individuals when using our online services to complete specific service transactions. For meeting registrations, a list of attendee names and addresses may be made available to meeting attendees, sponsors, and exhibitors; no other information is shared with outside parties except to the extent necessary to complete that registration.

For email correspondence not collected via online services on NASFAA's Web site, the association routinely uses the return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

Upon a user's selecting the option, NASFAA may use cookies to store an individual's email address and password so that the individual does not have to reenter this information each time he or she accesses a protected area of the Web site. Cookies are also used to track how visitors are using the Web site through the use of analysis software. No other personal data is stored in the cookie and NASFAA does not link nonpersonal information stored in cookies with personal data about specific individuals.

Opting Out of Communication
NASFAA distributes Today's News, a daily subscription service, and other classes of communications are considered member benefits and a condition of using our service. To unsubscribe from these, users should request the primary contact at the institution or organization to remove the member benefit from their account. Individuals can set their own temporary vacation stop by logging into your myNASFAA account, select the Demographic Information tab, and selecting the Vacation Stop option.

Promotional messages about products and services are a different class of communications and always offer an unsubscribe option in each message. Users can also opt out of specific topical messages using the opt out option included in each message. Opting out of topical messages does not prevent the delivery of promotional messages about other topics. Users may proactively stop any promotional messages by logging in to the myNASFAA account and selecting the promotional opt-out.

Our Commitment to Data Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, NASFAA has in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. Some general steps NASFAA takes to safeguard your information and online identity include:

Proactive monitoring and patching systems to protect the overall NASFAA technology infrastructure, including member data;

  • Regular upgrades to Microsoft software and our membership database;
    • iMIS, NASFAA's membership database and association management system, is certified PCI compliant to ensure credit card transaction are protected. iMIS securely stores email addresses and login passwords for member access;
    • Secure Socket Layer (SSL) security is loaded on the commerce component of, ensuring encrypted transmission of data across the Internet;
  • NASFAA's network security infrastructure actively scans and mitigates threats using a variety of methods;
  • An ongoing procedural review of our security presence as the landscape continually changes; and
  • Physical security via the presence of our key systems in audited, SSAE-16 compliant datacenter facilities.

Our Commitment to Children's Privacy
NASFAA never collects or maintains information at its Web site from persons known to be under age 13 without permission from a parent or other guardian.

Changes to this Privacy Notice
NASFAA reserves the right to change this privacy notice, effective when it is re-posted to the NASFAA Web site.

Questions or Comments About this Privacy Notice
If you have additional questions or concerns about this privacy notice, including implementation and administration, please call Membership Services at (202) 785-0453 Ext. 1 or email [email protected].