Privacy Policy

Main Content

Cybertrust Certified Logo

The Pennsylvania Higher Education Assistance Agency, also conducting operations as American Education Services and FedLoan Servicing ("PHEAA"), is committed to safeguarding the privacy and confidentiality of your personal information. We are required by Federal law to tell you how we collect, share and protect your personal information. Please read this Privacy Policy carefully to understand what we do.

This Privacy Policy applies to individuals whose loans have been made or are owned by PHEAA, or whose loans are guaranteed by PHEAA but owned by another entity. If your loans are serviced by PHEAA, but owned or guaranteed by a lender or guarantor other than PHEAA we will comply with that lender's or guarantor's privacy policy with respect to personal information about you that we receive through our relationship with that lender or guarantor.

Section 1. Information We Collect and Share

We collect and share personal information about you in order to identify you as our customer, to establish and manage customer accounts, to complete customer transactions, to provide information to you about our products and services, and to comply with legal and regulatory requirements. Examples of the types of personal information that we collect:

We collect personal information about you from sources that include, but are not limited to:

We may share all of the information we collect, as described below.

Section 2. Disclosure of Personal Information

All financial companies need to share their customers' personal information to run their everyday business. Below, we explain how and why we may share your personal information.

We do not disclose personal information about our customers or former customers, except as permitted or required by law. For example, PHEAA shares your personal information in the delivery of our financial products and services to you in the following circumstances:

Additionally, PHEAA sometimes shares your personal information with nonaffiliated vendors that perform services on our behalf, for example, printing services, software programming, or loan collection support. PHEAA provides these vendors with only the information needed to perform that particular service. Before representatives of these vendors receive such information, we require that they sign an agreement to keep all personal information confidential. These vendors may not use this information for their own purposes.

PHEAA may share your information with nonaffiliated vendors that market PHEAA products and services to you. Generally, we only provide these vendors with customer contact information, although we might provide limited account information in some circumstances, such as account balances or status, payment amount or transaction history. Such nonaffiliated marketers must agree via contract with PHEAA to keep your information confidential and to use the information only to market PHEAA products and services.

In compliance with United States Department of Education requirements under the Higher Education Act, PHEAA is required to collect and disclose the Social Security Numbers of applicants for Federal student loans. The primary use of this information is to verify customer identity, determine program eligibility and benefits, permit the servicing of financial aid, and certify attendance and status at an approved higher education institution. Disclosure of your Social Security Number is mandatory for participation in Federal student loan programs under the Higher Education Act. For information on how the Department of Education treats the privacy of Social Security Numbers, please link to the following website to see the Department of Education's privacy policy:

Finally, consistent with student loan industry practice, PHEAA shares customer information with industry aggregators for the benefit of students. Such industry aggregators include the National Student Clearinghouse1, ELM Resources2, and Meteor™ 3.

Consistent with the Children's Online Privacy Protection Act (COPPA), PHEAA will not knowingly collect or retain information submitted by children under the age of 13. If PHEAA learns that we unknowingly collected personally identifying information from children under 13 years of age, we will immediately take all reasonable measures to delete the information from our computer systems and all other data systems.

Section 3. Data Security

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law and regulations. These measures include computer safeguards and secured files and buildings. We restrict access to nonpublic personal information about you to those employees who we have determined have a legitimate business need for the information in order to provide our products and services.

Section 4. Online Privacy Practices

PHEAA protects the privacy of your personal information on our websites using the same standards and care that we utilize for all PHEAA communications and transactions.

PHEAA does not automatically collect personal information from visitors to our websites. However, we may automatically collect and store certain data from all website visitors, for example, the name of the domain and host from which the visitor accessed the Internet, the Internet Protocol (IP) addresses of computers and browser software used to access a PHEAA website, the date and time the visitor accesses PHEAA websites, and the Internet address of the website from which a visitor links directly to a PHEAA website. We may also use HTML encoding to record aggregate information about the usage of PHEAA websites and whether emails that we send have been accessed or acted upon.

PHEAA uses cookies to enhance the delivery of products, services, and information on PHEAA websites. A cookie is a small file that a website transfers to a visitor's computer hard drive to remind our website about the visitor when they return to our site. Cookies enable PHEAA to protect your personal information by ensuring that only your web browser may exchange information regarding your account with PHEAA servers, and by automatically terminating an online session if you forget to log out. Cookies also assist PHEAA in verifying your identity when you attempt to log into your PHEAA online account, and help us to understand how you use our websites. You can set your browser to notify you before accepting a cookie, so that you can decide whether to accept or reject the cookie.

PHEAA provides links from its websites to other vendors and third parties. Because PHEAA cannot guarantee how these third parties use or collect personally identifying information, you are encouraged to fully review the privacy statements of these other websites to determine whether or not your use of these websites comports with your desire to maintain the privacy of personally identifying information.

Section 5. How to Contact PHEAA

If you have questions, concerns, or if you desire additional information concerning the PHEAA Privacy Policy, please contact PHEAA using the following email address:


Section 6. Changes to Our Privacy Policy

This Privacy Policy replaces all prior Privacy Policies issued by PHEAA. We reserve the right to modify our Privacy Policy at any time. We will notify you if we make changes to our Privacy Policy that significantly impact how we collect, use or protect your personal information. In addition, our current Privacy Policy may be viewed at any time on our websites:;;


  1. The National Student Clearinghouse is a source for post-secondary student degree and enrollment verification.
  2. The ELM Resources system provides students, schools and lenders with automated Federal Family Education Loan Program (FFELP) and alternative loan data, processing, and information.
  3. MeteorTM is a collaborative effort to provide financial aid professionals and students with online aggregated financial aid award information from various industry participants.


Originally Adopted: February 2, 2001

Date Last Modified: September 2, 2010