GSA/code-gov-front-end

# Protecting Privacy and Security

Protecting the privacy and security of individuals’ personal information is very important to us. We do not collect any information that directly identifies you when you visit Code.gov unless you choose to provide that information by contacting us. However, the website may collect a limited amount of information about your visit for the purposes of website analytics and customization. Please read this notice to understand what we do with the limited amount of information about your visit that we may collect.

## Information Collected and Stored Automatically

We collect limited information about visits to Code.gov. This information is used to measure the number of visitors to the various sections of our website and to identify performance or problem areas. We also use this information to help us develop the site, analyze patterns of usage, and to make the site more useful. We do not share or sell visitor data for the purposes of advertising, marketing, or any other commercial purpose. This information is not used for associating search terms or patterns of site navigation with individual users.

The information that is automatically collected and stored concerning your visit includes: 1) the domain from which you access the Internet (i.e., HHS.gov if you are connecting from a HHS account, or GMU.edu if you are connecting from George Mason University’s domain); 2) the date and time of your visit; 3) your location, as approximated by GPS, and other sensors; 4) the type of device you used to access Code.gov (i.e., mobile or desktop); 5) the operating system of the device you used to access Code.gov; 6) the pages you visit on Code.gov; 7) the Internet address of the website you came from if it linked you directly to Code.gov; and, 8) any search terms that you may enter when searching Code.gov.

## How Code.gov uses Cookies

When you visit a website, its server may generate a piece of text known as a “cookie” to place on your device. The cookie, which is unique to your browser, allows the server to “remember” specific information about your visit while you are connected.

There are two types of cookies – single session (temporary) and multi-session (persistent). Single session cookies last only as long as your Web browser is open. Once you close your browser, the session cookie disappears. Persistent cookies are stored on your device for longer periods. Both types of cookies create an identifier that is unique to your device. The Office of Management and Budget Memorandum M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies, allows Federal entities to use both session and persistent cookies to improve the delivery of services.

Session Cookies: We may use session cookies for technical purposes, such as to allow better navigation through our site. These cookies let our server know that you are continuing a visit to our site. Our use of session cookies qualifies as “Usage Tier 1–Single Session,” as defined in the OMB M-10-22 guidance.

Persistent Cookies: We may use persistent cookies to understand the differences between new and returning visitors to Code.gov. Persistent cookies remain on your device between visits to our site until they expire or are removed by the user. Our use of persistent cookies qualifies as “Usage Tier 2–Multi-session without personally identifiable information,” as defined in the OMB M-10-22 guidance. The policy states, “This tier encompasses any use of multi-session Web measurement and customization technologies when no [personally identifiable information] is collected.” We do not use persistent cookies to collect personally identifiable information.

If you do not want to accept cookies, you can edit your browser’s options to stop accepting persistent cookies or to prompt you before accepting a cookie from the websites you visit.

## Google Analytics

Code.gov participates in the U.S. Digital Analytics Program, (DAP) which utilizes a unified Google Analytics account for Federal agencies. This program helps Federal agencies understand how people find, access, and use government services online.

The DAP is a hosted shared service provided by the General Services Administration’s (GSA’s) Technology Transformation Services, and the protocol and information collected are the same for all websites participating in the DAP. As a participant in GSA’s DAP program, this website’s Google Analytics traffic data is automatically reported to GSA.

Google Analytics is a third-party web measurement and customization technology as defined in OMB M-10-22 (PDF).

Here is how it works: Google Analytics sets one or more cookies on your computer so that it can recognize your computer if you visit the Code.gov website in the future. These cookies do not collect personally identifiable information. This is considered a Tier 2 usage, as defined in the OMB guidance.

Google Analytics does not collect personally identifiable information through its cookies. The program does not track individuals and anonymizes the IP addresses of visitors. Common Questions about DAP (FAQ) provides more information about how IP addresses are anonymized. According to GSA’s Common Questions About DAP, “none of the federal government data tracked as part of the Digital Analytics Program will be shared with or available to Google’s corporate advertising partners.”

A limited number of authorized individuals will have user accounts that will allow them to log in to the Google Analytics dashboard and view or run reports regarding visits to Code.gov and the other web metrics available from the DAP.

Visitors who choose to disable this web measurement tool will still have full access to Code.gov. While the details vary from browser to browser, most modern browsers can be set up to accept, reject, or request user intervention when a site asks to set a cookie.

[View web metrics information](https://analytics.usa.gov/).

## Contacting the Code.gov Program Office

Users of this website may send the Code.gov program office feedback or report an issue by sending an email to code@gsa.gov. If you choose to send us your personally identifiable information, we will only use that information to respond to your message. We only share the information you give us with another government agency if your question relates to that agency, or as otherwise required by law. Code.gov never collects information or creates individual profiles for the purposes of advertising, marketing, or any other commercial purpose. When you contact us, any personally identifiable information you provide is voluntary. Please do not include sensitive personally identifiable information or other sensitive information in the content of your email.

## Children and Privacy on Code.gov

We believe in the importance of protecting the privacy of children online. The Children’s Online Privacy Protection Act (COPPA) governs information gathered online from or about children under the age of 13. This site is not intended to solicit or collect information of any kind from children under age 13. If you believe that we have received information from a child under age 13, please contact us at code@gsa.gov.

## Security

This website was built with code hosted on GitHub, Inc. [GitHub](https://help.github.com/articles/github-terms-of-service/) and designed to enable the rapid deployment of government websites in a secure and readily accessible environment.

The terms of service applicable to Federal users of GitHub states that it “will, in good faith, exercise due diligence using generally accepted commercial business practices for IT security, to ensure that systems are operated and maintained in a secure manner, and that management, operational and technical controls will be employed to ensure security of systems and data. Recognizing the changing nature of the Web, GitHub will continuously work with users to ensure that its products and services are operated and maintained in a secure manner. GitHub agrees to discuss implementing additional security controls as deemed necessary by the Agency to conform to the Federal Information Security Management Act (FISMA), 44 U.S.C. 3541 et seq.”

We encourage you to visit [GitHub](https://help.github.com/articles/github-terms-of-service/) if you have additional questions about the service.

## Linking Policy

The pages on Code.gov may include hypertext links or pointers to information created and maintained by other public and private organizations. GSA provides these links and pointers solely for our visitors' information and convenience. When visitors select a link to an outside website, they are leaving the Code.gov site and are subject to the privacy and security policies of the owners/sponsors of the outside website.

The inclusion of links and pointers to websites is not intended to assign importance to those sites or to the information contained on those sites. It is also not intended to endorse or recommend any views expressed or products or services offered on these sites. GSA does not control or guarantee the accuracy, relevance, timeliness or completeness of information contained on a linked website. GSA does not endorse the organizations sponsoring linked websites, and does not endorse the views they express or the products/services they offer. GSA cannot authorize the use of copyrighted materials contained in linked websites. Visitors must request such authorization from the sponsor of the linked website. GSA is not responsible for transmissions visitors receive from linked websites. GSA does not guarantee that outside websites comply with Section 508 (Accessibility Requirements) of the Rehabilitation Act.

## Questions about these policies

Write to the Code.gov program office at: [code@gsa.gov](mailto:code@gsa.gov).