Digital Privacy Statement

Responsible Office: Information Services and TechnologyEffective Date: September 2017

This Digital Privacy Statement explains information gathering and use practices for websites on the domain,, and Boston University’s other digital properties, such as BU mobile applications (each a “Site” and, collectively, the “Sites”).  The Sites are controlled by Trustees of Boston University (the “University”).  The University is committed to the online privacy of its visitors to and users of the Sites.

The types of information that the University collects may vary depending on the Site you visit or application you use.  As a result, if a Site has its own privacy statement posted, such privacy statement supersedes this Digital Privacy Statement.  Some examples include the Privacy Policy for BU Crowdfunding, BUSM CME Privacy Statement, and the BU Alumni Association Privacy Policy.

Related BU Policies

The University maintains other policies which relate to this topic, including but not limited to:

Information Collection & Use

Information Gathered Automatically

When you visit a Site, the University may collect and store digital information sent by your web browser, such as IP addresses (i.e., the internet address of your computer or device), geolocation, the web browser used for the connection, the device operating system, unique device identifiers, and other digital property, such as pages visited, length of visit, and terms searched.  The University does not link IP addresses or cookies to any personally identifiable information.

In connection with protecting the University’s electronic assets, the University routinely monitors its network for signs of malicious activity.  While the University may investigate malicious activity, the University does not store personally identifiable information related to normal use of its network other than as described in this Statement and the Policy on Network Security Monitoring

In addition, the University uses cookies, which are text files placed on your device to evaluate usage patterns, so that the University can improve both content and distribution.  The information can also be used to establish continuity between requests, to personalize a site to your preferences, to authenticate your log-in, to analyze web traffic, to monitor and ensure the security of the network, and to help diagnose problems with the University’s servers.  You may refuse the use of cookies by selecting the appropriate settings on your browser; however if you do this, you may not be able to use the full functionality of the Sites.

Many Sites use Google Analytics, which is a web analytics service provided by Google, Inc. (“Google”).  Google Analytics uses persistent cookies to analyze how users use a site.  The information generated by the cookie about your use of a Site (including your IP address) will be transmitted to and stored by Google. Google will use this information for the purpose of evaluating your use of the Site, compiling reports on Site activity for the University and providing other services related to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where the third parties process the information on Google’s behalf.  Google will not associate your IP address with any other data held by Google.

By using the Sites, you consent to Google processing of data about you in the manner and for the purposes set out above.  Please visit the following pages for more information about Google Analytics Terms of Service and Google’s Privacy Practices.

Information you provide

The University does not collect personally identifiable information about you when you visit the Sites unless you voluntarily provide us with that information.  The University may request personally identifiable information from you if, for example, you ask a question, request to be contacted, request information for a particular program or activity, sign up for a mailing list, request access to a protected portion of a Site or make a payment.

Back to Top

Information Security

The University has implemented reasonable physical, technical, and administrative procedures to safeguard and secure information it collects online against unauthorized disclosure, loss, or misuse, in accordance with the Data Protection Standards Policy.  Under that Policy, the University has classified data according to its sensitivity, and set requirements for protection accordingly.

The University cannot provide an absolute guarantee as to the security of any information transmitted through its website or digital properties.

Information Sharing

The University will share information about you with third-parties only to the extent necessary to provide the University web services or in circumstances where the University reasonably believes that doing so is necessary or appropriate to: satisfy any applicable law, regulation, legal process or governmental request; investigate compliance with or enforce University policies; detect, prevent or otherwise address fraud, security, or technical issues; or protect the rights, property or safety of the University, its faculty, staff, and students or others.  The information referred to in this section may include personally identifiable information.  In addition, the University may share with third-parties information about the use of the Sites that is aggregated or anonymized so that it does not identify any individual user.

Digital Advertising

The University may contract with third-party vendors to show University advertisements on websites and digital properties that are not controlled by the University.  The University and third-party vendors with whom the University contracts may use cookies and web beacons to serve ads based on your prior visits to the Sites and to assess the effectiveness of those ads.

In addition, the University may allow prospective students and others to provide their personal contact information to the University through these digital ad platforms.  The University treats such information in accordance with this Digital Privacy Statement.

Retention of Information

The information collected through the Sites is retained in accordance with the University’s Record Retention Policy and the Policy on Network Security Monitoring.

Third Party Websites

The Sites may link to websites that are not controlled by the University (“Third Party Sites”).  The University is not responsible for the privacy practices or content of Third Party Sites.

Children’s Privacy

The Sites’ content is not intended to attract children under 13 years of age and the University will not knowingly collect personal information from children under 13 years of age.  If you are under 13 years of age, you should not use the Sites.

Changes to this Digital Privacy Statement

The University may modify this Digital Privacy Statement.  All changes will be made directly to this webpage and will be effective on the date posted.


Questions about this Statement should be directed to Information Security,

Back to top