The short answer is: We use bank-level data encryption methods and best-in-class data storage solutions, to keep your data safe. And we never sell your FAFSA® data on to any third parties.

Here's the detailed version:

Infrastructure:

  • Our servers and databases are hosted on Amazon Cloud (part of Amazon Web Services (AWS)), which meets the requirements of the most security-sensitive organizations. For more details on certifications, laws, regulations, and privacy on AWS, please see: https://aws.amazon.com/compliance/.

  • AWS has a range of security features such as firewall, malware detection, antivirus, and access controls that we have deployed to ensure user privacy is not compromised.

  • In addition, the AWS infrastructure has audit-friendly service features with applicable compliance or audit standards. Other users of AWS include Capital One and NASA.

Encryption and storage:

  • Our data storage applies full disk encryption, split knowledge, and dual control of keys to ensure maximum security and to meet PCI compliance.

  • All network communications with our cloud are encrypted by a secure network transport layer. This provides end-to-end encryption and integrity checks on all communication between the user and Going Merry.

Internal access controls

  • We have access control policies in our software that ensure that nobody can access our database from the public internet. That is, only authorized users can access personally identifiable information (PII).

  • Further, all activity on our site is internally audited so we know who has accessed and updated information.

Want more info, or have additional questions?

Did this answer your question?