The short answer is: We use bank-level data encryption methods and best-in-class data storage solutions, to keep your data safe. And we never sell your FAFSA® data on to any third parties.
Here's the detailed version:
Our servers and databases are hosted on Amazon Cloud (part of Amazon Web Services (AWS)), which meets the requirements of the most security-sensitive organizations. For more details on certifications, laws, regulations, and privacy on AWS, please see: https://aws.amazon.com/compliance/.
AWS has a range of security features such as firewall, malware detection, antivirus, and access controls that we have deployed to ensure user privacy is not compromised.
In addition, the AWS infrastructure has audit-friendly service features with applicable compliance or audit standards. Other users of AWS include Capital One and NASA.
Encryption and storage:
Our data storage applies full disk encryption, split knowledge, and dual control of keys to ensure maximum security and to meet PCI compliance.
All network communications with our cloud are encrypted by a secure network transport layer. This provides end-to-end encryption and integrity checks on all communication between the user and Going Merry.
Internal access controls
We have access control policies in our software that ensure that nobody can access our database from the public internet. That is, only authorized users can access personally identifiable information (PII).
Further, all activity on our site is internally audited so we know who has accessed and updated information.
Want more info, or have additional questions?