Privacy Statement

This Privacy Statement describes how Harvard University gathers and uses personal information about individuals through Harvard University Authentication applications managed by Harvard University Information Technology (HUIT), which include the HarvardKey authentication service, the HarvardKey Self-Service application, and the XID Self-Service application. In this Privacy Statement, “HarvardKey” refers only to these HUIT-managed applications.


This Privacy Statement applies to all users of these HarvardKey applications with HarvardKey accounts, regardless of relationship to Harvard.  

Information Gathering

Personally identifying information about users that may be collected by Harvard through HarvardKey (“Personal Information”) includes:

  • Login IDs, passwords, whether two-step verification is required, account claim status and date claimed.
  • User’s name, date of birth, last 4 digits of social security number, email addresses, ID card image, directory privacy preferences.

Personal information collected by Harvard also includes data related to use of the HarvardKey application, and identifiers or other information about a user’s Harvard affiliation or status.

Harvard also collects log files of the IP addresses and browsers of computers accessing the application and the pages visited.

Use of Information

Personal Information is used to prove a user’s identity in order to authorize access to various resources or files, or to match a user’s identity to an existing account in an effort to avoid issuing multiple credentials to the same user. Harvard also may use Personal Information to send an emergency message to all users, to communicate with users in the case of an information security event, to secure users’ access, and to help users change passwords or transact other self-service requests.

Harvard may review users’ IP addresses and data on the files and resources they access to administer HarvardKey and to provide technical support and help diagnose problems. Harvard may use and retain email or other communications to staff in order to process inquiries, respond to requests, and improve services.

Other uses of Personal Information by Harvard are described in other parts of this Privacy Statement.

Sharing of Information

Harvard may transmit a user’s Personal Information to other systems that are integrated with HarvardKey, including certain third-party systems, to enable the user to access a service or resource. Information routinely shared with these systems (for those without FERPA blocks) is name, email address, unique identifier IDs, and role.

The HarvardKey applications may also contain links to other websites.

Harvard may also share Personal Information with other service providers in connection with data uses described in this Privacy Statement.

Each such third-party provider may have its own privacy policy.  Harvard is not responsible for the privacy practices of such third parties or the content of such websites.

Other sharing of Personal Information by Harvard is described in other parts of this Privacy Statement.

In addition, Harvard may share and disclose Personal Information if Harvard believes that doing so is necessary or appropriate to: satisfy any applicable law, regulation, legal process or governmental request; investigate compliance with or enforce this Privacy Statement or any acceptable use policy for HarvardKey; detect, prevent or otherwise address fraud, security or technical issues; or protect, defend or enforce the operations, property, rights and safety of users, Harvard, Harvard affiliates, or others.

Cookies and Related Technologies

Harvard may use cookies and related technologies (“Cookies”) to gather information when users navigate through HarvardKey, in order to enhance and personalize the experience, to help provide services available through HarvardKey, to analyze website usage, and to help improve the websites and our related services. To find out more about cookies, visit

You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies or you can opt out of the collection and use of some Cookies through tools like the Network Advertising Initiative opt-out page. If you disable or delete certain Cookies in your settings, you may not be able to use features of our websites.

We may use third party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects information using Google Analytics, please see ,  and for how to  opt out, please see

The opt-outs described above may not work for all browsers or devices.

Information Protection

There are security measures in place to help protect against the loss, misuse, and alteration of the personal information under Harvard’s control. No data transmission, processing, sharing or storage by any party can be guaranteed to be completely secure.

Contact Information

Please contact with any questions or concerns about this Privacy Statement or the practices of the HarvardKey applications.   

Users Located in the European Economic Area and the United Kingdom

If you are located in the European Union, Iceland, Liechtenstein or Norway (the European Economic Area) or the United Kingdom, please see for Harvard’s Additional EEA Privacy Disclosures. 

Changes to this Privacy Statement

This Privacy Statement may be amended from time to time. Any such changes will be posted on this page. This Privacy Statement was last updated on May 19, 2021.