Privacy information
How your personal data from visiting our website, apps, and web services is collected, used, and shared
Welcome
Northeastern University (“University,” “Northeastern,” “we,” “us,” or “our”) is a U.S.-based institution of higher learning offering undergraduate, graduate, and continuing education programs, curriculum content, and services in a traditional campus setting and through our central websites Northeastern.edu and neu.edu (each a “Site”), and our mobile applications (“Apps”) (collectively, the “Services”).
I. Scope
This Privacy Policy describes the type of personal information that we collect as part of our Services, how we use, share and handle that information, and your choices concerning our privacy practices. Personal data/information (“Personal Information”) means any information related to you that identifies or can reasonably be used to identify you.
This Privacy Policy does not apply to personal data information subject to the university’s Policy Governing the Personal Information of Employees, Job Applicants, Contractors and Others Working with the University, which is available on the University Policies portal.
Specific departments, units, or functions: Other University departments’ websites and services may have additional privacy and data practices. The privacy and data practices of those sites and services may be further governed by supplemental privacy notices, and you should read any supplemental privacy notices available on the websites and services of the specific department, unit, or function you interact with for more information on their practices.
University-based or sponsored research: Likewise, additional and/or different practices may apply to personal information collected from participants in University-based or sponsored research studies or surveys that may be governed by a protocol approved by the Northeastern Institutional Review Board. When you participate in such research studies, you will be provided with an informed consent form which may describe the additional and/or different data practices and policies that will apply to the study and which may supersede the practices set out in this Privacy Policy.
For more information about this Privacy Policy and your rights under applicable law, please contact us at privacy@northeastern.edu.
II. What information do we collect?
We collect Personal Information that you voluntarily give us when you visit the Site, use the Apps or the Services to request information about our Services, inquire about or apply for admission to the University, enroll in one of our programs, inquire about or obtain financial aid, or participate in our alumni activities including fundraising. This data includes:
- Name, title, age, and date of birth
- Social Security Number (SSN) as required by law for applicants for admission and financial aid, the last four digits are required for sponsored network account applicants
- Northeastern University Identification (NUID) Number (as the student identification number and as an administrative system identifier for faculty and staff)
- Contact information including address, city, state, postal code, country of residence, email address, home, cellular and other contact telephone number(s)
- Campus address and telephone number
- Emergency contact information (names, phone numbers, and email addresses)
- Academic credentials
- Academic, leisure, or other interests
- Attendance at Northeastern University events
- Records of communications between you and the University
- Other information pertinent to your specific interests and activities at Northeastern
We also collect information you choose to provide to us when you complete any “free text” boxes in our forms (for example, support requests, blogs, or forums).
Additional information
We may collect other information to assist us in maintaining or managing our systems, diagnosing problems, assisting you with a help request, or performing investigations.
Testing companies
Our admissions departments, including for our lifelong learning network, purchase Personal Information from testing companies for use in identifying individuals who may be interested in applying for admission to the University or enrolling in a University course or program.
Automatically collected data
When you use the Services the following information is created and automatically logged in our systems:
- Log data: Information (“log data”) that your browser automatically sends whenever you visit the Site, or that the Apps automatically send when you use them. Log data includes your Internet Protocol (“IP”) address (so we understand which country you are connecting from when you visit the website), browser type and settings, the date and time of your request, and how you interacted with the Services. We may archive this information in anonymous form for historic records.
- Cookies: Our Site uses cookies and other technologies to make it easier for you to use the Services during future visits, to monitor traffic on our Site or Apps, and to personalize informational, educational, and other content. For more information, please see the “Cookies and other tracking technologies” section below for more about how we use cookies and similar technologies, and your choices with respect to them.
- Device information: Includes type of device you are using, operating system, settings, unique device identifiers, network information, and other device-specific information. Information collected may depend on the type of device you use and its settings.
- Carrier-related information: Collection of carrier-related information including the name of your wireless carrier, and IDs related to the cellphone hardware in your phone as well as the network to which the device is connected.
- Platform-specific identifiers: Such as Apple’s Identifier for Advertising and Identifier for Vendor, and Android ID or Android’s advertising identifier.
- Geolocation information: Including precise location data.
- Usage information: Types of content that you view or engage with, the features you use, the actions you take, the other users you interact with and the time, frequency, and duration of your activities.
Social network or third-party plug-ins or widgets
Our Services may include social network or third-party plug-ins or widgets that may provide information to their social networks or third parties about your interactions with our web pages, even if you do not click on or otherwise interact with the plug-in or widget. The information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. Please read the privacy policies of these sites before you visit them or use their tools to learn what information they collect, use, and share. We are not responsible for the privacy policies or data practices of social network or third-party sites or their party plug-ins or widgets.
III. How we use your information
We use your Personal Information for the purposes described below:
- To respond to queries about or process applications for admission to the University’s undergraduate and graduate programs, and enrollment in courses and programs
- To administer and assess our educational programs
- To fulfill public safety obligations to our students
- To deliver and administer your education, record the details of your studies (including any placements with external organizations for co-op or academic coursework taken at another institution), and determine/confirm your academic achievements (e.g., results, prizes)
- To administer the financial aspects of your relationship with us and any funders
- To enable your use of our facilities (e.g., IT, sport, libraries, accommodation, careers)
- To operate security (including CCTV), governance, disciplinary (including plagiarism and academic misconduct), complaint, audit, and quality assurance processes and arrangements
- To support your training, medical, safety, welfare, and religious requirements
- To compile statistics and conduct research for internal and statutory reporting purposes
- To fulfill and monitor our responsibilities under EEO, immigration, and public safety legislation
- To notify your designated emergency contact(s) of an emergency or crisis that may affect you and/or the University community
- To better understand how visitors interact with our Site (including through the use of cookies and similar technologies) and ensure that our Site is presented in the most effective manner for you
- To send you updates and information about our new programs and services, upcoming events, or other promotions or news. Where required by law, we will only send you marketing information if you consent to us doing so at the time you provide us with your Personal Information. You may opt out of receiving such communications by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, please contact us at privacy@northeastern.edu.
- If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfill your request, we will retain basic data to identify you and prevent further unwanted processing
- To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our IT systems, architecture, and networks
- To (a) comply with legal obligations and legal process; (b) respond to requests from public and government authorities including public and government authorities outside your country of residence; (c) enforce our terms and conditions; (d) protect our operations; (e) protect our rights, privacy, safety or property, and/or that of you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain.
We use your information described above to fulfill contractual and legal obligations to applicants and students; perform tasks we carry out in the public interest to promote access to higher education, and inform prospective students, parents, and the public of the educational opportunities at Northeastern.
We consider the processing of your Personal Information for these purposes to be either (i) necessary for the performance of our contractual obligations with you (e.g., to manage your student experience and welfare while you are enrolled at or employed by Northeastern), or (ii) necessary for compliance with a legal obligation (e.g., nondiscrimination monitoring), or (iii) necessary for the performance of tasks we carry out in the public interest (e.g., teaching and research), or (iv) necessary for the pursuit of the legitimate interests of the University or a third party (e.g., to enable your access to external services).
If we require your consent for any specific use of your Personal Information (such as for marketing activities, where required by the law), we will collect it at the appropriate time and you can withdraw this at any time. In the limited circumstances where we might use Personal Information to carry out wholly automated decision-making that affects you, we will inform you of the automated processing at the point where any such data is collected.
IV. How we share and disclose your information
Except as otherwise described in this Privacy Policy, we do not sell, rent, or share your Personal Information with third parties.
Sharing and disclosure outside Northeastern
We may share your Personal Information in the following circumstances:
- Vendors and service providers: To assist us in meeting business operations needs and to perform certain services and functions your Personal Information may be shared with third-party providers of hosting, email communication and support services, analytics, marketing, advertising, administrative and technical services (including Amazon Web Services and Google in the United States), providers of degree verification services and electronic transcript for delivery. Following our instructions, these parties may access, process, or store Personal Information in the course of performing their duties for us. They are contractually prohibited from using or sharing your Personal Information for any purpose other than providing their services to us.
- Legal requirements: If required to do so by law pursuant to valid legal process, applicable regulation or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, and/or those of you or others, (iii) act in urgent circumstances to protect the personal safety of you or others, or the public, or (iv) protect us against legal liability.
Sharing and disclosure within Northeastern
Your Personal Information may be shared with other departments and business units at the University for the purposes described in this Privacy Statement, notably for delivery, personalization, and improvement of services at Northeastern and other departments and business units. This may be necessary to satisfy local, state, and federal laws and regulations or in furtherance of our and our departments’ and units’ legitimate interests in providing and improving educational services, furthering the advancement of knowledge through research and academic pursuits, and providing employment opportunities in connection with operating a large University.
V. Cookies and other tracking technologies
We and our partners use certain technologies to collect information about your use of our Services, in order to operate the Services, conduct analytics, improve your user experience, and engage in advertising activities.
Cookies
Our Site use ‘cookies,’ which are text files placed on your device when you visit a site and help us understand how you use our Site. Some cookies remain on your computer after you leave the Site (these are called ‘persistent’ cookies). Others are deleted automatically when you close your browser, and others simply expire (these are called ‘session’ cookies). For more details on cookies, please visit All About Cookies.
General information about cookies
A cookie can collect a range of information about your visit to our Site. Cookies are commonly used to store preferences you’ve selected, such as privacy settings and whether you are logged in. Cookies can compile information about your browsing habits. For the most part, cookies enhance your experience of our Site by preventing the need for you to select the same options each time you visit. A cookie can also be used to serve you advertising targeted to your particular interests based on the preferences you’ve selected or the content of the pages you have visited.
The University uses cookies to operate the Site, enhance and secure the user’s experience on our Site and to provide tailored information about our programs, content and services. We also use cookies to collect online information, such as your mobile device ID, IP address, and other information about your device, as well as how you are using our Site (e.g., pages viewed, links clicked, documents downloaded).
How we categorize our cookies
We categorize the cookies we use into the following categories:
- Required: used to operate the core functionality of the Site and provide users with the Services available through our Site, including log-in and access to secure areas. These cookies are necessary for using and navigating the Site, and without them, basic functions of our Site would not work.
- Functional: used to better understand the behavior of the users on our Services and improve the functionality and performance of the Site and our Services accordingly, for example by making sure users are finding what they need easily.
- Advertising: we may use cookies from third parties that enable such parties to serve ads to you on this Site or third-party sites based on your visit to our Site. These third parties do collect certain information as a result of their JavaScript “tags” and other technologies such as web beacons or pixels being used on our Site. The information that they collect includes the names of web pages you view (URLs), unique identifiers, your IP address, timestamp, and certain types of technical information about your device. These third-party cookies may be blocked as described in the “Your privacy choices” section below.
Related technologies
Local shared objects (“Flash” cookies) are associated with non-browser software like Flash Player. Local shared objects can be used like cookies to distinguish your device from others, but will not be deleted or blocked using browser cookie controls. Please visit adobe.com to learn how to delete and block Flash cookies.
HTML5 local storage enables browsers to distinguish your device from others and remember data that may be important for the functioning of the website. Typically, HTML5 local storage is only deleted if all internet history, cache, and cookies are deleted. Please check your browser software for how to delete HTML5 local storage.
E-tags are used to prevent duplicative downloading of content to your browser, which can enhance browser performance. E-tags use unique identifiers for content that can also be used to distinguish your browser in certain instances from others. Typically e-tags are only deleted if all internet history, cache, and cookies are deleted. You should check your browser software for how to delete e-tags in your particular case.
Related technologies
Our mobile applications may also collect the following information for features, services, advertising, or analytics:
- device identifiers, such as Android ID, MAC address, or UDID
- geolocation, including precise geolocation
Sharing cookies and technical information with third parties
We have relationships with authorized third-party providers whose services are accessed through the Employee Hub portal or other University website. We may automatically send one or more of your cookies to the third-party site or service to enable you to access third-party services without reentering your Employee Hub user ID and password, or other required information, each time.
Your privacy choices
Our cookie preference management tool (available via the “cookie preferences” link in our Site footer) allows you to control what Functional and Advertising cookies are placed on your browser. In other words, you can block all cookies that are not required for website operation. Because Required cookies are required for the functioning of our Site, they are not able to be blocked.
Depending on the jurisdiction in which you reside, you may be presented with a banner at the bottom of the University’s site when you arrive that asks for your consent for the placement of cookies that are not Required. This is true in the United Kingdom, the European Union, and certain other jurisdictions. In such cases, if you do not affirmatively consent, then only Required cookies will be placed on your browser. In all cases, you can manage your cookie preferences by clicking on the link to “cookie preferences” located in the footer of our Site.
In addition, on most web browsers, you will find a “help” section on the toolbar. Please refer to that section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
- Internet Explorer
- Mozilla Firefox
- Google Chrome
- Apple Safari
VI. Security
We take reasonable administrative and technical steps to protect the Personal Information from loss, misuse and unauthorized access, disclosure, alteration, or destruction and, where feasible, systems that solicit or display personally identifiable information are protected by authentication and authorization controls and web-based experiences involving personal information are generally secured by SSL (Secure Sockets Layer protocol) with 128-bit encryption. However, no method of transmission over the internet is 100% secure. Therefore, while we strive to protect your data, we cannot guarantee its absolute security.
VII. Retention
We will keep your Personal Information pursuant to our retention schedules which authorize retention for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g., for tax, legal, accounting, or other purposes), whichever is the longer.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.
To determine the appropriate retention period for your Personal Information, we will consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we use your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances, we may anonymize your Personal Information so that it can no longer be associated with you, in which case it is no longer Personal Information.
VIII. Update your information
If you need to change or correct your Personal Information, or wish to have it deleted from our systems, you may contact us. We will address your request as required by applicable law.
IX. European Union/UK individuals
This section applies to individuals residing in the EU (solely for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein, and Norway as well as Switzerland) and the United Kingdom. Please read below for important information on your rights with respect to the Personal Information we hold about you.
Data controller
Northeastern University is the data controller for your Personal Information, and you contacted us for questions, complaints or to exercise your rights at the Office of General Counsel located at 716 Columbus Avenue, Suite 301, Boston, MA 02115 and also at privacy@northeastern.edu.
Your rights
Subject to applicable law, you may have the following rights in relation to your Personal Information:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Information and, if so, provide you with a copy of that Personal Information along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Information is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Information with others, and if you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so you can contact them directly.
- Right to erasure: You may ask us to erase your Personal Information in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable). If we shared your information with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or “block” the processing of your Personal Information in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Information with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Information from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Information in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Information, and we will do so:
- If we are relying on a legitimate interest (described under the “How We Use Your Information” section above) to process your Personal Information—unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your Personal Information for direct marketing.
- Rights in relation to automated decision-making: You have the right to be free from decisions based solely on automated processing of your Personal Information, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
- Right to withdraw consent: If we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Information, you can report it to the data protection authority that is authorized to hear those concerns.
Legitimate interest
Legitimate interest means our interest in conducting our business as an institution of higher education, and managing and delivering our Services to you. This Privacy Policy describes when we process your Personal Information for our legitimate interests, what these interests are, and your rights. We will not use your Personal Information for activities where the impact on your rights overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law.
X. Publicly posted information
This Privacy Policy does not apply to any information you elect to post to any public areas of the Site. This includes, but is not limited to, comments to Northeastern University blogs or forums. Comments posted to public areas may be viewed, accessed, and used by third parties subject to those third parties’ privacy practices and policies.
XI. Links to other websites
The Website and Apps may contain links to other websites not operated or controlled by us (“Third-Party Sites”), including social media websites and services. We are not responsible for the privacy policies or data practices of such sites. By providing these links we do not imply that we endorse or have reviewed these sites. Please read the privacy policies of these sites before you visit them to understand their privacy practices and policies.
XII. Do not track
Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Our website does not alter its behavior or change its services when it receives a “do-not-track” flag or signal from your browser.
XIII. Forwarding email: Students’ private email addresses
If you forward email from your University-assigned email address to a private (non-Northeastern University) email address, we may send email to either or both addresses. We may also share your private email address with service providers inside and outside the University.
XIV. Exercising your rights
If you have any questions or complaints related to the handling of your Personal Information or you would like to exercise rights that you may have under applicable law (such as the right to access or remove your Personal Information stored in Northeastern University systems, you may exercise these rights by contacting the Northeastern Chief Privacy Officer via email at privacy@northeastern.edu or in writing to:
Chief Privacy Officer
Northeastern University
716 Columbus Avenue, Suite 301
Boston, MA 02115 USA
In order to process your compliant or request, you must include the following information:
- your name and role (applicant, student, or employee);
- contact information, including your email and postal addresses;
- the nature of the compliant or request (e.g., is it related to access, correction, deletion, restriction, portability, consent, automated decision making);
- the item(s) of information with respect to which you wish to exercise your rights);
- the reason for the complaint or request; and
- the names and correspondence with any University staff with whom you may have already engaged about the subject matter of the complaint or request.
Please note that there are some instances where the University may deny a request to access or remove information in accordance with applicable law. The University will generally respond to requests no later than sixty (60) days after receipt, unless a shorter time period is provided under applicable law. If a request is denied, we will send a written explanation explaining the reason for the denial and a notification of your right to file a written statement of disagreement. The University may also provide a right to have the denial reviewed. If the University is unable to act within the earlier of sixty (60) days or the time period under applicable law, we may extend that time by no more than an additional thirty (30) days. If we need to extend this time, we will notify you of the extension and the date by which we will complete action on your request.
XV. Children
Northeastern University does not knowingly solicit or collect Personal Information from users under the age of 13. If you believe we have inadvertently collected information about a child under 13 through this Site or the Services, please contact us at privacy@northeastern.edu and we will endeavor to delete the information.
Changes
This Privacy Policy is subject to change at any time, and the revision date will be noted here. We encourage users to regularly review the Privacy Policy for any changes. We will notify you if we make any material changes, pursuant to the applicable law. The most recent changes to this Privacy Policy occurred on March 31, 2025.