Close Notification Bar
Skip to main content Skip to footer site map
Site Search Form
Exit Search

Keeping Your Information Safe and Secure

Last Updated: February 2026

Online Privacy & Security Policy

This Online Privacy & Security Policy (“Policy”) describes how NASA Federal Credit Union (“Credit Union,” “we,” “us,” or "our,") collects, stores, uses, discloses and otherwise processes Personal Information (defined below) about you when you visit or use our website located at www.nasafcu.com, including the subpages controlled by us, our mobile applications, and other online services (collectively, “Online Services”). This Policy also describes how we use and share such information and explains rights you may have under applicable laws. Please read this Policy carefully to understand our practices regarding your Personal Information and how we will treat it.

What This Policy Does Not Cover

This Policy does not apply to non-NASA Federal Credit Union companies, such as our partners or any third-party websites that we link to online through our Online Services. Please review the privacy policies of other websites and services you visit to understand their privacy practices. 

Other Important Resources

Select the following to view our Privacy Notice: 

Privacy Policy Notice

 

What Personal Information Do We Collect? 

We collect personal information about you when you interact with our Online Services, in a variety of contexts, including directly from you and automatically when you use our Online Services. “Personal Information” means information that uniquely identifies, relates to, describes, or is reasonably capable of being associated with or linked to you. Depending on how you interact online with us, this Personal Information may include, but is not limited to: 

  • ● Contact information – If you create an account or provide information on or through our Online Services, we may collect your contact information including your name, telephone number, and postal and email address (if you are a joint account holder or beneficiary of an account, we also may obtain this information about you from the primary account holder). 

  • ● Login credentials – If you use our Online Services, we will also collect your login credentials such as usernames, passwords, and other authentication information (e.g., PINs and security questions).

  • ● Account information, financial history, and transaction information – If you create an account or otherwise use our Online Services, we may collect information about your account and financial history, such as your account number, account preferences, loan number, routing number and other unique customer identification numbers, credit or debit card information, account balances, payment history, income information, tax information, assets (e.g., vehicle and property information), and investment history.  

  • ● Biometric data – From time to time, you may be presented the option to provide certain biometric data such as face recognition or fingerprint, for example as an alternative to entering your password at log-in or to authenticate your identity as a part of account opening.  

  • ● Demographic and identification information – If you create an account or otherwise use our Online Services, we may collect sensitive demographic and identification information such as your age, nationality, citizenship status, date of birth, education or professional information, marital status, ethnicity, race, gender, and military or veteran status, Social Security number, driver’s license number, and tax identification number.  

  • ● Geolocation information – the precise location of your device, if you consent to the collection of this data, such as to find nearby branches, ATMs, and other locations. 

  • ● Device data – If you browse our website or use our Online Services, we may collect your device type, web browser type and version, operating system type and version, internet protocol address, internet provider, device IDs, cookie IDs, and advertising IDs (collectively, “Device Data”). 

  • ● Job candidacy – If you apply for employment with us, we will collect Personal Information related to your potential employment, including your legal work eligibility status, salary requirements, publicly-accessible information, background check information, and other information about you. 

  • ● Communication information – We may collect Personal Information contained within your communications with us via email, chat functionality, social media, telephone, or otherwise, and in certain cases we may use third-party service providers to do so. Where permitted by applicable law, we may collect and maintain records of calls and chats with our agents, representatives, or employees via message, chat, post, or similar functionality.  

  • ● Other information – We will collect any other Personal Information you choose to provide through surveys, registrations, sign-up forms, and files and attachments that you chose to upload. 

In addition, when you use our Online Services, you may provide the specific service with permission to access and use your device’s camera for mobile deposits. 

How We Collect Personal Information

  • ● Directly From You – We collect Personal Information that you provide to us directly, for example, if you choose to contact us, request information from us, fill out an online form, sign up to receive updates, or otherwise utilize Online Services.  

  • ● From Third Parties – We may collect Personal Information from third parties, including but not limited to business partners, advertising networks, social networks, data analytics providers, mobile device providers, Internet or mobile service providers, recruiters and job application portals, and background check providers. 

  • ● Through Online Tracking Technologies – We use cookies and similar technologies to collect Personal Information automatically as you navigate our Online Services. For additional information regarding our use of these technologies, see the Cookies and Other Tracking Technologies section below. 

Online Forms

Credit Union provides several online forms (for example, loan application or check order) to better serve the needs of members. Personal Information provided via any Credit Union online form is used only to process the member's request for service. These forms are transmitted via secured means. However, if the user is concerned about the security of transmitting this information via the Internet, the member is encouraged to contact the Credit Union directly at 1-301-249-1800 or 1-888-NASA-FCU (627-2328) to transmit the information another way. 

How Do We Use the Information We Collect?

We may use the personal information we collect to:

  • ● Establish and administer accounts; 

  • ● Provide our products and services and process and fulfill transactions in connection with our products and services; 

  • ● Communicate with you (including providing you with offers and other communications about our products and services), respond to inquiries, and offer customer support; 

  • ● Report to credit bureaus; 

  • ● Verify your identity; 

  • ● Personalize your experience on our Online Services; 

  • ● Advertise and market our products and services; 

  • ● Administer participation in surveys, sweepstakes, promotions, or other programs; 

  • ● Manage career opportunities with us, including for recruitment purposes, candidate screening and evaluation, and employee onboarding; 

  • ● Establish and manage our business relationships; 

  • ● Operate, evaluate, and improve our business (including developing new products and services; enhancing, improving and analyzing our products and services; managing our communications; and performing accounting, auditing, and other internal functions); 

  • ● Perform analytics (including, but not limited to, market research, trend analysis, financial analysis, and analysis of our customer base), and anonymization of personal information; 

  • ● Maintain and enhance the safety and security of our Online Services, products, and services and prevent misuse; 

  • ● Protect against, identify, and prevent fraud and other criminal activity, claims, and other liabilities;  

  • ● Exercise our rights and remedies and defend against legal claims; and 

  • ● For legal security, or safety reasons, including protecting our and our users’ safety , property, or rights; complying with and enforcing our applicable legal requirements, relevant industry standards and our policies and terms, including, but not limited to, those relating to anti-money laundering, economic sanctions, and anti-terrorism; detecting, preventing, and responding to security incidents; and protecting against deceptive, fraudulent, or illegal activity. 

We also may use your Personal Information to fulfill any other purpose for which you provide it, including purposes described when you provide the information or give your consent.  

Electronic Communication

We may use Personal Information to respond to inquiries for service or information, for marketing and advertising, including sending you messages, notices, newsletters, surveys, promotions, or event invitations about our own or third parties’ goods and services that may be of interest to you, and to improve the service the Credit Union provides. You can unsubscribe from any marketing emails or text messages that we may send you by following the instructions included in the email or text correspondence. Since email communication may not be secure against interception by unauthorized individuals, users may want to seek alternatives to email when it is necessary to provide sensitive or personal information.  

How Do We Disclose Personal Information?

We may disclose aggregated information about our users, and information that does not identify an individual, without restriction.  

We may disclose your Personal Information with your consent. We may also disclose your Personal Information with our social media, advertising, and analytics partners, which is discussed in more detail in the Cookies and Other Tracking Technologies section below.   

We also may share the Personal Information we obtain about you with service providers we use to perform services on our behalf, such as website hosting, data analytics, marketing, payment processing, fraud prevention, and other services. In addition, we may share Personal Information with our trusted business partners, such as other financial institutions and other companies in connection with co-branded products, services, or programs. 

We also may disclose personal information: 

  • ● If required by law, legal, or safety process (such as a court order or subpoena);  

  • ● In response to requests by government agencies, such as law enforcement authorities, or self-regulatory organizations;  

  • ● To establish, exercise, or defend our legal rights;  

  • ● When necessary or appropriate to prevent physical or other harm or financial loss;  

  • ● In connection with an investigation of suspected or actual illegal activity or a violation of any agreement you have with us;   

  • ● If we are involved in a merger, acquisition, or any other transaction involving a change of control in our business, including but not limited to, a bankruptcy or similar proceeding. Where legally required, we will give you notice prior to such disclosure; and  

  • ● With your consent or as directed by your representative. 

Cookies and Other Tracking Technologies

We and our service providers may use cookies and similar technologies to collect usage and browser information about how you use our Online Services. The technologies we use for this automatic data collection may include cookies and web beacons that permit us to verify system and server integrity and generate statistics around the popularity of certain content. We process the information collected through such technologies, which may include or be combined with Personal Information, to help operate certain features of our Online Services, to enhance your experience through personalization, and to help us better understand the features of our Online Services that you and other users are most interested in.  

Website Delivery and Appearance – We may use third-party providers to enable certain customer interaction opportunities, content delivery (like audio or video), or other service capabilities. Examples include, but are not limited to, the following functionality: 

  • ● Content Delivery: We partner with service providers to host our website and deliver specific content in support of our Online Services. For example, we use Adobe Typekit to serve fonts on our website, which is governed by Adobe Typekit’s Privacy Policy. We also partner with companies like Vimeo to deliver specific content delivery like audio and video. 

  • ● Chat-based Customer Support: We use a live chat feature powered by a service provider (Glia), and which may utilize artificial intelligence, to enable live customer service and technical support via our website. When you engage in the chat enabled by this service provider, you may be interacting with an automated and artificial system, not a human representative. Additionally, to provide the customer service and technical support enabled by this interactive system, we will automatically collect and share certain information (such as personal identifiers, usage information, and message content) with the supporting vendor. Any Personal Information disclosed with that service provider via this interactive tool will be handled in accordance with the applicable service provider’s privacy policy. Please see Glia’s Privacy Policy and terms to learn more. 

Website Analytics and Session Replay – We use analytics and session replay services, that use cookies and other technologies that collect your Personal Information, to assist us with analyzing our Online Service traffic and site usage to optimize, maintain, and secure our Online Services and inform subsequent business decisions (including, e.g., advertising). These include, but are not limited to, the following third-party services:  

  • ● Microsoft Clarity: We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for website optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement. 

  • ● Google Analytics: We use Google Analytics to help us understand how you use our Online Services and ways we can improve your experience. You may review further information about how Google uses data and how to control information sent to Google by visiting Google’s Privacy Policy and Google’s page on How Google uses data from sites or apps that use our services.” You may download the Google Analytics Opt-out Browser Add-on for each web browser you use, but this does not prevent the use of other analytics tools. To learn more about Google Analytics cookies, visit Google Analytics Cookie Usage on Websites. 

  • ● Meta Pixels: We use Meta pixels to track user activity on our website and improve downstream offerings, including interest-based advertising for our services and those of our partners and service providers. 

Interest-Based Advertising – We may also allow or enable third parties to collect Personal Information to provide their interest-based advertising on behalf of our products and services, or their own. Interest-based advertising occurs when advertisements are shown to you based on information collected from your online interactions over time and across multiple websites, devices, or online services that you visit or use. Some companies may engage in cross-context behavioral advertising to predict your preferences and show you advertisements that are most likely to be of interest or relevant to you. We do not control these third parties’ collection or use of your information for these purposes, or the opt-out options they may individually offer you via their terms, conditions, and privacy policies. If you have any questions about an advertisement or other targeted content, you should contact the applicable provider directly. Examples of the third-party service providers we engage to serve interest-based advertisements include Google Ads (including Google Dynamic Remarketing, Google Signals, and Google Marketing Platform), Meta Ads (including Meta Pixels and Facebook advertising services), and Microsoft advertising. It is in this context that we may provide advertising networks, data analytics providers, social networks, and video sharing platforms with Personal Information such as your IP address, device information, Internet and other electronic network activity information, and geolocation information in the last twelve months. 

Selling Personal Information – While we do not sell Personal Information in exchange for monetary consideration, we do disclose Personal Information for other benefits that could be deemed a “sale” under various data protection laws because it is sometimes broadly defined to include activities such as the delivery of interest-based advertising on websites or allowing third parties to receive certain information, such as cookies, IP address, and/or browsing behavior.  

Cookie Choices – To manage your preferences with respect to these technologies, you can:  

  • ● Change your cookie preferences in our Cookies Preferences Center or by customizing your browser settings to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable certain cookies, please note that some parts of our website may not function properly. These settings may be lost and require reconfiguration if you delete your cookies.

  • ● Block the collection and use of your information by online platforms and ad tech companies for the purpose of serving interest-based advertising by visiting the opt out pages of the self-regulatory programs of which those companies are members: National Advertising Initiative and Digital Advertising Alliance. Please note that even if you opt out of interest-based advertising, you may still see “contextual” ads which are based on the context of what you are looking at on the websites and pages you visit.  

  • ● Review and execute any provider-specific instructions to customize your preferences or opt-out of certain processing, including interest-based advertising, by third-party service providers. For example, to opt-out of this type of advertising by Google, customize your ad preferences, or limit Google’s collection or use of your data, visit Google’s Safety Center and Google’s Ad Settings and follow Google’s personalized ad opt-out instructions. Meta also offers an Ad Preferences center to customize your settings, as well as a Privacy Policy with additional information on how you can exercise your rights. 

Third-Party Links and Features 

For your convenience and information, our Online Services may provide links to other online services and websites, and may include third-party features such as apps, tools, widgets, and plug-ins. These linked online services and third-party features operate independently from us. A link to a linked website (“Linked Site”) on our Online Services does not mean that we endorse or accept any responsibility for the content, functioning, or use of such Linked Site, and you enter any such website at your own risk. The privacy practices of the relevant third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, we are not responsible for these third parties’ information practices. 

You agree that we have no control over or liability for information on Linked Sites. You should be aware that Linked Sites may contain rules and regulations, privacy provisions, confidentiality provisions, and other provisions that are different from the provisions provided on our website. We are not responsible for such provisions, and expressly disclaim any and all liability related to such provisions. We prohibit unauthorized hypertext links to this website, or the framing of this website. 

In some cases, we offer links to social media platforms (like Facebook, X, and LinkedIn) that enable you to easily connect with us or share information on social media. Any content you post via these social media pages is subject to the Terms of Use and Privacy Policies for those platforms.  

International Use

If you are visiting our Online Services from outside of the United States, please note that our Online Services are hosted in the United States. Where permitted by applicable law, we may transfer the Personal Information we collect about you to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country, as necessary for the purposes set out in this Policy.  

How We Protect Personal Information

You acknowledge that the Internet is inherently insecure and that all data transfers, including electronic mail, occur openly on the Internet and potentially can be monitored and read by others. We maintain administrative, technical, and physical safeguards designed to protect the Personal Information you provide against accidental, unlawful, or unauthorized access, destruction, loss, alteration, disclosure, disposal, or use. While these controls are in place, we cannot guarantee the absolute security of Personal Information either during transmission or while stored within our systems. 

Retention of Personal Information

We will retain your Personal Information as needed to fulfill the purposes for which it was collected. We will retain and use your Personal Information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our rights and agreements.  

Children's Privacy

Our Online Services are designed for a general audience and are not directed to children. We do not knowingly collect Personal Information online from children under the age of 13, or such other age as may be stipulated by applicable law. 

Exercising Your Privacy Rights

Depending on where you live, you may have the following rights with respect to your Personal Information under applicable data protection laws: 

  • ● Access – The right to request access to and obtain a copy of any Personal Information we may have about you. 

  • ● Deletion – The right to delete your Personal Information that we have collected or obtained, subject to certain exceptions. 

  • ● Correction – The right to request that we correct any inaccuracies in your Personal Information, subject to certain exceptions. 

  • ● Opt Out of Certain Processing – The right to: (a) opt out of the processing of your Personal Information for purposes of targeted or cross-context behavioral advertising, (b) opt out of the sale of your Personal Information, and (c) limit the use of your sensitive Personal Information (if applicable). We do not collect or process sensitive Personal Information outside of purposes permitted by law, so we do not offer the option to limit its use. Please refer to the Cookies and Other Tracking Technologies section for additional information regarding our selling and sharing practices.  

  • ● Automated Decision-Making – The right to know when you are subject to automated decision-making, including profiling in furtherance of decisions that produce legal or similarly significant effects, and to request additional information about such processing. We do not use Personal Information collected solely through your browsing or general use of our Online Services to make automated decisions that produce legal or similarly significant effects. If you apply for a loan or other financial product or service, we may use automated systems to assist in evaluating your application. Information collected and used in connection with financial products and services is governed by our separate Privacy Policy Notice and applicable federal law, including the Gramm-Leach-Bliley Act. 

  • ● Lodge a Complaint – The right to lodge a complaint with a regulatory agency if you believe we have violated any of the rights afforded to you under applicable data protection laws. We encourage you to first reach out to us, so we have an opportunity to address your concerns directly before you do so. 

You may exercise any of the privacy rights afforded to you under applicable data protection laws, by calling us at: 1-888-NASA-FCU (627-2328), sending a secure message through Online or Mobile Banking, or through the U.S. mail at: 

NASA Federal Credit Union  
P.O. Box 1588 
Bowie, MD 20717-1588 

You will not be discriminated against in any way by virtue of your exercise of the rights listed in this Notice. However, should you object to processing of your Personal Information, or if you choose not to provide certain Personal Information, we may be unable to provide some, or all, of our Services to you.  

Only you, or an authorized agent that you authorize to act on your behalf, may make a request related to your Personal Information. We may need to verify your identity before fulfilling certain requests, and if we cannot verify your identity, we may request additional information from you. If you are an authorized agent making certain requests on behalf of another person, we will also need to verify your identity, which may require proof of your written authorization or evidence of power of attorney. We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing. 

We do not charge a fee to process or respond to your requests unless they are excessive or repetitive. If we determine that a request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We may deny certain requests, or only fulfill some in part, as permitted or required by law. If you are not satisfied with the resolution of your request and you are afforded a right to appeal such decision, you will be notified of our appeal process in our response to your request. 

Additional Opt-Out Resources

You can reduce the amount of advertising you receive from companies outside NASA Federal Credit Union by contacting the following agencies: 

Reducing Direct Marketing from Other Sources

If you would like to reduce the volume of promotional mail offers from companies or organizations participating in the Association of National Advertisers (ANA) for a nominal fee, visit the Direct Marketing Association, Inc. (DMA) site at dmachoice.org or call 212-768-7277  to learn more and register for their DMA choice services.   

You can also remove your name from these lists by visiting the DMA consumer assistance site at dmachoice.org.

Consumer Credit Reporting Agencies

If you would like your name removed from lists obtained from Equifax, Experian, Innovis, and TransUnion for companies to make pre-approved offers of credit or insurance not initiated by you, go to optoutprescreen.com or call 1-888-5OPTOUT (567-8688).

National Do Not Call Registry

Help eliminate unwanted and uninvited calls from telemarketers when you register your telephone numbers – at no cost – with the National Do Not Call Registry. Register your residential and cell phone numbers online at donotcall.gov or by calling 1-888-382-1222. While this will stop most calls, you may still receive calls from businesses with which you have a business relationship.

Changes to This Notice

Please note that we may modify or update this Policy from time to time, so please review it periodically. If we make material changes to how we treat Personal Information, we will notify you according to applicable law. Unless otherwise indicated, any changes to this Policy will apply immediately upon posting to our Online Services. You are responsible for periodically visiting our Online Services and this Policy to check for any changes.  

For More Information

If you have any comments, concerns, or questions regarding this Policy, please contact us at 1-888-NASA-FCU (627-2328).

 

  1. Privacy & Security Policy
Equal Housing Lender LogoNCUA Logo

Your savings federally insured to at least $250,000 and backed by the full faith & credit of the U.S. Government. NMLS #486583.

©
 
NASA Federal Credit Union

Confidential information such as account numbers and social security numbers should not be sent by email for security reasons. Instead, please contact us directly at 1-888-NASA-FCU, send us a secure message through Online Banking or Mobile Banking, or visit your nearest branch.

You are now leaving nasafcu.com and entering a third party website that is not part of NASA Federal Credit Union.

The content you are about to view is produced by a third party unaffiliated to NASA Federal Credit Union. NASA Federal takes no responsibility for the content of the page.