Skip to content
  • Apply Now
  • Make a Gift
  • Quicklinks
    • Microsoft 365
    • NAU Portal
    • Athletics
    • Canvas
    • Request Info
    • NAU Store
North American University Logo North American University Logo
Menu
  • Admissions
    • Undergraduate
      • Office of Admission
      • Undergraduate Degrees
      • Tuition and Fees
      • Scholarships
      • Brochures
      • Free Tuition
    • Graduate
      • Request Info
      • Graduate Degrees
      • Tuition and Fees
      • Distance Education
      • International
    • Gulf Language School
      • Apply Now
      • GLS Admissions
      • GLS Programs
      • GLS Students
      • GLS Faculty


  • Academics
        • Undergraduate Programs
        • Graduate Programs
        • Language School
        • Educator Certification
        • Continuing Education
      • NAU Library
      • Research Center
      • Faculty Members
      • Faculty Senate
      • Distance Education
        • Academic Catalog
        • Academic Calendar
        • Course Schedule
        • Finals Schedule


  • Faculty & Staff
        • mynauOffice 365 – Online Office Suite
        • university feesFees and Deposits – University Fees
        • NAU EmailPassword Reset – Reset your password
        • htownEmployee Forms – HR Documents
    • Employee Center
      • Human Resources
      • Faculty Senate
      • ADP Portal
      • Faculty Handbook
    • News and Events
      • Headlines
      • Announcements
      • Employment Opportunities
      • Student Workers

  • Campus Life
    • Student Affairs
      • Student Organizations
      • Calendar of Events
      • NAU Athletics
      • Health Services
    • Residential Life
      • Housing
      • Dining at NAU
      • Resident’s Handbook
      • Fees and Deposits
    • Parking & Security
      • Parking Enforcement
      • Campus Security
      • Emergency Guide
      • Campus Crime Report


  • Students
        • mynauOffice 365 – Online Office Suite
        • university feesFees and Deposits – University Fees
        • NAU EmailPassword Reset – Reset your password
        • htownIT Services – Help Desk Support
    • Offices
      • Registrar
      • Bursar’s Office
      • Financial Aid
    • Resources
      • Student Handbook
      • Academic Catalog
      • Student Success
      • Career Center
      • Student Jobs


  • About NAU
    • Mission Statement
      • North American University (NAU) is a private and non-profit institution offering bachelor’s and master’s degrees. The university is committed to teaching excellence and student centeredness. NAU strives to provide an environment promoting global cultural competency, personal growth and responsible citizenship.
    • Office of the President
      • Administration
      • Board of Trustees
      • Accreditation
      • Strategic Plan
      • Title IX
    • Details
      • NAU History
      • Policy Manual
      • Annual Reports
      • Marketing
      • NAU Newsletters


Privacy Policy2026-04-22T14:04:10-05:00

Legal Document

Privacy Policy

North American University
Effective date: April 22, 2026
FERPA · GLBA · TDPSA · GDPR · CCPA/CPRA · PIPEDA · LGPD compliant

Contents

  1. Introduction
  2. Data Controller
  3. Scope
  4. Information We Collect
  5. How We Use Data
  6. Legal Basis (GDPR)
  7. FERPA — Student Records
  8. Directory Information
  9. Data Sharing
  10. Cookies
  11. Data Retention
  12. Security
  13. GDPR Rights
  14. CCPA/CPRA Rights
  15. TDPSA Rights (Texas)
  16. Global Privacy Rights
  17. Children’s Privacy
  18. International Transfers
  19. Third-Party Links
  20. Changes
  21. Contact & Privacy Inquiries
Plain-language summary: North American University (“NAU”) collects information from prospective students, students, alumni, faculty, staff, and website visitors to operate our academic programs, process admissions and financial aid, and comply with law. We do not sell your personal information. Student education records are protected under FERPA. You have the right to access, correct, and (where applicable) delete your information.

Section 01

Introduction

This Privacy Policy (“Policy”) describes how North American University (“NAU,” “University,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit www.na.edu (the “Site”), apply for admission, enroll as a student, work or study at NAU, receive services from us, or otherwise interact with the University.

By using the Site or providing us with your personal information, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Site or provide information to us.

This Policy should be read together with NAU’s FERPA Notification, Consumer Information Disclosures, Title IX Policy, and Acceptable Use Policy, each available at www.na.edu/about-nau/nau-policies/.

Section 02

Who We Are (Data Controller)

For purposes of applicable data protection laws (including the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and the Texas Data Privacy and Security Act (“TDPSA”)), the data controller is:

North American University
11929 W Airport Boulevard
Houston, Texas 77477, United States
Phone: (832) 230-5555
Email: records@na.edu

Institution type: Private non-profit institution of higher education
Accreditation: Accrediting Commission of Career Schools and Colleges (ACCSC), recognized by the U.S. Department of Education

Section 03

Scope of This Policy

This Policy applies to personal information collected:

  • Through the Site and its subdomains
  • Through online admissions applications, student portals, learning management systems, and email
  • In connection with on-campus services, events, housing, library, financial aid, and student activities
  • From third parties (e.g., the Common App, education agents, recommenders, employers, test administrators)

Some academic or administrative activities are also subject to specific notices (e.g., FERPA Notification, HIPAA Notice of Privacy Practices for Student Health Services where applicable, and employee-specific notices). Where a specific notice conflicts with this Policy, the specific notice governs for that activity.

Section 04

Information We Collect

4.1 Information You Provide

Category Example Data Elements Purpose
Identifiers Full name, date of birth, NAU ID, Social Security Number (only where legally required, e.g., tax/financial aid), passport/visa data (for international students), photograph Identity verification, enrollment, immigration compliance (SEVIS/I-20)
Contact Data Home, mailing, and campus address, personal and NAU email, phone numbers, emergency contacts Communications, emergency notifications
Application & Admissions Data Transcripts, test scores (SAT/ACT/TOEFL/IELTS/GRE), essays, recommendations, prior institutions, citizenship/residency status Admissions evaluation, transfer credit, placement
Academic Records Enrollment, courses, grades, GPA, degree progress, academic advising notes, disciplinary records Education delivery and recordkeeping (FERPA-protected)
Financial Data Tuition payments, billing address, last 4 digits of payment card, bank information for refunds, FAFSA data, scholarship and loan records Billing, financial aid, tax reporting (1098-T)
Employment Data Employment application, I-9, W-4, payroll and benefits data (for faculty/staff/student workers) HR, payroll, tax compliance
Health & Accommodations Data Disability documentation, immunization records, health clearances, counseling intake (where applicable) ADA/Section 504 accommodations, public health compliance
Communications Emails, support tickets, forms, recorded class sessions (per NAU’s Recording of Class Sessions Policy) Academic delivery, support, institutional records

4.2 Information Collected Automatically

When you use the Site, we and our service providers automatically collect:

  • Device & log data: IP address, browser type and version, operating system, device identifiers, referring/exit pages, clickstream, and session timestamps
  • Usage data: Pages viewed, features used, search queries on the Site, and interaction events
  • Cookies and similar technologies: Session cookies, authentication tokens, analytics identifiers, and preference cookies (see Section 10)

4.3 Information From Third Parties

We may receive information about you from:

  • Third-party application services (e.g., Common App, CollegeNET)
  • Testing agencies (ETS, College Board, ACT, Duolingo English Test)
  • Prior and transfer institutions (transcripts, verification)
  • Sponsors, government agencies, and scholarship providers
  • Education agents and recruitment partners (for international applicants)
  • Employers or references (for admissions/employment)
  • Public records and publicly available sources (where permitted by law)

4.4 Sensitive Personal Information

Where permitted by law, we may collect sensitive personal information (e.g., Social Security Number, immigration status, race/ethnicity for IPEDS reporting, health and disability information, religious affiliation only where voluntarily provided for an identified purpose). We process sensitive data only for the specific purpose disclosed at collection, and we apply enhanced safeguards.

4.5 What We Do Not Collect

We do not knowingly collect biometric identifiers beyond what is required for campus access control (if any), and we do not purchase or acquire data from data brokers for marketing purposes. We do not use your personal information to train third-party generative AI models.

Section 05

How We Use Your Information

We use personal information to:

  1. Provide educational services — admissions review, enrollment, registration, academic advising, instruction, grading, transcript issuance, and degree conferral
  2. Administer student life — housing, library, student organizations, athletics, campus events, ID cards, and alumni relations
  3. Process financial transactions — tuition billing, financial aid, scholarships, refunds, payroll, and vendor payments
  4. Communicate with you — academic, administrative, emergency, and (with consent where required) marketing or alumni communications
  5. Comply with law — FERPA, Title IV, Title IX, Clery Act, IPEDS, SEVIS/DHS reporting, IRS 1098-T, state authorization reporting, ADA, and other applicable federal, state, and international laws
  6. Protect the University community — campus safety, emergency notifications (e.g., Missing Student Notification Policy), fraud prevention, IT security, and investigation of suspected policy violations
  7. Improve our services — analytics on Site usage, program outcomes, student success research, and institutional effectiveness (conducted in de-identified or aggregate form where feasible)
  8. Conduct institutional research and accreditation reporting — ACCSC, THECB, U.S. Department of Education, and other regulators
  9. Recruit and enroll prospective students — respond to inquiries, send program information, and invite you to events

We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.

Section 06

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Processing Activity Legal Basis
Admissions review and enrollment Contract performance — steps prior to entering a contract (Art. 6(1)(b) GDPR)
Delivery of education and administration of student records Contract performance (Art. 6(1)(b))
Tuition billing, financial aid, payroll Contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c))
FERPA/Title IV/Clery/SEVIS/IRS reporting Legal obligation (Art. 6(1)(c))
Analytics, institutional research, service improvement Legitimate interests (Art. 6(1)(f))
Marketing emails and event invitations Consent (Art. 6(1)(a)) — opt-in where required
Campus safety, fraud prevention, IT security Legitimate interests (Art. 6(1)(f))
Processing of sensitive data (health, immigration, ethnicity) Explicit consent (Art. 9(2)(a)), substantial public interest (Art. 9(2)(g)), or other Art. 9 basis as applicable

Section 07

FERPA — Student Education Records

The Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations (34 C.F.R. Part 99) protect the privacy of student education records. Once a student is enrolled at NAU (regardless of age), FERPA rights transfer to the student (“eligible student”).

7.1 Your FERPA Rights

As an eligible student, you have the right to:

  • Inspect and review your education records within 45 days of a written request to the Registrar
  • Request amendment of records believed to be inaccurate or misleading
  • Consent to disclosures of personally identifiable information (PII) from your education records, except where FERPA permits disclosure without consent
  • File a complaint with the U.S. Department of Education, Student Privacy Policy Office, 400 Maryland Avenue SW, Washington, DC 20202, regarding alleged failures to comply with FERPA

7.2 Disclosures Permitted Without Consent

Consistent with 34 C.F.R. § 99.31, NAU may disclose education records without consent to:

  • School officials (including University employees, contractors, consultants, volunteers, or other parties to whom the University has outsourced institutional services) with a legitimate educational interest
  • Officials of another school where the student seeks or intends to enroll
  • Authorized federal, state, and local authorities for audit, evaluation, or enforcement of federal- or state-supported education programs
  • Parties in connection with financial aid
  • Organizations conducting studies for, or on behalf of, the University
  • Accrediting organizations (e.g., ACCSC)
  • Parents of a dependent student as defined by the IRS
  • Parties in compliance with a judicial order or lawfully issued subpoena (with reasonable effort to notify the student in advance where permitted)
  • Appropriate parties in a health or safety emergency involving imminent danger to the student or others
  • To comply with SEVIS and immigration reporting obligations for international students

The full FERPA Notification is available at: www.na.edu/documents/about/FERPA Notification.pdf

Section 08

Directory Information

Under FERPA, NAU may disclose the following categories of directory information without a student’s prior written consent:

  • Name
  • Address (campus and permanent)
  • NAU email address
  • Telephone number
  • Date and place of birth
  • Photograph
  • Major field of study
  • Dates of attendance and enrollment status (full-time/part-time)
  • Degrees, honors, and awards received
  • Most recent previous educational institution attended
  • Participation in officially recognized activities and sports
  • Weight and height of members of athletic teams

Your Right to Opt Out

A student may request that NAU withhold directory information by submitting a written request to the Registrar’s Office (registrar@na.edu) within the timeframe published each academic year. An opt-out remains in effect until revoked in writing by the student. Note that an opt-out may limit NAU’s ability to confirm degrees or enrollment to future employers or other third parties.

Section 09

How We Share Information

We share personal information only as described below, and only with parties that are subject to confidentiality obligations and appropriate data protection terms:

Recipient Category Purpose
Service providers (hosting, learning management, student information system, payment processors, email delivery, analytics, telephony, background check providers) Operate the Site and University systems
Payment processors (e.g., Stripe, Flywire, TouchNet) Tuition and fee processing (PCI-DSS compliant; we do not store full card numbers or CVV)
Federal and state agencies Title IV, SEVIS/DHS, IRS, IPEDS, THECB, U.S. Department of Education
Accrediting and licensing bodies ACCSC, program-specific accreditors, licensing boards
Other educational institutions Transcript verification, transfer of records at student request
Sponsors and funding entities Where a sponsor is paying your tuition or providing a scholarship
Professional advisors Auditors, attorneys, insurers under duty of confidentiality
Law enforcement and government authorities When required by subpoena, court order, or to protect life and safety
Successors in interest In the unlikely event of a merger, acquisition, or asset transfer (with notice where required by law)

We do not sell personal information, and we do not “share” it for cross-context behavioral advertising as defined by the CCPA/CPRA.

Section 10

Cookies & Online Tracking

The Site uses cookies and similar technologies, including:

  • Strictly necessary cookies — required for authentication, session management, and security
  • Functional cookies — remember preferences and language
  • Analytics cookies — Google Analytics and similar tools to understand aggregate Site usage
  • Marketing cookies — limited use for NAU admissions campaigns; set only where permitted by your consent

You can manage cookies through our consent banner (where presented) and your browser settings. Blocking strictly necessary cookies may impair Site functionality. NAU honors Global Privacy Control (GPC) signals as a valid opt-out of “sale” or “sharing” for users in jurisdictions that recognize GPC.

Section 11

Data Retention

We retain personal information only for as long as necessary for the purposes described in this Policy, to comply with legal, accounting, audit, and accreditation obligations, or to resolve disputes.

Data Category Retention Period
Admissions records of enrolled students Permanent (as part of the student record)
Admissions records of non-enrolled applicants 3 years from decision
Academic transcripts and degree records Permanent
Financial aid records Minimum 3 years after the end of the award year (34 C.F.R. § 668.24)
Tuition and billing records 7 years (tax and audit)
Employment and payroll records As required by federal and Texas labor law (typically 4–7 years; some permanent)
Health and accommodations records As required by ADA, HIPAA (where applicable), and Texas law
SEVIS/international student records Per DHS/ICE requirements
Website usage and analytics logs 26 months (rolling)
Support communications 3 years from last interaction
Marketing consent records 5 years from consent or withdrawal
Security camera footage 30–90 days unless retained for an investigation

When retention periods expire and no legal obligation requires continued retention, records are securely deleted, destroyed, or anonymized.

Section 12

Information Security

NAU implements administrative, technical, and physical safeguards designed to protect personal information, including:

  • TLS/HTTPS encryption for data in transit
  • Encrypted storage of credentials (salted hash; we do not store plain-text passwords)
  • Role-based access controls and least-privilege principles
  • Multi-factor authentication for University systems
  • Network segmentation, firewalls, and endpoint protection
  • Security awareness training for faculty and staff
  • Vendor due diligence and contractual data protection terms
  • Compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule for financial aid information
  • Incident response and breach notification procedures consistent with the Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code § 521) and FERPA

No system is 100% secure. If you believe your account has been compromised or you have discovered a vulnerability, contact it@na.edu (or records@na.edu) immediately.

Breach Notification

In the event of a data breach affecting your rights, NAU will notify affected individuals and the applicable supervisory authorities within the timeframes required by law (including 60 days under Texas law, 72 hours to authorities under GDPR where applicable, and notice to the U.S. Department of Education where federal data is involved).

Section 13

Your Rights Under GDPR (EEA/UK/Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right What It Means
Access Obtain a copy of personal data we hold about you
Rectification Correct inaccurate or incomplete data
Erasure Request deletion (“right to be forgotten”), subject to legal retention requirements
Restriction Limit processing while a dispute is resolved
Portability Receive your data in a structured, machine-readable format
Objection Object to processing based on legitimate interests or for direct marketing
Withdraw consent Withdraw consent at any time without affecting prior lawful processing
Lodge a complaint Complain to your local supervisory authority

To exercise these rights, email records@na.edu with the subject line “GDPR Request.” We will respond within 30 days (extendable by 60 days for complex requests, with notice).

Note: Certain records protected under FERPA or required by federal law cannot be erased upon request. In such cases, we will explain the applicable exception.

Section 14

Your Rights Under CCPA/CPRA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”):

  • Right to Know what personal information we collect, use, disclose, and (if applicable) sell or share
  • Right to Delete personal information we collect about you
  • Right to Correct inaccurate personal information
  • Right to Opt Out of the “sale” or “sharing” of personal information — NAU does not sell or share personal information
  • Right to Limit the use of sensitive personal information
  • Right to Non-Discrimination for exercising your CCPA rights

Categories Collected in the Past 12 Months

Identifiers; education information; commercial information (tuition transactions); internet/network activity; geolocation (approximate, via IP); sensory data (photos, recorded class sessions where applicable); professional/employment information (for employees and applicants); inferences drawn from the foregoing; and sensitive personal information (SSN where legally required, precise account credentials, health information where voluntarily provided for accommodations).

To submit a California request, email records@na.edu with the subject line “California Privacy Request.” You may designate an authorized agent in writing. We will verify your identity before responding.

Shine the Light

California residents may request information about disclosures of personal information to third parties for those parties’ direct marketing purposes. NAU does not make such disclosures.

Section 15

Your Rights Under TDPSA (Texas)

As a Texas-based institution, NAU complies with the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code ch. 541). Where the TDPSA applies to you as a Texas consumer, you have the right to:

  • Confirm whether NAU is processing your personal data and access that data
  • Correct inaccuracies
  • Delete personal data
  • Obtain a portable copy
  • Opt out of targeted advertising, sale of personal data, and certain profiling — NAU does not engage in the sale of personal data or targeted advertising

Texas residents may submit requests to records@na.edu with the subject line “Texas Privacy Request.” If we deny a request, you may appeal by replying within 45 days. If the appeal is denied, you may contact the Texas Attorney General at texasattorneygeneral.gov/consumer-protection.

Sensitive data is processed only with your consent where required by the TDPSA.

Section 16

Global Privacy Rights

NAU serves students and applicants from around the world. We recognize and respect privacy rights under the following jurisdictions:

Jurisdiction Law Key Rights Recognized
🇧🇷 Brazil LGPD Access, correction, anonymization, portability, deletion, opt-out of sharing, information on third parties
🇨🇦 Canada PIPEDA / Quebec Law 25 Access, correction, withdrawal of consent, knowledge of data held and purpose
🇦🇺 Australia Privacy Act 1988 (APPs) Access and correction of personal information
🇸🇬 Singapore PDPA (as amended 2021) Access, correction, withdrawal of consent, portability
🇹🇭 Thailand PDPA Access, correction, erasure, objection, withdrawal of consent
🇯🇵 Japan APPI Disclosure, correction, deletion, cessation of use
🇰🇷 South Korea PIPA Access, correction, deletion, suspension of processing, portability
🇹🇷 Türkiye KVKK Access, correction, deletion, objection to automated decisions

To exercise these rights, email records@na.edu with your full name, jurisdiction, and the specific right you wish to exercise. We will respond within the timeframe required by the applicable law (generally 30 days).

Section 17

Children’s Privacy

The Site and NAU’s programs are directed to prospective and current university-level students, generally 18 years of age or older. We do not knowingly collect personal information from children under 13 in a manner that would require compliance with the Children’s Online Privacy Protection Act (COPPA) without verifiable parental consent.

For applicants or dual-credit/early-college students under 18, we collect only information necessary for the program, with parental or guardian consent where required. If you believe a child has provided personal information to us in violation of this Policy, please contact records@na.edu and we will promptly delete it.

Section 18

International Data Transfers

NAU is located in the United States. If you access the Site or apply to NAU from outside the U.S., your personal information will be transferred to and processed in the United States, which may have different (and, in some cases, less protective) data protection laws than your country.

Safeguards we apply:

  • EEA/UK/Switzerland: EU Standard Contractual Clauses (SCCs) under European Commission Decision 2021/914, and UK International Data Transfer Addendum where applicable, with our processors
  • Brazil (LGPD): Contractual clauses, consent, or adequacy where applicable
  • Canada (PIPEDA): Contractual protections ensuring comparable protection
  • All other countries: Contractual clauses, your consent, or other legally recognized mechanisms

By submitting your information to NAU, you consent to such transfers to the extent consent is a valid legal basis in your jurisdiction.

Section 19

Third-Party Links

The Site may contain links to third-party websites, services, and resources (e.g., payment portals, learning platforms, library databases). We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party site you visit.

Section 20

Changes to This Policy

We may update this Policy from time to time. Material changes will be announced by posting the updated Policy on the Site and, where appropriate, by email to enrolled students and employees at least 14 days before the changes take effect. The “Effective date” above indicates the most recent version. Your continued use of the Site or NAU’s services after the effective date constitutes acceptance of the updated Policy.

Section 21

Contact & Privacy Inquiries

North American University — Office of the Registrar / Records Office
11929 W Airport Blvd
Houston, Texas 77477, USA

Purpose Contact
General privacy and records inquiries records@na.edu · (832) 230-5555
Registrar (FERPA, transcripts, directory opt-out) registrar@na.edu · (832) 230-5188
Title IV / financial aid privacy titleivcompliance@na.edu
Academic Affairs academicaffairs@na.edu · (832) 230-5545
Title IX & non-discrimination See www.na.edu/about-nau/title-ix/

Response time: We aim to acknowledge privacy requests within 5 business days and respond fully within 30 days (or within the timeframe required by your applicable law).

If you are not satisfied with our response, you may also contact:

  • U.S. Department of Education, Student Privacy Policy Office — for FERPA complaints (400 Maryland Avenue SW, Washington, DC 20202)
  • Texas Attorney General, Consumer Protection Division — for TDPSA concerns
  • Your local data protection supervisory authority — for GDPR/UK GDPR concerns
© 2026 North American University · Houston, Texas · All rights reserved.

NAU Logo white

11929 W Airport Blvd
Houston, Texas 77477

(832) 230 5555

QUICKLINKS

ADP Portal
Calendar
Catalog
Course Schedule
Financial aid
Language School

Housing
Human Resources
Library
Marketing
Privacy Policies
Virtual Tour

Administration
Annual Reports
Scholarships
Emergency
Deadlines
Parking

© 2025 North American university

Accreditation | Title IX | Consumer information

Page load link
NAU uses cookies for site functionality, analytics, and personalized marketing (Google & Meta). Non-essential cookies are disabled by default. You may Accept to support our outreach or Reject to browse privately. Accept Reject
Go to Top