Privacy Policy

Last Updated: May 2, 2024

The Federal Home Loan Bank of San Francisco (the “Bank,” “we,” or “us”) respects and values your privacy, and we are dedicated to sharing our methods and approach to how we collect, use, disclose, and protect your Personal Information in this policy (“Privacy Policy”). This Privacy Policy describes how the Bank handles your Personal Information:

• From visitors to our website https://fhlbsf.com as it may be modified, relocated and/or redirected from time to time or web-based applications (“Websites”)

• Through software applications made available by us for use on or through computers and mobile devices (“Apps”)

• Contacts from our members and/or prospective members

• Contacts for suppliers of goods and services to the Bank

• From any other individual about whom the Bank obtains personal information in the provision of services to our member (“Member Services”)

The items outlined above are collectively called “Services.” If you are a California Resident, you can review the Additional Information For California Residents below.

Assistance For the Disabled

Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact [insert email address] for assistance.

Notice at Collection for California Residents

The Bank collects the Personal Information identified in Section “Information We Collect About You” below for the purposes identified in Section “Uses of Personal Information” and retains it for the period described in Section “Retention Period”. We do not sell your Personal Information or disclose it for cross-context behavioral advertising (“sharing”). We also do not collect or process sensitive personal information for the purpose of inferring characteristics about you. To the extent you provide the Bank with Personal Information about other California residents, you are responsible for providing this notice to them.

Information We Collect About You

For the purposes of this Privacy Policy, Personal Information is information that relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. For example, the Bank collects the following types of Personal Information:

• Contact and Basic Information: for example, name, title, phone numbers, mailing address, email address, organization, and job title.

• Registration Information: for example, information necessary to process or respond to newsletter requests, event/seminar registration, dietary preferences (excluding special categories), subscriptions, and requests to download information.

• Professional Data: for example, information about individual participation in conferences, credentials, and associations.

• Government Data: for example, government identifiers, date of birth, and due diligence data.

• Special Categories: in limited circumstances, the Bank receives special categories of Personal Information as is necessary for a specific business purpose that may include, for example, social security numbers, religious or other beliefs, racial or ethnic origin, sexual orientation, and health data.

• Member Service Information: for example, member employee contact information, third-party data related to member business-related requests.

• Device Data: IP address, unique device identifiers, cookies and other data linked to a devices, and usage data about our Websites.

Cookies and Similar Technologies

We may use tracking technologies which may run on your device when you use the website. These technologies include cookies which are small data/text files that store information on your computer. Cookies allow the Bank to collect information including browser type, the amount of time spent on the Website, and pages visited. We may use this information to enhance your online experience and to facilitate your use of this Website. We collect aggregated site-visitation statistics that we may use to measure the effectiveness of this Website and to improve our products and services. Accepting the cookies used by this Website does not give us access to your Personal Information.

You can manage website cookies in your browser settings. You always have the choice to have your device warn you of the time a cookie is being sent or change these settings by accepting, rejecting or deleting cookies. If you do not accept these cookies, you may experience some inconvenience in your use of this Website and you may not be able to access portions of this Website at all if you disable cookies on your browser.

Google Analytics

We use cookies provided by Google Analytics, a third-party service provider, to assist us in better understanding our Website visitors. These cookies collect data tied to a user’s IP address, such as the length of time a user spends on a page, the page a user visits, and the websites a user visits before and after visiting the Website. Based on this information, Google Analytics compiles aggregate data about Website traffic and Website interactions, which we use to offer better Website experiences and tools in the future. For more information on Google Analytics, visit https://support.google.com/analytics.

Sources of Personal Information

The Bank may collect Personal Information from a variety of sources, including:

• You/through our provision of Services, for example, when you sign-up for a newsletter, register for a conference, enter into a contractual relationship for Services, interact with us at an event, visit our Websites or networks, use our online applications, send us communications, or call or visit our office.

• From other sources that may include:

  • Publicly available and subscription-based sources

  • Court documents and filings

  • Event sponsors

  • Our members

  • Counterparties in transactions or disputes

  • Social media

  • Our service providers, for example, IT and system administration services

  • Automated technologies, for example, browsing activity collected by automated technologies on the Website

  • Third parties, for example, lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services

  • Government or administrative agencies, for example, law enforcement, public health officials, other government authorities

The Bank needs to collect Personal Information in order to provide the requested Services to you or to provide Services to our members. If you do not provide the information requested, we may not be able to provide the Services. Where the Bank receives Personal Information from its members about employees or other individuals, the member is responsible for ensuring that any such Personal Information is transferred to us in compliance with applicable data protection laws and regulations.

Uses of Personal Information

The purposes for which the Bank uses Personal Information are as follows:

• Communication and/or the provision of financial services to our members. We engage in this activity to fulfil our ethical, legal and contractual obligations with our members.

• Management of our business operations and administration of our member relationships. We engage in this activity to fulfil our ethical, legal and contractual obligations with members and suppliers.

• Enhancing the functionality of our Websites. We engage in this activity because we have a legitimate interest in monitoring how our Website and Apps are used to help us provide better services to our Website and App users.

• Fraud and security monitoring purposes. We engage in this activity because we have a legitimate interest to detect and prevent fraud, crimes and other misuses of our Websites and networks.

• Data analysis to improve the efficiency of our Services and identify trends. We engage in this activity to manage our relationships with members, to comply with legal obligations, and/or because we have other legitimate interests.

• Auditing internal process for proper functioning. We engage in this activity to manage our relationships with members, to comply with legal obligations, and/or because we have other legitimate interests.

• To provide relevant marketing materials. We engage in this activity because we have a legitimate interest or because we have obtained consent.

• Compliance with legal and regulatory obligations. We engage in this activity to manage our relationships with members, to comply with legal obligations, and/or because we have other legitimate interests.

• To protect the rights, property, or safety of the Bank, you, or others.

• To report suspected criminal conduct to law enforcement and cooperate in investigations.

• To exercise the Bank’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel.

• Incidental purposes: any incidental purposes related to, or in connection with, the above.

The Bank may aggregate and/or anonymize (de-identify) Personal Information so it is no longer considered Personal Information. We do this to generate other data for our use, which we may use and disclose for any purpose. We maintain de-identified information in a de-identified form and do not attempt to re-identify if, except that we may attempt to re-identify the information just to determine whether our de-identification processes function correctly.

Disclosure of Personal Information

We may disclose Personal Information to:

• Contractors, vendors, and services providers

• Third parties, for example, auditors, lawyers, consultants, and accountants engaged by the Bank

• Government or administrative agencies

We may also disclose Personal Information as necessary to:

• Comply with applicable laws and regulations

• To assist us in meeting our business needs

• To cooperate with public and government authorities

• To cooperate with law enforcement

• To enforce our terms and conditions

• To protect our rights, privacy, safety or property, and/or that of our affiliates, or others.

We do not sell or share your Personal Information as these terms are defined under applicable privacy laws.

Protection of Personal Information

We have implemented reasonable measures to secure Personal Information from accidental loss or destruction and from unauthorized access, use, alteration and disclosure. Unfortunately, no transmission or storage system can be guaranteed 100% secure.

Children's Online Privacy Protection Act Compliance

Our services are not intended for individuals under the age of 18. We do not collect information from anyone under 13 years of age. If you are under the age of 13, you are not authorized to use our services or the Websites.

Retention Period

We retain your Personal Information for the duration of our relationship with you, if any. We will retain your Personal Information for as long as is reasonably necessary for a specified business purpose or as required by legal, administrative, or procedural obligations, for example, a litigation hold.

Third-Party Websites

The Website and Apps may contain links to unaffiliated third parties. This Privacy Policy does not apply to such third-party sites. When you click a link to visit a third-party website, you will be subject to their website’s privacy practices. We encourage you to review the privacy and security practices of any linked third-party website before

providing any Personal Information on that website.

Additional Information For California Residents

California Consumer Privacy Act, as amended (CCPA)

Pursuant to the CCPA, we are providing the following additional details regarding the categories of Personal Information about California residents that we collected and disclosed in the preceding 12 months. This policy does not apply to our employees, contractors, owners, directors, or officers where the Personal Information relates to their current, former, or potential role at the Bank. California job applicants can review the Bank’s Applicant Notice and Privacy Policy for more information about the Personal Information the Bank collects when you apply for a position with the Bank.