Privacy Policy

Last Updated: January 1, 2020

PLEASE READ THIS PUBLIC WEBSITE PRIVACY POLICY ("POLICY") BEFORE USING THIS WEBSITE OR responding to REQUESTS from the Bank to provide information to us via our website(s)

This Public Website Privacy Policy (“Policy”) explains how the Federal Home Loan Bank of San Francisco (the “Bank” or “us” or “we”) may collect information from or about users (“you”) of the Bank’s website (“Website”) and/or the entity on whose behalf you are accessing this Website, including the entity you represent. This Policy binds that entity. This Policy does not apply to information we may receive through the mail, by email, by fax or telephone, in person, or in any other way.

IF APPLICABLE: We use other online services not covered by this Policy. If you visit one of these sites, please review the policies of those sites to understand how your information may be collected, used and shared.

From time to time, we may change this Policy. When we do, we will let you know by posting the "Last Updated" date, as listed above. Any changes to this Policy will become effective when we post the updated Policy to this Website. Your use of this Website following any changes to the Policy means that you accept the revised Policy. You are encouraged to review this Policy each time you use this Website.

Additional information can be found in the Terms of Use and the Online Security guidelines.

Information we collect and how we use and store it

During the period of time you access our Website, you may be providing us with "personal information" such as the IP address of your computer, or the identifier of your mobile device. This information could also include browser type, operating system, screen resolution, pages accessed on the Website, time spent on a page, the date and time you access the Bank’s Website, and the address of the Internet site you visited prior to entering this Website (only if you came from a referring site), and search terms you enter on our Website. Also, if you access our Website from a mobile device, you may be sharing the geographic location of your device with us. We collect this information for the purposes of website functionality and security. We also use cookies in support of web traffic analysis, however, we cannot identify you or your household without further information. In other words, without additional information (such as your internet service provider or wireless carrier), the information we collect when you access our website does not identify, relate to, describe, or is capable of being associated with or could be reasonably be linked, directly or indirectly, with you or your household.

On occasion, the Bank may consider using our Website to facilitate the hosting of member events or conduct other activities, such as offering programs and services, where we may interact with users who may provide personal information via a form or document. In this case, to the extent this activity involves the collection of personal information as defined by the California Consumer Privacy Act of 2018 (CCPA), we would be required to comply with the CCPA for this activity. Other than users who are providing business contact information in connection with a business transaction with the Bank on our Website, the CCPA would require us to, among other things, provide users notice of the categories and our use of the personal information and an explanation of the users’ rights under the CCPA. 

We do collect personal information from job applicants on our Website. The information we collect includes contact information, employment history, qualifications, and other information necessary for us to perform a diligent and appropriate evaluation of the applicant. For more information about the information we collect from job applicants, please see our Privacy Notice for Recruitment

The personal information described above may also be considered “Personally Identifiable Information,” or PII, which includes, among other things, first and last name, address, work telephone number, email address, home telephone number, and general educational credentials.  

The Bank may store any and all site usage information collected from you and include such information in usage logs and reports. The Bank does not store the data in an encrypted format.  We use reply email addresses to answer the email we receive. To the extent we use our Website to facilitate the hosting of member events or conduct other activities where we may interact with users who may provide personal information, we may collect and use your email address, name, title, organization and type, address, phone and fax numbers to communicate with you about your online event registrations or subscriptions. The Bank does not sell your personal information.

In the event we use our Website for an activity or a transaction requiring a fee, we may ask for all of the information above, plus credit card information. When you submit credit card information, you are directed to a third party vendor, and all of your credit card related information is provided directly to that third party vendor, and not to the Bank. This information is transmitted to the third party vendor via a secure connection. Any transfer of your information from this Website to a third party vendor’s website will subject your information to the privacy policies and terms of use of those websites.

Information that is shared

We do not share personal information with companies, organizations and individuals outside of the Bank other than with your consent or as permitted by law for legal, accounting or regulatory purposes or to third party vendors and third parties that are providing services to the Bank, including website security services.

Usage logs and reports may be analyzed and reviewed by third party vendors who have submitted written confidentiality agreements to the Bank. 

We may share non-personal information aggregated site visitation information with third party vendors for security purposes.

Use of cookies

We may use tracking technologies which may run on your device when you use the website. These technologies include cookies which are small data/text files that store information on your computer. Cookies allow the Bank to collect information including browser type, the amount of time spent on the Website, and pages visited. We may use this information to enhance your online experience and to facilitate your use of this Website. We collect aggregated site-visitation statistics that we may use to measure the effectiveness of this Website and to improve our products and services. Accepting the cookies used by this Website does not give us access to your personal information.

You can manage website cookies in your browser settings.  You always have the choice to have your device warn you of the time a cookie is being sent or change these settings by accepting, rejecting or deleting cookies. If you do not accept these cookies, you may experience some inconvenience in your use of this Website and you may not be able to access portions of this Website at all if you disable cookies on your browser. 

Third party websites

This Policy only addresses the use and disclosure of information collected by the Bank through our public website. A user of our site that links to another website will be subject to the privacy policy of that website. We encourage you to ask questions and review the applicable privacy policy before disclosing information to third parties. We have no responsibility or liability for the independent actions or policies of independent sites, and are not responsible for the content or privacy practices of such sites.

Information security

The Bank uses Secure Sockets Layer (SSL) technology to protect your information from unauthorized access. However, using SSL is not a guarantee that such information may not be accessed, disclosed, altered or destroyed by breach of such technology. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed without proper approval. We limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis, i.e., those who need the access in order to fulfill the tasks and duties relating to authorized service delivery. All employee personal information is considered confidential and the Bank has an Information Security Policy that classifies, among other things, sensitive employee personal information (e.g., social security numbers) to ensure such information is properly controlled and protected. Our IT systems are protected against unauthorized access with various level of preventative and detective security tools and processes. All Bank employees are required to sign an agreement to protect confidential information (including personal confidential information) and to comply with the Bank’s information security polices and standards. Any third party vendors who have access to personal information are required by contract to keep the information confidential.

Social media sites

The Bank provides experiences on various social media platforms that enable sharing and collaboration among users who have registered to use them. Any content you post on official Bank-managed social media sites, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is subject to the terms of the privacy policies of those respective platforms.

Copyright

Except as otherwise provided by applicable law, the contents of this Website are copyrighted and the information herein may not be used without the prior written consent of the Bank.

Governing law and jurisdiction in San Francisco

The use of this Website is governed by and shall be construed in accordance with the laws of the United States and, to the extent applicable, the State of California. Users of this Website and the Bank’s members agree that any action arising from any matter relating directly or indirectly to this Website shall be brought in a court of competent jurisdiction in the City and County of San Francisco, State of California, that those courts have personal jurisdiction over you and the member for that purpose, and you waive any right to bring or seek transfer of any such action to any court outside of San Francisco, California.

Contact information

If you have any questions about this Policy, please contact Web Support at (415) 616-2610.