Privacy Policy
We're here to help.
Effective Date: May 1, 2024
Grand Canyon University is located in Phoenix, AZ. The university, a top Christian institution serving both traditional and online students, is committed to protecting our constituents' privacy. This statement is designed to expound upon the necessary collection of data/information that GCU acquires from site visitors and to define how that information is used.
This privacy policy is current as of the effective date set forth above. GCU reserves the right to change this privacy policy at least once every 12 months, remaining consistent with applicable privacy laws and principles.
Grand Canyon University annually informs students of the Family Educational Rights and Privacy Act (FERPA) of 1974. FERPA affords students certain rights with respect to their education records. Questions concerning FERPA may be referred to the Office of Academic Records.
Grand Canyon University has designated certain information in the education records as directory information for the purposes of FERPA. Students are required to complete a Student Information Release Form (SIRF), submitted to the Office of Academic Records, to control the release of such information with respect to student records. The SIRF authorizes a third party to receive designated records as requested by the student, however, it does not authorize GCU to have discussions about it or any portion of the student’s education record or for the authorized person to take action on the account.
Designated third parties are expected to abide by university policy; the university reserves the right to discontinue communication if the third party fails to follow policy guidelines or otherwise demonstrates an inability to communicate properly with the university or its representatives. The SIRF information is sent out to students annually. It is the responsibility of students to notify the Office of Academic Records if they would like to make any changes to their SIRF information.
Although GCU recognizes some information as directory, GCU's practice is not to release most directory components unless the university determines a need to do so (for example, police request). Some directory information will be released when it comes to athletes or other student activities, such as theatre productions, regardless if a student opts out.
Students wishing to opt out of ALL directory information disclosure must send their request to the following email address: directoryoptout@gcu.edu. If choosing to opt out, students must provide their student ID and/or reply from their GCU email address.
Prior to opting out of directory information, graduating students’ decision to request non-disclosure should be considered critically since it could affect the ability of GCU to complete employment documentation on behalf of the student, such as institutional recommendations.
This form provides a way to submit feedback on a security flaw, vulnerability or malicious activity from one of our information assets. Please provide specific details such as IP address, URL, user account or any other details that will help us to fully understand the issue. Also, it is very helpful if you provide contact info where we can follow up with questions if we have any difficulty in finding or replicating the issue.
We may collect information you volunteer to provide, which may be used to identify your records directly or indirectly. GCU states to have collected the displayed attributes as listed in the table below in the past 12 months.
GCU may assign you a username and password to permit access to certain sites. PII data will be collected in order to create these unique identifiers. Additionally, credit card or other financial PII may be requested for activities such as: purchases, orders, donations and registrations, which may be handled by a PCI compliant third-party service provider.
PII data may also be collected for those filling out online applications relating to employment. Employment forms may request PII such as: your name, address, telephone number(s), email address, employment history, language fluency, educational history, work experience and other work/skill related PII data. Please note that external job application sites that are not affiliated with the company may have a different privacy policy in place, as GCU may use to redirect information, which it is recommended to review as applicable.
GCU does not sell personal data records and has not done so in the past 12 months. In some cases, GCU may share PII with a contracted entity in order to perform a business purpose.
Some of the information collected may be used for business purposes such as:
GCU websites provide access to information and services for constituents that may not have a formal relationship with the university as a student or employee. If you are neither a student nor employee and prefer not to provide any information online, we invite you to cancel the transaction and contact the administrative unit responsible for the service to conduct the business in person, by mail or by telephone. Contact information is found in the “More Information” section of this policy.
GCU is committed to providing secure online environments for our constituents and online visitors. Our websites have standard and advanced security measures in place to protect against the loss of, misuse, unauthorized access, disclosure, alterations and destruction of information we process and control. Although GCU has security controls in place to safeguard against malicious actors, it is important to remain alert when entering GCU-assigned credentials to external sites that are not affiliated with the university.
We recommend ensuring that your device is kept protected with an up-to-date Antivirus software. GCU does not accept liability for data that is compromised due to the following: (i) utilizing a password that is deemed weak or commonly used; (ii) voluntarily providing credentials to a malicious site; (iii) transmitting information through an insecure channel not provided by GCU or its partner institution (e.g. utilizing an unprotected public network or a compromised personal device). To further protect your data, we regularly educate our employees on standard data protection procedures and new cybersecurity threats/technologies through cybersecurity awareness programs.
If you suspect a security incident may be related to a record handled by GCU, please contact ITSecurity@gcu.edu for a prompt response.
Grand Canyon University may disclose PII data to third parties who are approved vendors dedicated to performing tasks on behalf of GCU, where security obligations are in place to maintain confidentiality, integrity, and availability of all the information transmitted. We may also disclose PII in response to legal processes, such as court order or a subpoena, in the response to a law enforcement agency’s request or where we believe it is necessary to investigate, prevent and/or act upon notices regarding suspected illegal activities.
GCU uses Google Analytics to display retargeted ads to our site prospects, on GCU’s behalf, across the internet. Google may collect non-PII data about your visits to our sites and your interaction with our products or services. This anonymous information is collected through the use of a pixel tag. No PII is collected during this process. If you do not want Google to collect this information, you may opt out of their service by visiting: tools.google.com/dlpage/gaoptout
Grand Canyon University’s online advertising features include: Acquia Lift, Salesforce Marketing Cloud, Hotjar, Snapchat, Quantcast, Quinstreet, Bing and Yahoo. GCU also uses some or all of the following: Facebook and Twitter cookie tracking, web beacons and similar technologies. These features allow GCU to track impressions on our sites for marketing purposes. If you wish to opt out of these online advertising features, please follow the instructions on the corresponding pages.
GCU’s services are not oriented towards the use of individuals who are 13 and under. Any personal data records that may be tied to an applicable individual who cannot provide parental consent will have their record deleted promptly as enforced by the Children’s Online Privacy Protection Act of 1998 (Rule 15 U.S.C. §§ 6501–6506). Certain data regulations, such as GDPR, may require an individual who is under 16 to provide parental consent. If this applies to you, please defer from utilizing our services until parental consent has been provided.
While browsing Grand Canyon University sites you may encounter links to webpages not directly affiliated with GCU. External link content is under the control of the site that manages/owns/operates it. GCU recommends you review the privacy policy of those external organizations before proceeding with interacting with site content as processing variables may differ from this policy.
NOTE: We would like to remind you that the voluntary disclosure of PII data on social networks and other similar sites can be collected and used by others. When you leave a GCU controlled site we cannot guarantee the safety of the PII data you disclose to that entity.
While browsing Grand Canyon University, cookies may be collected. Cookies are small text files stored by your browser on your device(s) to save certain information or image files. You can change the preferences in your browser(s) and refuse to accept cookies, disable cookies or even remove stored cookies from your computer. Please note that by taking this action, you may affect your browsing experience on sites which rely on cookies to function.
Voluntarily browsing a Grand Canyon University site indicates your acceptance of the terms and conditions in use. Additionally, you are agreeing to the terms of this Privacy Statement, all non-conflicting principles of the student handbook, employee handbook, faculty handbook, computer use policies and the gcu.edu terms and conditions. If you are in disagreement with consenting, then please discontinue use of GCU sites.
You may make a request to be removed from our mailing lists by sending your name, email address and home address to:
Grand Canyon University Opt-Out
3300 W. Camelback Road
Phoenix, AZ 85017
If you do not wish to receive marketing emails from GCU, please submit a request.
Effective Date: Sept. 24, 2024
Please read these Text Messaging Terms and Conditions (Text Terms) carefully. By enrolling or otherwise agreeing to receive text messages from or on behalf of Grand Canyon University you agree to these Text Terms.
AT&T, Sprint, T-Mobile®, Verizon Wireless, Boost, Cricket, MetroPCS, U.S. Cellular, Virgin Mobile, ACS Wireless, Appalachian Wireless, Bluegrass Cellular, Carolina West Wireless, Cellcom, C-Spire Wireless (formerly Cellsouth), Cellular One of East Central Illinois, Cincinnati Bell Wireless, Cross (dba Sprocket), Duet IP, Element Mobile, EpicTouch, GCI Communications, Golden State, Hawkeye (Chat Mobility), Hawkeye (NW Missouri Cellular), Illinois Valley Cellular, Immix (Keystone Wireless / PC Management), Inland Cellular, iWireless, Mobi PCS (Coral Wireless LLC), Mosaic, MTPCS / Cellular One (Cellone Nation), Nex-Tech Wireless, nTelos, Panhandle Telecommunications, Peoples Wireless, Pioneer, Plateau, Revol Wireless, Rina - Custer, Rina - All West, Rina - Cambridge Telecom Coop, Rina - Eagle Valley Comm, Rina - Farmers Mutual Telephone Co, Rina - Nucla Nutria Telephone Co, Rina - Silver Star, Rina - South Central Comm, Rina - Syringa, Rina - UBET, Rina - Manti, South Canaan / CellularOne of NEPA, Thumb Cellular, Union Wireless, United, Viaero Wireless, West Central Wireless, Leaco, Nemont/Sagebrush.
For additional information, text HELP or contact 855-GCU-LOPE.
Our mobile applications include features that may utilize location services and data to enhance the user experience. We collect this type of data for specific purposes, including enabling features such as automated Chapel check in. Location services can be managed in your mobile device settings.
When you provide opt-in consent to GCU, you expressly agree to receive automated texts messages from GCU concerning products, services, offers, promotions, transactions, as well as about GCU’s relationship with you. Message frequency may vary, and normal message and data rates may apply.
Consent to receive marketing text messages is not required as a condition of purchasing any goods or services. Once you have opted-in, you will receive a confirmation message before any additional messaging is sent.
Mobile data collected during the opt-in process for messaging services will not be sold to third parties. Please see “How We Use Your Information” section above.
Opt-in consent is provided through several mechanisms, including but not limited to:
You may opt out of receiving text messages at any time by replying STOP, END, CANCEL, UNSUBSCRIBE, or QUIT to any text messages we send, or email privacy@gcu.edu and specify that you want to opt out of text messages.
You may opt out of receiving text messages at any time by replying STOP, END, CANCEL, UNSUBSCRIBE, or QUIT to any text messages we send, or email privacy@gcu.edu and specify that you want to opt out of text messages.
GCU's internet network is guarded by a firewall that protects on-campus students from entering sites that may be unsafe, requested to be blocked by management, or deemed not aligned with our Christian values. Sites are selected by category to filter usage. Seven categories are set to make the site unavailable but pressing the "Continue" button allows you through to the site. These site topics include, but are not limited to drugs, illegal activities, gambling and other questionable sites.
There are eight categories that are identified to make sites wholly unavailable, including, but not limited to pornography, cheating websites, malware, key loggers and sites that promote terrorist activities. The Learning Management System and eBooks websites are specifically white-listed to ensure students are always able to access them. If you feel a blocked website should be made available, contact the Office of Residence Life. Your request will be reviewed as soon as possible.
NOTE: The LOPES network, GCU's student intranet, does not authenticate students prior to allowing site access and their web filter's reporting capabilities are limited to big-picture summaries that describe general usage. Reporting on individual students will not be possible. GCU does not proactively monitor usage or sites visited.
If you are a European citizen, per GDPR regulations, you have the right to ask us for access to your data in a readable format, rectification or erasure of your information; to refuse to be subjected to automated decision making, including profiling; right to lodge a complaint with a supervisory authority; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability).
GCU will not discriminate against an individual who wishes to exercise their rights as allowed to by applicable data protection regulations. Some of these rights are not automatic. We reserve the right to discuss with you why we might not comply with a request from you to exercise them varying on the circumstances involved.
A charge is not issued for personal data record requests, unless requests are excessive. in which a charge may be applied per regulation allowance. For further information please use the contact form, email address and/or phone number found in the “More Information” section of this policy.
GCU employees are also subject to certain data subject rights, such as the right to be informed of the attributes stored within their record as applicable through the rightful authorization of GDPR.
Per GDPR, you always retain the right as an EU data subject to lodge a complaint about our management of your personal information with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (ico.org.uk)
If you are an EU citizen residing in an EU member state that is subject to GDPR regulation and you wish to request a copy of the data GCU has collected from you or wish to exercise a granted right by GDPR, please contact one of our communication methods listed. If you are a registered student, you may also contact your student services counselor. Your request may take up to 30 days to complete, unless notified with a reasonable delay of up to 90 days.
This privacy statement only applies to information collected on the following sites: gcu.edu, grand-canyon.edu, my.gcu.edu and gcu.edu subdomains. GCU’s Privacy Statement is available on our website and can be found in our University Policy Handbook. A hard copy of this policy may be requested via telephone or mail. Some personal records may be subject to additional laws that are not listed in this policy, which GCU will reasonably comply with regulations that are not publicly listed.
More Information
For additional information about this statement or GCU’s privacy practices, please contact:
Grand Canyon University, Legal Department, Building 26
3300 W. Camelback Road
Phoenix, AZ 85017
EMAIL: privacy@gcu.edu
PHONE: 602-639-8288