Table of Contents
1. Purpose, Scope, and Applicability
2. General Statement on Data Sharing and Privacy
4. Information ACCESS Collects
5. How ACCESS Uses Collected Information
7. With Whom ACCESS Shares Information
v1.4
December 9, 2025
1. Purpose, Scope, and Applicability
ACCESS, on behalf of the U.S. National Science Foundation (NSF), operates a set of central data and computing infrastructure services, which serves to federate researcher access to many Resource Provider site resources.
This policy pertains to information gathered through the ACCESS services—including, but not limited to, ACCESS web portals, the ACCESS ticket system, ACCESS allocation services, Resource Provider resource usage reported back to the ACCESS accounting system, information related to members of the Computational Science Support Network (CSSN), and to other data collected by ACCESS in the course of meeting its program objectives.
Resource Provider sites and ACCESS partners may gather information by means other than the ACCESS infrastructure, and such information does not fall under this policy unless it is shared by partners with ACCESS. ACCESS may also share information with partners as described in this document.
2. General Statement on Data Sharing and Privacy
Most NSF ACCESS program awardees and most ACCESS-allocated resources are associated with public institutions, and are funded by a U.S. federal agency. As such, data collected by ACCESS and Resource Providers about the use of ACCESS infrastructure and ACCESS-allocated resources are presumed public and sharable, with exceptions and appropriate safeguards for private user information. Due to integration of ACCESS services with a variety of Resource Providers and other partners, users should be aware that the privacy of usage data is limited as a practical matter. Foremost, ACCESS limits the amount of personally identifiable information that it requires of users. ACCESS requires enough information to uniquely identify an individual and ensure the security of the infrastructure. The ACCESS Acceptable Use Policy (see https://access-ci.org/acceptable-use/) forbids the entry of false information in user profiles. Violations may result in suspension of accounts and cancellation of all ACCESS allocations and privileges. To the extent possible, ACCESS avoids collecting information that could be used for legal or financial harm. ACCESS may request optional information that helps ACCESS communicate the impact of the infrastructure to NSF and other stakeholders.
ACCESS does not sell user information to third parties. However, information collected by ACCESS may be shared publicly or with authorized third parties for open academic studies about the infrastructure, how it is used, its user community, and the impacts of the federal investment. The remainder of this document defines and clarifies this general policy statement with respect to key data sets collected within the ACCESS environment.
3. Definitions
Additional ACCESS-specific terminology can be found in the ACCESS Glossary (see https://access-ci.org/glossary/).
Personally Identifiable Information (PII): Information that might be used to uniquely identify an individual. The Personally Identifiable Information collected by ACCESS includes name, organizational affiliation, email addresses, and phone numbers.
Principal Investigator (PI): An ACCESS user who has received access to ACCESS-allocated resources as the lead on a request submitted and granted through the ACCESS allocations process. A PI may grant access to ACCESS-allocated resources to other users, whose usage will be charged to the PI’s allocation(s).
ACCESS: When used unqualified, this term refers to the common infrastructure operated by the various NSF ACCESS Program Awardees (Allocations, Support, Operations, Metrics, Coordination Office), distinct from the infrastructure provided by ACCESS Resource Providers.
Resource Providers (RPs): Resource Providers are organizations independently funded to provide a variety of cyberinfrastructure services to the ACCESS community. Examples include high performance computing systems, data archives, network services and professional support services.
ACCESS-Allocated Resources: Resources provided by Resource Providers to the ACCESS Community and with access managed via the ACCESS allocations process.
ACCESS Community: The set of authorized users of resources and services made available via ACCESS. The community includes individuals who may directly use an ACCESS-allocated resource, individuals who may use ACCESS-allocated resources through an ACCESS partner (e.g., through a science gateway interface), and users of any ACCESS services.
ACCESS Partners: Organizations that collaborate with ACCESS. Examples include science gateways, peer cyberinfrastructures such as the OSG Consortium, Resource Providers, and Globus.
Authorized Third Parties: In the context of this policy, persons or organizations who may be granted access to information that would otherwise not be shared under this policy. Authorization may be granted on legal grounds, such as through Freedom of Information Act (FOIA) requests, or as part of academic research studies approved by an Institutional Review Board (IRB).
4. Information ACCESS Collects
ACCESS collects and stores a wide range of data about users and their use of ACCESS services and ACCESS-allocated resources.
- User Profiles: User profiles are ACCESS database records containing Personally Identifiable Information (e.g., name, organizational affiliation, email addresses, and phone numbers) to establish the unique identity of individuals and to maintain the ability to communicate with them.
- Allocation Requests: ACCESS collects a range of information for the purposes of establishing eligibility and reviewing requests to use various ACCESS resources.
- Usage Information: Information about access to and use of ACCESS services and ACCESS-allocated resources (e.g., system logs, resource accounting data) by individuals from the ACCESS community are recorded in order to measure resource use, improve operations, provide reports to stakeholders, and understand the value of the services and resources.
- Survey and Evaluation Data: ACCESS conducts regular surveys of the ACCESS community to assess and improve specific services and evaluate the overall success of the program. There are different ways of accessing ACCESS services and ACCESS-allocated resources, each of which involve disclosure of personal information and various data sharing approaches. Details follow for each type of access.
4.1 User Profiles
Access to most ACCESS services as well as access to ACCESS-allocated resources requires an individual to register for an ACCESS identity (ACCESS ID). Information collected at registration includes title, name, organizational affiliation, academic status, phone numbers, organizational email address, and country of residence.
4.2 Access and Allocation Requests
As part of submitting a request for access to ACCESS-allocated resources, the requester must provide various information and documents in support of the request. Access to non-allocated resources and services (e.g., training courses) may also require individuals to provide additional registration information beyond that required to register for an ACCESS ID.
Personal information collected for allocation requests includes information collected for an ACCESS ID. Eligibility and access to resources may be denied if ACCESS ID data is incomplete.
4.3 Usage Information for ACCESS Services
Most ACCESS services have logging, monitoring, and/or instrumentation to track individuals’ usage of these resources and services. Data collected by these service features is subject to this policy.
Data from anonymous use of the public ACCESS website and other services: ACCESS maintains public websites and other services, all or part of which allow anonymous, public access. When one uses such services anonymously, ACCESS collects the information sent by the client (typically a web browser) and through the use of various technologies such as cookies. This information typically includes the user’s Internet address, type of web browser, operating system and, if the user was directed to an ACCESS website from another website, the address of that website.
Data from authenticated access to ACCESS portals and other services: ACCESS portals and other ACCESS services, including but not limited to training courses, ticket systems, and ACCESS allocation services require user authentication. When one uses these and other ACCESS services, ACCESS collects information about the user and associated service usage logs. This information typically includes the user’s Internet address, service capacity utilized, time and date of usage.
User help requests: To support ACCESS service users in achieving their objectives, ACCESS operates a ticket system to manage and track user help requests. ACCESS collects information about the user and their issue, which is logged in the ticket system. This information typically includes the user’s ACCESS ID and email address, time and date of the request, description of the issue, and exchanges between the user and ACCESS or Resource Provider support staff.
4.4 Usage Information for ACCESS-Allocated Resources
Most ACCESS-allocated resources have logging, monitoring, and accounting features or other instrumentation to track individuals’ use of these resources. ACCESS collects a subset of this usage information for allocations, accounting, and reporting purposes, subject to this policy.
In the course of conducting allocated projects on ACCESS-allocated resources, users may place research data on those resources, either as part of submitting a computational job or through the use of data storage facilities. ACCESS collects Resource Provider–reported aggregate accounting data about the use of storage, but ACCESS does not collect nor read users’ research data.
4.5 Survey and Evaluation Data
ACCESS conducts a range of surveys to assess the program’s performance, plan for and evaluate the success of ACCESS events and services, gather feedback from the user community, and gather information from ACCESS staff about the working environment. These surveys are regularly analyzed, summarized, and reported on by ACCESS. The raw response data is governed by Institutional Review Board (IRB) protocols for human subject research and personally identifiable data is not shared. Data collected under IRB protocols are clearly marked as such, and require respondents to review and consent to data use provisions in an IRB-approved invitation letter prior to participation.
4.6 Data from Accessing ACCESS Through Partners
ACCESS services and ACCESS-allocated resources may be accessed through a number of partners, including Globus services, Science Gateways and peer cyberinfrastructures (e.g., OSG). Users of these partner entities entrust certain information to the operators of these services. The protection of information collected by the operators is subject to their data privacy and protection rules and is solely the responsibility of those operators. When a user accesses ACCESS services or ACCESS-allocated resources via a partnering service, ACCESS may obtain personal information or attributes about the user from that entity, but only if that entity has the right to share the user information with ACCESS. Such data reported to ACCESS is subject to this policy.
4.7 Requests to Remove Personal Information
Requests to remove personal information should be submitted to the ACCESS ticketing system via https://support.access-ci.org/open-a-ticket with “Request to Remove Personal Information” in the subject line. These requests will be evaluated by ACCESS.
5. How ACCESS Uses Collected Information
ACCESS uses the information it collects for the following purposes across the organization:
- To administer and manage ACCESS services and support Resource Providers in managing their resources.
- To communicate with users regarding ACCESS services.
- To provide the information and services that users request.
- To provide personalized content when users visit ACCESS websites or services.
- To improve ACCESS websites and services.
- To inform the ACCESS community about ACCESS products and services.
- To understand the value and impact of ACCESS services and ACCESS-allocated resources.
- To produce reports for NSF and other funding or advisory bodies.
- For any other purpose, which ACCESS discloses to users in a specific privacy notice.
6. Information ACCESS Shares
ACCESS shares some of the information it collects as required to demonstrate stewardship of federal funds granted to the project and to help assess the impact of the integrated cyberinfrastructure.
6.1 ACCESS User Profile
Every ACCESS ID holder has an associated ACCESS User Profile, which includes data required to process and administer ACCESS project allocations. Additional optional data fields may be included in the ACCESS User Profile, for which data entry is welcome but voluntary. ACCESS may collect User Profile data to report statistics about the ACCESS user community.
6.2 Information about ACCESS Usage
For accounting and reporting purposes, ACCESS collects information about utilization of ACCESS services and ACCESS-allocated resources. Usage information about ACCESS-allocated resources is collected initially by individual Resource Providers and may also be stored by those providers.
Users should be aware that the privacy of these data are limited as a practical matter. These data are available to other members of the ACCESS-allocated project to which the utilization is charged and, depending on the specific resource, may also be visible to other users of that resource (e.g., in job submission interfaces). ACCESS routinely shares usage information with authorized funding agencies and researchers. ACCESS usage data is publicly available via the XDMoD portal (see https://xdmod.access-ci.org/).
6.3 Information about Allocation Awards
The existence of an award and basic information about the principal investigator (PI) and project (e.g., the size and duration of the award, on which resources the award is made, and the project abstract) are public.
6.4 Information about Allocation Requests and Reviews
Information included in allocation requests is treated as private communications between the submitters and the ACCESS staff and committees that evaluate the proposals. This includes information about whether or not a proposal has been submitted for evaluation, identities of reviewers, and any reviewer comments associated with the request.
Data from allocation requests may be utilized by ACCESS staff or authorized third parties to study the allocations process and to analyze usage patterns and scientific success or productivity for purposes of ACCESS project management or for reports to sponsors. In such cases, results will be anonymized and summarized before publication.
6.5 Information from a Partner
To assist in reporting to NSF, appropriate operation of services, and troubleshooting of services, ACCESS Operations requires Resource Providers (RP) to share coarse network data with ACCESS Operations. This includes aggregate and de-identified network and utilization data from that RP to other ACCESS sites. RPs also grant consent for the release of this relevant data from Internet2 to be shared with ACCESS Operations of network traffic to/from the RP.
If a partner (e.g., gateway operator, Resource Provider, PI, or campus champion) releases data to ACCESS, they must specify all privacy constraints regarding such data. Handling of private data received by ACCESS is governed by this policy. All other data received is assumed to be public and may be used at the discretion of ACCESS.
7. With Whom ACCESS Shares Information
ACCESS does not sell user information. ACCESS does share some information publicly. As a project supported by a U.S. federal agency, most usage data about ACCESS services and for ACCESS-allocated resources is made public via the XDMoD Portal. ACCESS users can choose to share information about their ACCESS allocation awards with ORCID, via the ACCESS User Profile interface; by default these data are not shared with ORCID.
ACCESS necessarily shares personally identifiable information with ACCESS Resource Providers to manage user accounts, resolve system issues, perform accounting on ACCESS allocations, and resolve security incidents. ACCESS may also share some identifiable information as part of publicly available usage data summarizing allocations and use of ACCESS services or ACCESS-allocated resources.
7.1 Information Shared with Resource Providers
ACCESS routinely makes information about its users and their usage available to participating Resource Providers for purposes of securing, maintaining, and administering ACCESS-allocated resources. Information shared in this manner will then fall under the privacy policies of the Resource Provider sites rather than this policy. Resource Provider sites are expected to treat such information for operational purposes in a manner consistent with this policy.
7.2 Institutional Review Board Approval
ACCESS may permit access by a third party to PII data for authorized research purposes. Such permission shall be contingent on approval from the third party’s Institutional Review Board. In such cases, results will be anonymized and summarized before publication.
7.3 Legal Requests
The ACCESS project offices are associated with a public institution and funded by a U.S. federal agency. Therefore, ACCESS is subject to Freedom of Information Act (FOIA) requests and must respond to these as well as any other legitimate legal and regulatory requests.
8. Acceptance of This Policy
Use of ACCESS services constitutes acceptance of this Privacy Policy.
9. Governance
ACCESS will cooperate with authorized partners in audits and investigations in the event of suspected breaches of this policy.
ACCESS may update this privacy policy. Notice of changes to this policy will be communicated to the ACCESS user community via ACCESS websites and regular electronic communications. All data previously provided by users to ACCESS will be subject to the provisions of the updated privacy policy, and continued use of ACCESS services will constitute acceptance of the updated privacy policy.