Skip to main content Skip to navigation Skip to footer

Office of the State Auditor

In short:

We care about your privacy, we use the minimal amount of information we need to provide you with services you requested and to enable proper functioning of this website. We safeguard your data and we do not monetize it, sell it or improperly share it.

In detail:

1. Identity and Contact

The Office of the State Auditor (“we,” “our,” or “us”) is committed to protecting the privacy of individuals who interact with our digital services. This Website Privacy Notice (“Notice”) explains what data we collect, how it is used and secured, with whom it may be shared, and what rights and remedies are available to you under Utah law. This website does not collect or aim to collect any children’s data.

Governmental Entity operating this website

Office of the State Auditor, Utah State Capitol, Suite 260, Salt Lake City, UT 84114

Our contact information

Please use official State Auditor communication channels available at https://auditor.utah.gov or contact the State Privacy Auditor team at: privacy@utah.gov

2. Data Collection

User data: When you visit or interact with our website, we may collect some “user data.” User data is not meant to identify you. “User data” means any information about a user that is automatically collected when a user accesses the government website.

User data we may collect:

Client Information & Device Metadata:

  • IP address
  • VPN or referring host
  • Approximate location (city, region/state, country)
  • Device type, operating system, screen resolution
  • Browser type and version

User Engagement Data:

  • Page views per session
  • Session start and end times
  • First and last visit timestamps
  • Number of submitted complaints or forms

Bot Detection & Abuse Prevention:

  • Behavior-based tracking via reCAPTCHA and embedded mechanisms to determine human versus automated access
  • Logged and retained solely to prevent abuse and ensure site security

Personal Data:

When you visit our website we do not automatically collect any personal data about you. Personal data refers to any data that can directly or indirectly identify, relate to, describe, or be linked to an individual – such as your name, address, telephone number, or e-mail address. You may, however, provide it to us voluntarily, for example, through our hotline or contact form.

3. Website Tracking Technologies

“Website tracking technology” means any tool used by a government website to:

(a) monitor a user’s behavior; or

(b) collect user data.

We use the following tracking technologies on this site:

  • First-Party Cookies:
    • Session Cookies: For secure user authentication. These expire when the session ends unless “Remember Me” is enabled.
    • Persistent Cookies: Used for authentication purposes.
  • Third-Party Cookies:
    • Google Analytics: Tracks session behavior, device/browser metadata, traffic source (e.g., Google, Bing), and general geographic location. Used for performance analytics.

4. Data Usage

Data collected through this website is used for the following purposes:

  • Maintaining security, performance, and integrity of the website
  • Understanding website usage trends
  • Responding to submitted forms or complaints
  • Supporting government accountability through internal auditing
  • Verifying and enforcing compliance with legal obligations or resolving incidents

We do not use your data for commercial profiling or advertising.

5. Data Sharing or Sale

  • Data Sharing: Information may be disclosed to authorized government staff or governmental agencies only where necessary to fulfill operational or legal responsibilities (e.g., complaint review, compliance audits, incident resolution).
  • Data Sale: We do not sell any user or personal data to third parties.

6. Record Series

User data collected through this website may be retained under authorized GRAMA record series applicable to:

  • Public inquiries and submissions
  • Web activity logs
  • Complaint or reporting forms
  • Internal audit documentation
  • Incident resolution

All data is maintained in accordance with the Utah Division of Archives and Records Service classification schedules.

7. User Rights

You have the right to:

  • Access your personal data collected via this website
  • Request correction or amendment of your submitted personal data

To exercise these rights, please contact us at privacy@utah.gov

8. At-Risk Employees – Privacy Classification

If you are an at-risk employee (as defined by Utah Code § 63G-2-302), you may request that your personal data be classified as a private record. Please submit such a request to: privacy@utah.gov

9. How we protect your data

We are committed to keeping the personal data you provide to us secure and will take precautions to protect your information from loss, misuse, or alteration. We use appropriate technical, administrative, and physical safeguards to ensure your personal data is protected from unauthorized access, use, or disclosure.

10. Data retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by law.

11. Privacy Ombudsperson – Filing a Complaint

If you have concerns about this website’s data practices, you may submit a complaint with the Utah State Privacy Ombudsperson:

Utah State Privacy Ombudsperson
https://privacy.utah.gov/submit-a-complaint/

12. Feedback

We welcome your feedback to improve our privacy practices. Please reach out to privacy@utah.gov or through standard government communication channels as listed on our website.

The Office of the State Auditor website may contain links to external websites not maintained or controlled by the Office. We are not responsible for the content, accuracy, or privacy practices of these third-party sites.

We encourage visitors to review the privacy notices of any external websites they choose to access and to exercise caution when sharing personally identifiable information.

14. Review of the Notice

This Notice will be reviewed periodically to ensure it remains accurate, up to date, and reflective of current laws, practices, and organizational responsibilities. Updates may occur in response to legal changes, audit findings, or operational needs.

Last review:  July 15, 2025