Privacy Policy

The effective date of this Privacy Policy is December 11, 2015.

Last updated January 14, 2021.


The Metropolitan Transportation Commission (MTC), the Bay Area Toll Authority (BATA), the MTC Service Authority for Freeways and Expressways (MTC SAFE), the Bay Area Infrastructure Financing Authority (BAIFA) and the Bay Area Headquarters Authority (BAHA) (each, an “Agency” and collectively referred to as “the Agencies”) wish to provide visitors to this website (“the Website”) an understanding of how the Agencies handle Personally Identifiable Information (PII) collected in connection with their Website visits. Among other things, this Privacy Policy explains the types of information collected, the third parties with whom the Agencies may share this information, and the process by which visitors are notified about material changes to this Policy.


The following definitions apply:

Personally Identifiable Information (PII)

PII identifies or describes a person or can be directly linked to a specific individual. Examples of PII include but are not limited to, a person’s name, mailing address, email address, and telephone number.

Aggregate Data

Aggregate Data is statistical information that is derived from collective data and relates to a group or category of persons from which PII has been removed. Aggregate Data is generally used by the Agencies for statistical analysis, reporting, improving the content of Agencies’ web services, and helping the Agencies understand how people are using Website services.  Aggregate Data may be shared with third parties and published in any publically-available media.

Collection of Personally Identifiable Information

The information the Agencies collect depends upon what the visitor does when visiting the Website. The Agencies collect PII from the visitor only if he or she volunteers to use a service and the collection of the information is necessary to deliver the specific service, such as to respond to the visitor’s questions or to provide written materials or program updates that the visitor has requested.   In general, this information may include an individual’s name, address, phone number and email address. If the visitor uses MTC’s online employment application, other types of PII may be requested to process his or her application.

The Website uses a third party Digital Subscription Management service called govDelivery, operated by Granicus, LLC, to allow individuals to subscribe to regular communication from the Agencies.  When using this service, a visitor may voluntarily provide his or her name and email address.  To find out more about govDelivery and the Granicus privacy policy, visit the Granicus Subscriber Privacy Statement. If the visitor provides PII to govDelivery, MTC may copy the information to Agency mailing lists and use the information to send the visitor communications consistent with his or her request. Agency mailing lists may be stored in cloud based systems and services.

How the Agencies Use Personally Identifiable Information

The Agencies use the PII provided in order to provide the visitor with the service(s) he or she has requested.

Third Parties With Whom the Agencies May Share Personally Identifiable Information

Comments and inquiries, which usually contain some PII such as name and email address, may be shared with third parties for review, comment, and/or action in order to appropriately respond to the specific concern.   For example, comments and inquires received by the Agencies that are related to services provided by other public agencies (e.g. transit agencies) may be forwarded to those agencies for their response. Likewise, the Agencies may need to share a question with a third party service provider, if necessary, to respond to technical issues.

Please note that, once provided, all comments and inquiries may be considered public records subject to public inspection. Comments may be published on the Website or included in written or electronic format in any publicly-available media.

In addition, PII may be disclosed to third parties, as required to comply with laws or legal processes served on one or more of the Agencies.

Agencies’ contractors who operate cloud based systems and services have access to PII but only for the purpose of operating and maintaining such cloud based systems and services.

IP Addresses

An Internet Protocol (IP) address is a unique string of numbers that is assigned to a visitor’s computer, router or mobile device by his or her internet service provider.  When the visitor accesses the Website, the Agencies’ cloud platform provider collects the visitor’s device’s IP address, the time and date of the visit, and the pages he or she visits.  This information is used to help diagnose and resolve system errors and to otherwise administer the Website. This information may be shared with third party service providers for these purposes.

Website Usage Metrics

The Website uses a third party traffic measurement service called Google Analytics to gather and compute website usage metrics.  Google Analytics collects users’ IP addresses and the pages the users are visiting.  Google Analytics may set a cookie that will enable it to function properly.  To find out more about Google Analytics’ privacy principles, visit the Google Analytics Privacy and Security Page


The Agencies’ cloud platform providers employ procedural, technological, and physical security measures that are reasonably designed to prevent unauthorized access. This should not, however, be deemed in any way as warranting or guaranteeing the security of the information provided on the Website. In addition, there is a risk that unauthorized third parties may engage in illegal activity by such things as hacking into on-line web services.  

Updating Personally Identifiable Information

Visitors whose PII is included in Agencies’ mailing lists can review and update their PII at any time by entering their email in the subscription box at, entering their optional password if established, clicking the “Subscriber Preferences” link, entering their new information and clicking the “Submit” button.


The Website stores “cookies,” which are small data elements that a website can store on a visitor’s computer or mobile devices when he or she visits.  A cookie file contains information that can identify information such as the IP address of the computer and network that a visitor uses to browse the Website, network traffic patterns, and browser software and operating system versions in order to customize the browsing experience and functionality of the Website. The visitor can refuse cookies or delete the cookie from his or her computer using any of the widely available methods.

Once a visitor leaves the Website, the privacy policy of other websites visited or linked-to from the Website should also be reviewed to understand how these external sites utilize cookies and how the information that is collected through the use of cookies on these websites is utilized.

Third-Party Websites and Applications

The Website may contain links to third-party websites operated by entities that may be affiliated with the Agencies. These web links may be referenced within content, or placed beside the names or logos of the other entities. The Agencies do not disclose PII to these third-party websites.

WARNING: Once a visitor enters external websites (whether through a service or content link), the Agencies are not responsible for the privacy practices of those other websites. Please review all privacy policies of external websites you may visit from links on the Website before using or providing any information to such other websites.

Children’s Privacy

If a visitor to the Website tells us that he or she is under the age of 13, the Agencies do not collect any PII from that person.

Changes to This Privacy Policy

Material Changes: MTC will inform visitors if material changes are made to this Privacy Policy, in particular, changes that expand the permissible uses or disclosures of PII allowed by the prior version of the Privacy Policy. If MTC makes material changes to the Privacy Policy, MTC will notify visitors by means of posting a conspicuous notice on the Website that material changes have been made.

Immaterial Changes: MTC may also make non-substantive changes to the Privacy Policy, such as those that do not affect the permissible uses or disclosures of PII. In these instances, MTC may not post a special notice on the Website.

If MTC decides to make any change to the Privacy Policy, material or immaterial, MTC will post the revised policy on the Website, along with the date of any amendment.

MTC reserves the right to modify this Privacy Policy at any time, so the Privacy Policy needs to be reviewed frequently by visitors.

When MTC revises the Privacy Policy, the "last updated" date at the top of the Privacy Policy will reflect the date of the last change. We encourage visitors to review this Privacy Policy periodically.

Contact Information

MTC welcomes comments on this Privacy Policy. Also, if there are questions about this statement, please contact the MTC Privacy Officer at or call (415) 778-6700.

History of Changes to Privacy Policy

December 11, 2015: Privacy Policy established

January 14, 2021: Revisions to address storage of PII in cloud based systems and services and to make other clarifications