Legal

Privacy Policy

Last updated: April 13, 2026

Effective date: April 13, 2026

Your FSA Guide ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data.

Summary: We collect only what we need to provide our service. We do not sell your data. We do not have access to your actual FSA or HSA funds. Health information you provide is used solely to personalize your guidance experience.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: name, email address, password (hashed, never stored in plaintext).
  • Health profile: FSA or HSA balance, account type, spending deadline, and any health conditions you voluntarily share.
  • Payment information: billing details processed securely through Stripe. We never store credit card numbers.
  • Communications: messages, support tickets, and feedback you send us.
  • Employer information (for company accounts): company name, company size, HR administrator contact details.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, time spent on platform.
  • Device information: browser type, operating system, device type.
  • IP address and approximate geographic location (city/region level only).
  • AI chat history: questions asked and responses received.
  • Barcode scan history: products scanned and eligibility results.

1.3 Information from Third Parties

  • OAuth providers: If you sign in with Google or Microsoft, we receive your name, email, and profile picture. We do not receive your passwords.
  • Stripe: We receive transaction confirmations and subscription status updates only.
  • Employer invitations: If your employer invited you, we receive your work email from the HR administrator.

2. How We Use Your Information

  • To create and manage your account and authenticate your identity.
  • To deliver personalized FSA and HSA guidance based on your balance, deadline, and health profile.
  • To power the AI guidance feature — your health conditions and account details are used as context for AI responses.
  • To send deadline reminders and important account notifications (premium feature).
  • To process payments and manage your subscription through Stripe.
  • To provide employer HR dashboards with aggregated, anonymized utilization metrics.
  • To respond to support inquiries and resolve technical issues.
  • To improve our AI models and platform features using anonymized, aggregated usage patterns.
  • To comply with applicable legal obligations.

We do not use your data for advertising, sell it to data brokers, or share it with third parties for their marketing purposes.

3. Health Information

Your FSA Guide is not a covered entity or business associate under HIPAA. However, we treat health-related information with the highest level of care.

  • Health conditions you share are used exclusively to personalize your FSA spending recommendations.
  • This information is never shared with your employer, your insurance carrier, or any third party.
  • Employers cannot view your individual health profile data — only aggregated, anonymized utilization metrics.
  • You may update or delete your health profile at any time from your dashboard.
  • We do not use health information to make determinations about your insurance eligibility, employment, or creditworthiness.

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

4.1 Service Providers

  • Supabase — database hosting and authentication infrastructure.
  • Stripe — payment processing.
  • Anthropic — AI model provider powering our guidance feature.
  • Resend — transactional email delivery for reminders and notifications.
  • Vercel — platform hosting and content delivery.

4.2 Employer Accounts

If your account was created through an employer invitation, your employer can see that you have an active account and your FSA deadline. Your employer cannot see your health conditions, AI chat history, or individual FSA balance.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or valid governmental request.

4.4 Business Transfers

In the event of a merger or acquisition, your information may be transferred. You will be notified and given an opportunity to delete your account.

5. Data Retention

  • Active accounts: We retain your data for as long as your account is active.
  • Cancelled individual subscriptions: Account data is retained for 30 days after cancellation, then permanently deleted.
  • Deactivated employer-sponsored accounts: Employee data is retained for 90 days to allow for individual plan conversion, then permanently deleted.
  • AI chat history: Retained for up to 12 months, then purged.
  • Payment records: Retained for 7 years as required by financial regulations.
  • You may request immediate deletion of your account at any time by contacting yourfsaguide@gmail.com.

6. Data Security

  • All data is encrypted in transit using TLS/HTTPS.
  • All data is encrypted at rest in our database infrastructure (Supabase).
  • Passwords are hashed using bcrypt and never stored in plaintext.
  • Authentication tokens are short-lived and rotated regularly.
  • Access to production systems is restricted to authorized personnel only.

In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

7. Your Rights and Choices

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to the processing of your data for certain purposes.
  • Withdrawal of consent: Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at yourfsaguide@gmail.com. We will respond within 30 days.

California Residents (CCPA)

We do not sell personal information as defined under CCPA. To submit a CCPA request, contact us at the email above.

8. Cookies and Tracking

  • Authentication cookies: Required to keep you logged in during your session.
  • Preference cookies: Store your theme preference (light/dark) and font size settings.
  • We do not use advertising cookies or tracking pixels.
  • We do not use Google Analytics or other third-party analytics services that track you across websites.

9. Children's Privacy

Your FSA Guide is intended for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If you believe we may have collected information from a minor, contact us at yourfsaguide@gmail.com.

10. International Data Transfers

Your FSA Guide is operated from the United States. If you are accessing the platform from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the platform, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, for significant changes, by sending an email to registered users. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

Your FSA Guide — Privacy

Email: yourfsaguide@gmail.com

Website: yourfsaguide.com

We aim to respond to all privacy-related inquiries within 30 days.