Privacy Policy

Effective Date: August 19, 2025
Last Updated: August 19, 2025

Introduction

HSA Butler (“we,” “our,” or “us”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health expense tracking application and related services (the “Service”).

Information We Collect

Personal Information

• Account Information: Name, email address, phone number, and account credentials
• Profile Information: Date of birth, HSA provider information, and account preferences
• Contact Information: Billing address and communication preferences

Health and Financial Information

• Expense Data: Medical expenses, receipts, invoices, and transaction details
• HSA Account Information: Account balances, contribution limits, and transaction history
• Health Records: Medical documentation and receipts uploaded by users
• Payment Information: Credit card details and billing information (processed securely through third-party payment processors)

Usage Information

• Application Usage: Features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Access times, pages viewed, and technical error information

Automatically Collected Information

• Cookies and Tracking: Session cookies, preference cookies, and analytics data
• Location Data: General location information for fraud prevention and service optimization

How We Use Your Information

Core Service Functions

• Expense Tracking: Categorize and organize your health expenses
• Compliance Management: Ensure IRS compliance and generate required documentation
• Financial Planning: Provide personalized insights and recommendations
• Document Management: Store and organize receipts and health records

Service Improvement

• AI and Analytics: Improve expense categorization and predictive analytics
• Customer Support: Provide technical assistance and respond to inquiries
• Security: Detect and prevent fraudulent activities and security breaches
• Communication: Send service updates, security alerts, and account notifications

Information Sharing and Disclosure

We Do Not Sell Your Information

HSA Butler does not sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing Scenarios

• Service Providers: Third-party vendors who assist with payment processing, cloud storage, and analytics
• Legal Requirements: When required by law, court order, or government regulations
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Consent: When you explicitly authorize us to share information with third parties

Healthcare Information

Health information is handled in accordance with applicable healthcare privacy laws, including HIPAA where applicable.

Data Security

Security Measures

• Encryption: All data transmitted and stored using industry-standard encryption
• Access Controls: Role-based access restrictions and multi-factor authentication
• Regular Audits: Security assessments and vulnerability testing
• Secure Infrastructure: Cloud hosting with enterprise-grade security measures

User Responsibilities

• Account Security: Maintain strong passwords and protect login credentials
• Device Security: Secure devices used to access the Service
• Suspicious Activity: Report any unauthorized access immediately

Data Retention

Retention Periods

• Active Accounts: Data retained while account remains active and for legitimate business purposes
• Closed Accounts: Personal data deleted within 90 days of account closure, except as required by law
• Legal Requirements: Some data may be retained longer to comply with tax and healthcare regulations

User Control

Users can request data deletion or account closure through account settings or by contacting support.

Your Rights and Choices

Access and Control

• Data Access: Request copies of your personal information
• Data Correction: Update or correct inaccurate information
• Data Deletion: Request deletion of your personal information
• Data Portability: Export your data in machine-readable format

Communication Preferences

• Email Communications: Opt-out of marketing emails while maintaining service notifications
• Push Notifications: Control notification settings through device or application settings

Cookies and Tracking

• Cookie Controls: Manage cookie preferences through browser settings
• Analytics Opt-out: Disable analytics tracking through application settings

Children’s Privacy

HSA Butler is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will delete the information immediately.

Third-Party Services

Integration Partners

The Service may integrate with third-party HSA providers, banks, and financial institutions. These integrations are governed by the privacy policies of those respective services.

External Links

Our Service may contain links to external websites. We are not responsible for the privacy practices of these third-party sites.

International Users

HSA Butler primarily serves users in the United States. International users should be aware that their information may be transferred to and processed in the United States.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated through:

• Email Notification: Sent to registered users
• In-App Notification: Displayed within the application
• Website Notice: Posted on our website

Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Information

Privacy Questions

For questions about this Privacy Policy or our privacy practices:

Email: privacy@hsabutler.com

Data Protection Officer

For specific data protection inquiries:
Email: dpo@hsabutler.com

Support

For general support and account questions:
Email: hello@hsabutler.com

This Privacy Policy is designed to comply with applicable privacy laws including CCPA, GDPR, and healthcare privacy regulations. Users are encouraged to review this policy regularly and contact us with any questions or concerns.