Privacy Policy

Last updated: March 26, 2026

BenefAgent ("we", "us", or "our") operates benefagent.com and provides AI-powered employee benefits optimization tools. This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

We collect information you provide directly to us:

• Account information: Email address, name, and password when you create an account.
• Profile information: Salary, 401k contribution percentage, family status, and commute type — used to personalize your benefits analysis.
• Benefits documents: PDFs, Word documents, or images you upload for analysis. These are processed by AI and immediately discarded — we do not store your uploaded documents.
• Expense queries: Text you enter in the HSA/FSA checker and receipts you upload for scanning.
• Usage data: Pages visited, features used, and interaction data to improve the service.

2. How We Use Your Information

• To provide and improve the BenefAgent service
• To personalize your benefits analysis and recommendations
• To save your analysis results and check history to your account
• To send you service-related emails (account confirmation, password reset)
• To enforce our Terms of Service

3. AI Processing

BenefAgent uses AI models to analyze benefits documents and check HSA/FSA eligibility. When you upload a document or enter an expense:

• Your data is sent to our secure server-side AI processing function
• Documents are processed in real-time and are not stored by us or our AI provider
• AI responses (analysis results, eligibility verdicts) are saved to your account so you can access them later
• We use OpenAI and/or Anthropic APIs for AI processing. Their respective privacy policies apply to data processed through their APIs.

4. Data Storage

Your account data and analysis results are stored securely using Supabase, which is hosted on AWS infrastructure. Data is encrypted at rest and in transit. We retain your data as long as your account is active. You may request deletion at any time.

5. Data Sharing

We do not sell your personal information. We share data only with:

• Supabase: Database and authentication provider
• OpenAI / Anthropic: AI processing (document content only, not personal identifiers)
• Vercel: Hosting provider
• Stripe: Payment processing (when applicable)

6. Cookies

We use essential cookies for authentication (managed by Supabase). We do not use tracking or advertising cookies. We do not display ads.

7. Your Rights

You have the right to access, correct, or delete your personal data at any time. To request data deletion, email us at [email protected] or delete your account from the Settings page.

8. Children's Privacy

BenefAgent is not directed at children under 18. We do not knowingly collect information from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].