Privacy Notice

Last updated on December 4, 2024

FSA Store Inc. ("HSA Store", “we”, “our”, “us”) is committed to providing transparency regarding the information we collect via our website: https://hsastore.com (the “Website”), our mobile application (the “App”), as well as information we collect when we interact with you by phone, electronically, in-person or through your interactions with our online advertising (collectively, when providing you the “Services”). This Privacy Notice describes the types of information we collect and how we use and disclose it. It also describes the choices available to you regarding your information. Undefined capitalized terms shall have the meanings set forth in the Terms of Use.

Please read this Privacy Notice carefully prior to your use of, or creation of an Account on, the Services. If you do not agree to abide by this Privacy Notice, please do not use the Services.

This Privacy Notice may change from time to time and should be read in conjunction with our Terms of Use, which include all disclaimers of warranties and limitation of liabilities.

This Privacy Notice contains the following sections:

1.     How We Collect Information

2.     How We Use Your Information

3.     How We Disclose Your Information

4.     Cookies and Online Advertising

5.     Use of Chatbots

6.     Details of Information Categories Collected

7.     Your Rights and Choices

8.     Sweepstakes, Contests, and Promotions

9.     Links to Other Websites

10. Children

11. Security and Retention

12. Additional Information for California Residents

13. Notice of Financial Incentive/ Bona Fide Loyalty Program Disclosure

14. Contact Information

1.             How We Collect Information

We collect a variety of information from and about you as you use the Services or as we otherwise interact with you as further explained in this section. 

Information we collect from you. We collect information directly from you when you:

  • Use the Services, including when you:
  • create an Account;
  • interact with your Account by updating your information including but not limited to, providing us your deadline information or letting us know your grace period status;
  • use our HSA Expense Dashboard(™), HSA Your Way(™), HSA Tax Savings Calculator(™), HSA Future Value Calculator(™), HSA 401(k) Maximizer(™); 
  • add an item to your cart, make a purchase, or engage in a refund or return; or
  • provide your social media account information to us.
  • Interact with our promotional or commercial content, for example when you:
  • participate in sweepstakes or contests that we offer on our own or in partnership with third parties;
  • participate in quizzes or surveys that we administer on our own or in partnership with third parties;
  • redeem coupons or offers from us;
  • enroll in or participate in our loyalty programs including, but not limited to HSA Perks®;
  • indicate that you are interested in receiving information about our products or services, such as through email alerts, SMS texts and other notifications, and when you interact with such communications; and
  • post content on the Services such as reviews, testimonials, and other feedback.

Information We Collect Automatically. There is some information we may collect automatically as you navigate through the Services (“Usage Information”), including:

  • the dates and times at which you use the Services;
  • the extent of your use of the Services;
  • the general location from which you access and/or use the Services;
  • the URL or advertisement that referred you to the Services;
  • the search terms you entered into a search engine that led you to the Services;
  • your usage preferences, areas and pages within the Services that you access or use, which products/services you view or purchase, and any other items or links within the Services that you click, view or access; and
  • the mobile platform or service provider you use, your browser type, your operating system, and referring/exit pages.

We may collect Usage Information over time and across third-party websites or other online services to understand more about your preferences.

Information We Collect From Third Parties. We collect information about you from the following third parties:

·      Your third-party administrator, when you enroll in or participate in our Integration Services including, but not limited to single sign-on, balance display, cardless pay, or DirectPay; or in our receipt tracking services including, but not limited to Expense Dashboard.

·      Our marketing affiliates, for example, we may supplement certain information that we collect from you with outside records, or information third parties may provide us about you in connection with a co-marketing or other agreement.

Combined Information. We may combine the information we collect through the variety of sources noted above and use such combined information in accordance with this Privacy Notice.

De-Identified Information. We may de-identify information we collect so the information cannot reasonably identify you or your device, or we may collect information that is already in de-identified form and use such information for purposes such as to conduct market research, engage in project planning, for troubleshooting purposes or to help detect and protect against error, fraud or other criminal activity. We commit to not de-aggregating or re-identifying the aggregated and/or anonymized data that we process. Our use and disclosure of de-identified information is not subject to any restrictions under this Privacy Notice, and we may use and disclose it to others for any purpose, without limitation. 

2.             How We Use Your Information

We may use the information we collect to:

  • Provide the Services, including to:
  • complete your transactions, fulfill your orders or process your returns/exchanges;
  • administer your Account and manage your Account information;
  • perform internal operations that are reasonably aligned with your expectations as a consumer or reasonably anticipated based on your existing relationship with us; and
  • perform internal operations that are otherwise compatible with processing data in furtherance of the provision of a product or service specifically requested by you or the performance of a contract with you.
  • Personalize the Services, including to:
  • identify you and improve and/or customize the Website or the App;
  • send you reminders about items you have browsed or added to your cart, order confirmations, and other administrative, transactional, or Account notices;
  • create a more personalized shopping experience and customize certain content you see on the Website and the App;
  • Respond to your requests for information, such as to:
  • send you requested product or service information;
  • respond to customer service requests, questions or comments;
  • Provide you with relevant offers and promotions, including through:
  • sending you emails;
  • sending you SMS messages (in accordance with applicable law);
  • Analyze and improve the Services, including to:
  • identify trends, conduct data analysis, optimize, and determine the effectiveness of our marketing and promotions and other service offerings;
  • improve your user experience and increase the efficiency and effectiveness of the Services;
  • For security and legal purposes, such as to:
  • maintain security, and prevent and detect fraud;
  • enforce our Terms of Use;
  • comply with laws, regulations, and other legal process and procedures;
  • support purposes that we believe are necessary to protect our rights and the rights of others, or as otherwise described to you at the time of collection.

3.             How We Disclose Your Information

We may disclose the information that we collect or that you provide us as described in this Privacy Notice:

  • to any of our current or future subsidiaries or affiliates;
  • to vendors that we use to support our business;
  • to a buyer or other successor in the event of an actual or contemplated merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which your information is among the assets to be transferred;
  • with your consent; and
  • for legal purposes, including:
  • to comply with any court order, law, or legal process, including to respond to any government, law enforcement, or regulatory request;
  • to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; and
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of HSA Store, our customers, or others; this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

4.             Cookies and Online Advertising

We and our third-party vendors and partners may use cookies and similar tracking technologies, for example, to keep track of your preferences, understand how you use the Services, and to display more relevant and targeted content and advertising to you, both on our Services and other online services. For example, we may use cookies to track the items in your shopping cart and may use that information to send you relevant text marketing campaigns (e.g., sending you personalized text messages or emails reminding you about items you have browsed or added to your cart).  We also use cookies to enable you to select products, place them in an online shopping cart, and to purchase those products.

Cookies are small pieces of information that are stored as text files by your Internet browser on your computer’s hard drive, mobile device, or tablet. Most internet browsers are initially set to accept cookies. You can set your browser to refuse cookies or to remove cookies, but if you do so, you may not be able to access or use portions of the Services, or certain offerings on the Services may not function as intended.

The Services also contain electronic images known as web beacons (sometimes called single-pixel gifs) that are used along with cookies to compile aggregated statistics to analyze how the Services are used, and may also be placed in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.

For more information generally about online targeted advertising activities and to understand your right to opt out from these practices, please visit: https://youradchoices.com/choices-faq. Additional information on how to opt out of targeted advertising practices of NAI or DAA affiliated advertisers is available here: NAI Opt Out or DAA Opt Out. To further prevent targeted advertising based on browser behavior, you can disable digital tracking tools on your browser.

5.        Use of Chatbots

We may use automated chat features, or “chatbots” on Services. Information collected by a chatbot is used to answer a specific user question. As you interact with our chatbots, we will also collect general information about your use of the chatbot, such as session length. We recommend that you not submit sensitive or identifying information through the chatbot features unless specifically prompted to do so. We may recommend products based on your questions submitted through the chatbot, but you should not take chatbot suggestions as medical advice. If you have a specific question requiring a detailed response, we recommend contacting Customer Service at (888) 372-1450. 

6.        Details of Informantion Categories Collected

The laws in certain states, such as California and Colorado, require us to provide you with some additional information about the specific categories of “personal information” or “personal data” (as these terms in quotes are defined in applicable law, and are collectively referred to herein as “Personal Information”) we collect from and about you. Applicable laws also require us to disclose the types of “sensitive personal information” we collect about you. In the past 12 months, we have processed the categories of Personal Information listed in the table below. The table also lists, for each category, the source, business purpose, and a general description of third parties to whom this information may be disclosed. For more details regarding the sources, business purposes, and third parties to which we disclose this information, please see Sections 1-5 of this Privacy Notice above.

Personal Information Category Source of Information Business Purpose of Use Third Parties to Whom Information is Disclosed
Identifiers (e.g., name, mailing address, phone number, email address, IP address) You, your company, and/or your use of the Services
  • Provide the Services
  • Personalize the Services
  • Respond to your requests for information
  • Provide you with relevant offers and promotions
  • Analyze and improve the Services
  • For security and legal purposes
  • Affiliates
  • Vendors
  • Entities for Legal Purposes
  • Advertising and Analytics Vendors/Partners
Log-in credentials (e.g., username and password) You, your company, and/or your use of the Services
  • Provide the Services
  • For security and legal purposes
  • Affiliates
  • Vendors
  • Entities for Legal Purposes
Commercial information (e.g., products or services purchased or considered); your favorite products on the Services You, your company, and/or your use of the Services
  • Provide the Services
  • Personalize the Services
  • Respond to your requests for information
  • Provide you with relevant offers and promotions
  • Analyze and improve the Services
  • For security and legal purposes
  • Affiliates
  • Vendors
  • Entities for Legal Purposes
  • Advertising and Analytics Vendors/Partners
Professional and employment-related information (e.g., job title, employer) You, your company, and/or your use of the Services
  • Provide the Services
  • Personalize the Services
  • Respond to your requests for information
  • Provide you with relevant offers and promotions
  • Analyze and improve the Services
  • For security and legal purposes
  • Affiliates
  • Vendors
  • Entities for Legal Purposes
  • Advertising and Analytics Vendors/Partners
Internet or other similar network activity; Usage information (including your general location as derived from your IP address) You, your company, and/or your use of the Services
  • Provide the Services
  • Personalize the Services
  • Respond to your requests for information
  • Provide you with relevant offers and promotions
  • Analyze and improve the Services
  • For security and legal purposes
  • Affiliates
  • Vendors
  • Entities for Legal Purposes
  • Advertising and Analytics Vendors/Partners
Inferences drawn from other information You, your company, and/or your use of the Services
  • Provide the Services
  • Personalize the Services
  • Provide you with relevant offers and promotions
  • Analyze and improve the Services
  • For security and legal purposes
  • Affiliates
  • Vendors
  • Advertising and Analytics Vendors/Partners
Information concerning your spending account, including as needed for the Integration Services (e.g., name, postal address, phone number, account balance, participant identification, administrator identification) You, your plan’s Third-Party Administrator
  • Provide the Services
  • Personalize the Services
  • Respond to your requests for information
  • Provide you with relevant offers and promotions
  • Analyze and improve the Services
  • For security and legal purposes
  • Affiliates
  • Vendors
  • Entities for Legal Purposes
  • Advertising and Analytics Vendors/Partners
Financial account or spending account information, including account log-in, financial account, debit card, or credit card number and potential credentials allowing access to an account (note that payment information is collected and processed by our third-party payment providers on our behalf) You
  • Provide the Services, such as to allow you to make purchases, or to display spending account information
  • Offer you the Integration Services
  • For security and legal purposes
  • Payment processors
  • Vendors
  • Entities for Legal Purposes
Health information  
  • Provide the Services, including to answer your questions via our chat function
  • Offer you products and services you may need or be interested in
  • For security and legal purposes
  • Affiliates
  • Vendors
  • Entities for Legal Purposes

Note that we will comply with applicable law with respect to the processing of sensitive Personal Information, which may require consent or opt out choices.

7.        Your Rights and Choices

Applicable law may provide consumers with specific rights regarding their information (including in California, Colorado, Oregon, and Connecticut). This section describes these rights and explains how to exercise them. Depending on your jurisdictions of residence, you may also have the right to appeal our decision regarding your request. When such a right applies, we will let you know along with the procedure for initiating the appeal.

Access to Specific Information and Data Portability Rights

You may have the right to request that we disclose certain information to you about our collection and use of your information. You may request that we disclose:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you.
  • Our business or commercial purpose for collecting or “selling” that Personal Information.
  • The categories of unaffiliated parties to whom we disclose that Personal Information.
  • The specific pieces of Personal Information we collected about you.

You may also have the right to a copy of the Personal Information we have collected from you in a readily useable, electronic format.

You also have the ability to access certain of your Personal Information through My Account.

Deletion Request Rights

You may have the right to request that we delete any of your Personal Information that we collected from or about you, subject to certain exceptions. Please note that if you wish to have Personal Information collected by one of our affiliate sites (e.g., FSA Store Optical, BetterHelp, Oura) deleted, you must contact that affiliate directly and follow the data deletion request process outlined in that affiliate's Privacy Notice to do so. 

Correct Inaccurate Information

You can make any corrections needed in your profile by logging into My Account. If you need to correct any other Personal Information that we process concerning you, please contact us as noted below.

Other Rights

Subject to limitations of applicable law, you may have the right to request to be opted out of the processing of your Personal Information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects. You may also revoke any consent you’ve provided for processing of your Personal Information on a going-forward basis.

Exercising Data Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by either:

Only you, or a person duly authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. We will need proof showing you have authorized someone else to make a request on your behalf, which may include a Power of Attorney form or other signed document.

Before we fulfill a deletion, access, or correction request, we must verify your identity and ability to exercise some of these rights. In order to do this, we may require you to provide your name, contact information and the nature of your relationship with us.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable consumer request does not require you to create an Account with us. However, we do consider requests made through your password protected Account sufficiently verified when the request relates to Personal Information associated with that specific account.

Non-Discrimination

We will not discriminate against you for exercising any of your data rights.

Your Marketing Choices

Email marketing. We will send you relevant email marketing and promotional materials in accordance with applicable law. You may choose to stop receiving these email marketing communications from us by following the instructions included in such communications, updating your email preferences or by accessing your account at My Account and changing your email preferences there. If a third-party vendor provides such newsletters, you may unsubscribe in accordance with the instructions provided by such third party. If you are having problems unsubscribing, please contact us at [email protected] (forwarding the newsletter, if applicable, and including in the Subject line the words “Unsubscribe”). Please note that we cannot process any unsubscribe requests submitted as direct replies to any newsletter. Please note that if you unsubscribe from marketing emails, we may still send you administrative emails regarding the Services, including, for example, notices of updates to our Terms of Use or this Privacy Notice.

SMS Marketing. As set forth in the Terms of Use, you may receive SMS text messages as part of our SMS and Email Messaging Program. This may include text messages about items you have browsed or added to your cart, which are facilitated in part by our use of cookies on the Services. If you have any questions or need assistance regarding any text message received, you can text us “HELP” to receive assistance. You may opt-out of receiving text messages from us by texting “STOP” in response to any text. You understand that we may send you a text confirming any opt-out by you.

Your Choices Regarding “Sharing” and “Selling”

You have the right to opt out of our “sale” or ”sharing” of your Personal Information for purposes of online analytics and advertising by using the mechanisms above in the “Cookies and Online Advertising” section above. 

Privacy Information for Texas and Florida Residents

NOTICE: We may sell your sensitive personal data (by serving you with online advertising

relevant to your use of the Services if you have provided consent).

8.        Sweepstakes, Contents and Promotions

We may offer sweepstakes, contests, and other promotions (each a “Promotion”) that may require registration. By participating in a Promotion, you are agreeing to the official rules that govern that Promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor(s) of the Promotion to use your name, voice, likeness, or other indicia of persona in advertising or marketing associated with the Promotion. If you choose to enter a Promotion, your information may be disclosed to third parties or the public in connection with the administration of such Promotion, including, without limitation, in connection with winner selection, prize fulfillment, and as required by law or permitted by the Promotion’s official rules, such as on a winner’s list.

9.        Links to Other Websites

The Services may include links to other websites, mobile applications, or services (“Third-Party Sites”), whose privacy practices may differ from ours. Such links are not an endorsement by us of those Third-Party Sites and/or the products or services they offer. If you visit Third-Party Sites, or submit information to Third-Party Sites, your visit, and the information you provide is governed by the privacy statements on those sites. We encourage you to carefully read the privacy statement of any Third-Party Site you visit, as it may differ substantially from that of this Privacy Notice. We make no representations or warranties nor are we responsible for the privacy statements of any third party. If you decide to click on any such links or access any Third-Party Sites appearing on the Website or the App, you do so at your own risk.

The Services also include hyperlinks to an eyewear/optical prescription fulfillment website. Our Terms of Use and this Privacy Notice do not extend to such eyewear/optical prescription fulfillment website, and we therefore encourage you to review the terms and conditions and privacy statement of such fulfillment website before accessing, using, or providing any information to such website. Any information, including prescription and credit card information, that you provide via the eyewear/optical prescription fulfillment website will be governed by the privacy statement of such website.

10.      Children

We are committed to protecting the privacy and rights of children online. To that end, no part of the Services is directed towards persons under the age of 16 and we do not knowingly collect any Personal Information from users under the age of 16. Should we discover or be informed that a child has submitted Personal Information, we will take steps to delete such information as commercially reasonable and in accordance with applicable law.

11.      Security and Retention

Data security. The security of your information is important to us. We use a variety of administrative, technical, and physical safeguards to protect the information submitted to us, both during transmission and once we receive it, and to keep such information confidential (unless it is non-confidential by nature, for example, publicly available information). However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and the nature of security risks is constantly evolving. The security of any information collected, stored, or used by us cannot be guaranteed.

Data retention. Generally, we retain Personal Information for as long as it serves the business purpose for which it was collected. If there is a specific retention period required by law or contract, the Personal Information will be retained for that length of time. Where we collect Personal Information in relation to our Integration Services, we collect your consent to do so. After you have enrolled, you can opt out of the Integration Services by logging in to your account portal and following the opt out prompts.

We retain Sensitive Personal Information as per our general retention practices, noted above. We only process your Sensitive Personal Information as necessary to perform the services or provide the goods that you reasonably expect when dealing with us, or as otherwise authorized by law. 

12.      Additional Privacy Information for California Residents

Categories of personal information we collect Source of information Business Purpose Third Parties to Whom Information is Disclosed
Identifiers (e.g., name, email address, phone number) Our B2B Contacts, their employers, and other third parties. Engaging in transactions and other business with employers of B2B Contacts We disclose your information to service providers, such as mailing fulfillment vendors and companies that help us connect and do business with your employers. We may also share your Personal Information with other service providers, such as professionals, like attorneys or accountants, where necessary for our business.
Professional and employment-related information (e.g., job title, company) Same as above Same as above Same as above
Information relating to Internet activity or other electronic network activity (e.g., browsing data); general location information inferred from an IP address Our B2B Contacts Same as above  Same as above
 Any other information provided by B2B contacts to us, such as through support communications including audio or video recordings of communications we have with you  Our B2B Contacts  Same as above  Same as above

If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you with information about:

  • the purpose for which we use each category of “personal information” (as defined in the CCPA) we collect; and
  • the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) “share” personal information for “cross-context behavioral advertising,” and/or (c) “sell” such personal information.

Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across distinct online services, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. We “share” information with our advertising partners to provide more relevant and tailored advertising to you regarding our Services. Moreover, our use of third-party analytics services and online advertising services may result in the sharing of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” under the CCPA. For detailed information about the categories of Personal Information we collect, please see Section 6 “Details of Information Categories Collected” above.

Your Choices Regarding “Sharing” and “Selling”: You have the right to opt out of our sale/sharing of your Personal Information for purposes of online analytics and advertising by using the mechanisms above in the “Cookies and Online Advertising” section above. 

Other CCPA rights.

Financial incentives. Please see Section 13 below, “Notice of Financial Incentive/ Bona Fide Loyalty Program Disclosure.”

Right to Limit. The CCPA allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. To provide you with more relevant content and services, we may use information about the products you have purchased and viewed. This may include the processing of information that is considered "sensitive personal information" under the CCPA. You have a right to limit our use of sensitive data for purposes other than to provide the services or goods you request or as otherwise permitted by law. To exercise this right, please contact us at [email protected]

Personal Information rights. Please see the “Your Rights and Choices” Section 7 of our Privacy Notice above for information about the additional rights you have with respect to your Personal Information under California law and how to exercise them.

Retention of Your Personal Information. Please see the “Security and retention of your information” section above.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our websites for third-party purposes, and that is why we provide the variety of opt-out mechanisms listed above. Some web browsers offer users a “Do Not Track” privacy preference setting in the web browser. We do not currently recognize or respond to browser-initiated Do Not Track signals. Learn more about Do Not Track

 

California Business Users. If you are a California business user of our Services, the following chart provides details about the categories of Personal Information we collect from and about you:

13.      Notice of Financial Incentive/ Bona Fide Loyalty Program Disclosure

We offer our customers a loyalty program, HSA Perks®, that provides certain benefits, such as rewards and exclusive offers. We may also provide other programs, such as sweepstakes, contests, or other similar promotional campaigns (collectively, the “Programs”). When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of personal information and offering of certain benefits, they might be interpreted as a “financial incentive” program under California law or a “bona fide loyalty program” under Colorado law. Under the California law, the value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less the expense related to offering those products, services, and benefits to Program participants.

You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Visit the Terms of Use page of each Program to view full details, including how to sign up.

14.      Contact Information

You can contact us about this Privacy Notice by writing, emailing, or calling us at:

HSA Store Inc.

5473 Blair Rd

Suite 100

PMB 24308 

Dallas, TX 75231

Email: [email protected]