Privacy Policy
Your employer never sees what you ask. If you ask about mental health coverage, pregnancy benefits, or anything else—your employer will never know. Period. Employers only see aggregate data like "47 questions this week"—never individual queries. Privacy isn't a feature—it's the architecture.
Introduction
Benefitly, LLC and its affiliates ("Benefitly," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard information when you access or use our website, platform, mobile applications, and related services (collectively, the "Services").
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.
Information We Collect
Information You Provide. We collect information you voluntarily provide to us, including personal details such as your name, email address, phone number, date of birth, mailing address, account credentials, payment and billing information, employment details, healthcare preferences, questions submitted through our AI tools, and feedback you provide.
Health Insurance Information. We also collect health insurance–related information when you use our Services, including insurance carrier details, plan information, member or policy identifiers, coverage dates, deductibles, copayments, and covered benefits, as necessary to deliver our Services.
Automatically Collected Information. We automatically collect certain information when you use the Services, including usage data such as pages viewed, features used, time spent on the platform, search queries, and navigation behavior. We also collect technical information such as IP address, browser type, operating system, device type, unique device identifiers, and general location information derived from IP address or ZIP code.
Cookies and Tracking. We use cookies and similar tracking technologies to enable functionality, enhance user experience, analyze usage, and improve performance. You can manage cookie preferences through your browser or account settings.
Information from Third Parties. We may receive information from third parties, including employers that provide access to Benefitly, insurance carriers, healthcare providers, analytics providers, payment processors, and publicly available sources such as provider directories and health education resources. Information received from these sources is used only in connection with providing and improving our Services and in accordance with applicable law.
How We Use Your Information
We use your information to operate, maintain, and improve the Services, including analyzing insurance coverage, answering questions through our AI tools, identifying care options, estimating out-of-pocket expenses, matching users with in-network providers, sending benefit notifications, personalizing experiences, and improving platform functionality.
We also use information to communicate with you, provide customer support, send service-related notices, deliver educational content, process payments, prevent fraud, comply with legal obligations, enforce our terms, and protect the security and integrity of our systems.
With your consent, we may send marketing or promotional communications, which you can opt out of at any time.
Information Sharing
We do not sell personal information.
We share information only as necessary to operate the Services, including with trusted service providers that perform functions on our behalf such as cloud hosting, analytics, payment processing, customer support, and email delivery. These providers are contractually required to safeguard information and use it only for authorized purposes.
Employer Access. If your employer provides access to Benefitly, we may share aggregated and de-identified usage metrics, but we do not share individual health information without your explicit consent.
Provider Connections. If you choose to use referral or provider-connection features, we may share limited information with healthcare providers at your request.
Legal Requirements. We may also disclose information if required by law, in connection with legal proceedings, to protect our rights or users, or in the event of a merger, acquisition, or sale of assets.
Aggregated Data. We may share aggregated or de-identified data for research, analytics, and product improvement purposes.
Your Rights and Choices
Depending on your location, you may have rights to access, correct, delete, restrict, or export your personal information; object to certain processing activities; opt out of marketing communications or targeted advertising; and withdraw consent where applicable.
We do not discriminate against users for exercising privacy rights.
Requests can be made by emailing privacy@benefitly.ai or through available account tools, and we respond within timeframes required by law.
Additional rights may apply to residents of certain U.S. states, including California, Virginia, Colorado, Connecticut, Utah, and Nevada, as well as users in the European Economic Area.
Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no common understanding of how to interpret DNT signals, our Services do not currently respond to browser DNT signals. However, you can manage your privacy preferences through your browser settings, our cookie preferences (where available), and by opting out of marketing communications.
California residents and users in other jurisdictions may have additional rights regarding tracking and targeted advertising. Please see the "Your Rights and Choices" section above or contact us at privacy@benefitly.ai for more information.
Data Security
We implement administrative, technical, and physical safeguards designed to protect your information, including encryption, secure infrastructure, access controls, monitoring, employee training, and incident response procedures.
While we take security seriously, no system can be guaranteed to be completely secure, and you provide information at your own risk.
Data Retention
We retain personal information only as long as necessary to provide the Services, meet legal and compliance obligations, resolve disputes, and enforce agreements. The following retention periods apply to specific categories of data:
- Audit and Compliance Logs. System audit logs, security event records, and compliance-related data are retained for seven (7) years in accordance with HIPAA regulatory requirements and applicable legal preservation obligations. Such records are encrypted and stored using tiered archival storage.
- Application Access Logs. Web access logs and service usage records are retained for ninety (90) days for security monitoring and service optimization purposes.
- Plan Documents and Benefit Information. Prior versions of uploaded plan documents are retained for ninety (90) days following supersession to facilitate version comparison and error correction.
- Voice and Audio Data. Voice recordings and audio transcriptions are retained for twenty-four (24) hours solely for processing purposes, after which they are automatically and irreversibly deleted to minimize protected health information exposure.
- Processing Cache and Analytical Data. Temporary processing artifacts, document analysis data, and derived content used to provide the Services are retained for ninety (90) days and thereafter deleted.
- Account Information. Core account information is retained for the duration of your active account relationship and for a reasonable period thereafter as required to comply with legal obligations, resolve disputes, or enforce our agreements.
Notwithstanding the foregoing, we may retain information for longer periods where required by applicable law, regulation, legal process, or governmental request, or where necessary to establish, exercise, or defend legal claims.
You may request deletion of your information, subject to lawful retention obligations, by contacting privacy@benefitly.ai.
Children's Privacy
Our Services are not intended for individuals under 18 years of age, and we do not knowingly collect personal information from children. If we become aware that information has been collected from a child, we will delete it promptly.
International Data Transfers
Benefitly is based in the United States, and information may be processed and stored in the U.S. or other jurisdictions where our service providers operate.
If you access the Services from outside the United States, you consent to the transfer of your information to the U.S. and acknowledge that data protection laws may differ from those in your jurisdiction. Where required, we use appropriate safeguards for international data transfers.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated policy on our website and, where appropriate, through in-app notifications.
Continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact Benefitly at privacy@benefitly.ai.
For general support, contact support@benefitly.ai.
By using the Services, you acknowledge that you have read and understand this Privacy Policy and agree to the collection, use, and sharing of information as described herein.