Privacy Policy

1. Data We Collect

We collect two primary categories of data:

Platform User Data (HR administrators and account holders):

• Name, work email address, job title, and company name
• Billing and payment information (processed by our payment provider)
• Login credentials and session data
• Platform usage logs and feature interaction history

Employee Data (processed on behalf of your organization):

• Employee demographics, life stage indicators, and employment status
• Benefits utilization history and preferences (where provided)
• HRIS and payroll data imported via integrations or file upload

2. How We Use Data

We use platform user data to:

• Provision and manage your subscription and account
• Process payments and send billing communications
• Provide technical support and respond to inquiries
• Improve platform features and AI model performance
• Send product updates and service announcements

We process employee data solely as directed by your organization (as a data processor) to generate AI-powered benefits match results and recommendations.

3. Data Processing Roles

With respect to employee data, your organization acts as the data controller and BenefitMatcherAI acts as the data processor. We process employee data only as instructed and in accordance with the Data Processing Agreement (DPA) available to enterprise customers. We do not use employee data for any purpose other than delivering the contracted services.

4. Cookies & Analytics

We use cookies and analytics tools to maintain sessions, understand how the platform is used, and improve user experience. Analytics data is aggregated and anonymized where possible. You can manage cookie preferences through your browser settings.

5. Data Sharing & Sub-Processors

We do not sell your data. We share data only with trusted sub-processors who assist in delivering our services, including:

• Cloud infrastructure providers (data hosting and processing)
• Payment processors (billing and subscription management)
• Email and communication tools (transactional notifications)
• Analytics platforms (aggregated usage reporting)

All sub-processors are bound by data processing agreements and meet our security standards. A current list of sub-processors is available upon request.

6. Data Security

We implement enterprise-grade security controls including:

• AES-256 encryption at rest and TLS 1.2+ in transit
• Role-based access controls and multi-factor authentication
• Regular security audits and penetration testing
• SOC 2 Type II compliance program
• 24/7 security monitoring and incident response protocols

7. Data Retention

Platform user data is retained for the duration of your subscription plus 12 months, unless a longer retention period is legally required. Employee data is retained only for the duration of your active subscription and deleted within 30 days of contract termination or upon written request.

8. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request erasure of your personal data
• Restrict or object to specific processing activities
• Receive a portable copy of your data
• Opt out of non-essential marketing communications
• (CCPA) Opt out of the "sale" of personal information (we do not sell data)

Submit requests to privacy@benefitmatcherai.com. We respond within 30 days.

9. International Data Transfers

If you are based outside the United States, your data may be transferred to and processed in the US or other countries. We rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) for cross-border data transfers in compliance with applicable regulations.

10. Policy Updates

We will notify enterprise account holders of material changes to this Privacy Policy by email at least 30 days before changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

11. Contact Our Privacy Team