Privacy Policy

1. Overview

This Privacy Policy governs the use of the HSA/FSA Eligibility Lookup tool (the "Service" or "Tool"). The Service is designed with privacy as a core principle. We do not collect, store, process, or transmit any personally identifiable information ("PII") about you or your search queries. This policy describes our information practices in detail.

2. Information We Do Not Collect

The Service is specifically designed to operate without collecting user data. We do not collect, store, log, or process:

• Search queries or search history
• Personal information of any kind
• Account credentials (no account creation or login required)
• Tracking cookies or persistent identifiers
• Analytics data or usage statistics
• Health information, medical data, or protected health information (PHI)
• Financial information or payment data
• IP addresses or device identifiers

3. Client-Side Architecture

The Service operates entirely as a client-side application. This architecture ensures your privacy through the following mechanisms:

• All searches and computations are performed locally within your web browser using static data files
• No search queries, user inputs, or results are transmitted to external servers or third-party APIs
• Your browser may cache static resources (HTML, CSS, JavaScript, images) for performance optimization only
• Application data (eligibility taxonomy and rules) is delivered as static JSON files served from our hosting infrastructure
• No server-side processing, logging, or data storage occurs during your use of the Service

4. Browser Local Storage and Cookies

The Service may utilize browser local storage exclusively for enhancing user experience. Local storage is used solely for:

• Storing your selected account type preference (HSA, FSA, or HRA)
• Maintaining your theme preference (light or dark mode)
• Caching recent searches for convenience (stored locally on your device only)

Important: All local storage data remains exclusively on your device, is never transmitted to our servers or third parties, and can be cleared at any time through your browser's settings or developer tools. We do not use tracking cookies, analytics cookies, or any persistent identifiers across sessions.

5. Third-Party Links and External Resources

The Service contains hyperlinks to external websites, including IRS publications and other governmental resources. We are not responsible for and do not control the privacy practices, content, or data collection activities of these third-party websites. We recommend reviewing the privacy policies of any external sites before providing personal information to them. The inclusion of any link does not imply our endorsement of the linked site.

6. Data Security and Transmission

Because we do not collect, store, or transmit personal data, there is no user data at risk of unauthorized access or breach. However:

• The Service is delivered over HTTPS to ensure secure communication between your browser and our hosting infrastructure
• Static application files are served through industry-standard web hosting infrastructure
• Your search activity remains entirely within your local browser environment
• We maintain no databases, logs, or records of user activity

7. Future Service Modifications

Should we introduce backend services, analytics tools, or any form of data collection in future versions of the Service, we will:

• Update this Privacy Policy and clearly disclose all data collection practices
• Provide prominent notice to users before implementing such changes
• Limit data collection to what is strictly necessary for Service functionality
• Implement data anonymization and aggregation where possible
• Obtain user consent where required by applicable law
• Comply with all applicable privacy regulations including GDPR, CCPA, and HIPAA where applicable

8. User Rights and Control

Because we do not collect or store personal data, there is no personal information to access, modify, export, or delete. You retain complete control over your use of the Service:

• You may clear browser local storage at any time through your browser settings
• No account creation, registration, or authentication is required
• You may use privacy-focused browsers, VPNs, or anonymous browsing modes
• You may discontinue use of the Service at any time without any data retention consequences
• You have the right to contact us with privacy-related questions or concerns

9. Children's Privacy (COPPA Compliance)

The Service is not directed to, nor do we knowingly collect information from, children under the age of 13 in compliance with the Children's Online Privacy Protection Act (COPPA). Because we do not collect personal information from any users regardless of age, no special provisions for children are necessary. If you believe a child has provided information to us, please contact us immediately.

10. Privacy Law Compliance

Our privacy-by-design architecture ensures compliance with major privacy regulations:

• GDPR (General Data Protection Regulation): No personal data of EU residents is collected or processed
• CCPA (California Consumer Privacy Act): No sale or sharing of personal information occurs
• HIPAA: The Service does not create, receive, maintain, or transmit protected health information (PHI)
• Other State Privacy Laws: No personal data collection eliminates obligations under state-specific privacy laws

Note: While the Service references healthcare-related tax regulations, it is purely informational and does not constitute a HIPAA-covered entity or business associate.

11. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or Service functionality. The "Last Updated" date at the top of this page will be revised to reflect the date of the most recent changes. Material changes will be communicated through prominent notice on the Service. Your continued use of the Service following any modifications constitutes your acceptance of the revised Privacy Policy.

12. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the United States. Any disputes arising from this Privacy Policy or your use of the Service shall be subject to the exclusive jurisdiction of the courts located in the United States. You consent to the personal jurisdiction of such courts.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, you may contact us through the following methods:

• Review our open-source code repository (if publicly available) to independently verify our privacy-preserving architecture
• Submit inquiries through the contact form or email address provided on the Service (if available)
• Report privacy concerns or potential security issues through our designated channels

Please note: Specific contact information will be provided here when available.

14. Disclaimers and Limitations

IMPORTANT DISCLAIMER:

• This Service provides informational guidance only and does not constitute tax, legal, financial, or medical advice
• The privacy of your healthcare and financial decisions remains between you and your healthcare providers, plan administrators, and tax professionals
• We are not responsible for how you use the information provided by the Service
• We make no warranties regarding the accuracy, completeness, or timeliness of information provided
• Your use of the Service is at your own risk and subject to our Terms of Service