Privacy Policy & Data Security

Last Updated August 28, 2023

This Privacy Policy discloses the practices of Flexpa USA, Inc. (“Flexpa,” “we,” “us,” or “our”) concerning the Personal Information (as defined below) we obtain by and through your use of the Flexpa website, Flexpa API Package, Flexpa Customer Application (collectively the “Flexpa Platform”) together with the Flexpa Services, (collectively, “Online Services”). Flexpa is committed to respecting your privacy and recognizing your need for appropriate protection and management of Personal Information you share with us. The purpose of this Privacy Policy is to explain the types of information Flexpa obtains about users of the Online Services, how the information is obtained, how it is used, how it is disclosed, how you can get access to this information, and the choices you have regarding our use of, and your ability to review and correct, the information.

This policy is supplemental to, and forms an integral part of, the Flexpa Terms & Conditions and Flexpa USA Services Agreement (“Services Agreement”) (collectively, the “Flexpa Agreements”), and is effective upon its incorporation into the Flexpa Agreements. The terms of this Policy shall follow the Flexpa Agreements. Defined terms not defined in the Privacy Policy shall have the same definition as in the Flexpa Agreements.

By using the Online Services, you consent to the collection, use and transfer of your Personal Information in the United States as described in this Privacy Policy. If you do not agree with this Privacy Policy, do not access or use the Online Services. Please review this Policy carefully.

#1. Your Responsibilities

Within the scope of the Flexpa Agreements and in its use of the Online Services, End Users (as defined in the Flexpa Agreements) shall be responsible for complying with all requirements that apply to it under applicable data protective, privacy, and security laws with respect to your processing and transmittal of information to Flexpa. You acknowledge and agree that you shall be solely responsible for:

Accuracy, quality, and legality of any information, including any user content;
Complying with all necessary laws concerning the collection and use of user content, including obtaining any necessary consents and authorizations
Ensuring You have the right to transfer, or provide access to, the user content to Flexpa for purposes of providing the Online Services under the Flexpa Agreements.

#2. What We Mean by Personal Information

For purposes of this Privacy Policy, Personal Information means both Personal Identifiable Information and Personal Health Information.

“Personal Identifiable Information” means any information from or about a person or household that either identifies a person directly or that makes a person identifiable when it is combined with other information from or about that person from any source, such as the person’s name, address, email, phone number, or social security number.

“Personal Health Information” means any information from or about a person that identifies a person and was created or received by a healthcare provider or a health plan, including information related to the person’s physical or mental health or condition, health care services that the person receives, or a health plan’s payment for these services, such as the person’s name, address, telephone number, health insurance information, Medicare Beneficiary number, or financial information.

This Policy does not apply to any data such as anonymized or de-identified data which cannot directly or indirectly be used to identify you or to obtain information about you ("Anonymized and De-Identified Data"). We may generate or extract Anonymized and De-Identified Data out of any databases containing your personal data and we may make use of any such Anonymized and De-Identified Data for our purposes as we see fit.

#3. What Information We Collect About You

We collect information about you when you provide it to us, when you use our Online Services, and when other sources provide it to us, as further described below.

Information that is necessary for the use of Flexpa and its Online Services

We ask for and collect the following Personal Information about you when you use the Online Services, including transferring any such information to a third party to facilitate the Online Services. This information is necessary to perform the contract between you and us. This information is also necessary for us to comply with various legal obligations. If you choose not to provide this information, we cannot provide you with access to the Online Services.

Account Information. When you sign up for a Flexpa account, we require certain information such as your first name, last name, telephone number, and email address.
Personal Health Information. When you use Flexpa to link your Personal Health Information to third-party application, you will be asked to share your Personal Health Information with Flexpa. To operate the Online Service and to increase service reliability, Flexpa requires you to allow storage of your Personal Health Information on Flexpa’s data servers.
User Content. This consists of all text, documents, or other content or information uploaded, entered, or otherwise transmitted by you in connection with your use of the Online Services.

Information you provide to us

At any point you may choose to provide us with additional personal information in order to obtain a better user experience when using the Online Services. This additional information will be processed based on our legitimate interest or when applicable, your consent. You may otherwise choose to provide us information when you fill in a form, update or add information to your account, respond to surveys, post to community forums, participate in promotions, communicate with our customer care or support team, share your experience with us, or use other features of the Online Services.

Information we collect automatically when you use the Online Services

When you use the Online Services, we automatically collect certain information about your usage of the Online Services and how you use the Online Services. This information is necessary to ensure the best Online Services experience is available to you as well as enable us to comply with any applicable legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Online Services.

Usage Information. We collect information about your interactions with the Online Services such as the pages or content you view, your searches, and communications.
Log Data and Device Information. We automatically collect log data and device information when you access and use the Online Services, even if you have not created an account or logged in. That information includes, among other things: details about how you have used the Online Services (including if you clicked on links to third party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the Online Services.
Cookies and Similar Technologies. To collect information contemplated in this section, may use Internet server logs, cookies, tracking pixels, and other similar tracking technologies. We use these technologies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. Cookies are small text files that are placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer or device; (ii) store your preferences and settings; (iii) understand the web pages of the Online Services you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.

Most browsers are automatically set to accept cookies whenever you visit a website. You can disable cookies or set your browser to alert you when cookies are being sent. If you are based in Europe, visit www.youronlinechoices.eu for more details about advertising cookies and their management. If you are in the US, refer to www.aboutads.info/choices/. Visit www.allaboutcookies.org/manage-cookies to enable/disable cookies. Disabling cookies that are necessary for website’s proper operation may result in the web page not loading, or not operating as expected. Disabling cookies that remember your preferences or analytics, will prohibit us from providing you with relevant information. If you disable all cookies (including the essential ones), then you won’t be able to access all parts of our website.
Analytics. We may share your Personal Information with third-party analytics providers to monitor and analyze how our Online Services and features are being used. The analytics providers track and report website traffic and use this information to monitor the use of our Online Service. To opt out of use of third-party cookies that share data with these analytics providers, visit allaboutcookies.org/manage-cookies. Information we receive from third parties in connection with the Online Services

Please note that we use certain third-party service providers and business partners on the Online Services to enhance your experience or deliver certain services. Such third parties include the Flexpa Client or Customer that interacts directly with the End User. These third parties may collect Personal Information in performing their services and/or functions on the Online Services.

#4. How We Use Your Information

We use your information for various purposes depending on the types of information we have collected from and about you, in order to:

Respond to your request for information and provide you with more effective and efficient service
Contact you by email, postal mail, or phone regarding Flexpa and its Online Services
Customize the content you see on the Online Services
Secure our Online Services and resolve technical issues being reported
Help us better understand your interests and needs, and improve the Online Services, including through research and reports, and test, improve, and create new products, features, and services. We automatically analyze and aggregate information to improve and develop similar features, to better integrate the Online Services you use, or to improve the Online Services similarity functionalities for purposes of providing information to users. We also test and analyze certain new features with some users before rolling the feature out to all users. Any user test of new Flexpa features will be done with the express consent of the user and may be governed by additional agreements related to the user test.
To allow access to third party services’ accounts at your direction and consent.
For our business purposes we have a legitimate interest, when we:
- Operate the Online Services, including by storing any information on Flexpa servers or by transferring any information to necessary third parties to enable us to provide and operate the Online Services
- Apply information security policies and controls on the Online Services, including overall integrity, identity management and account authentication
- For research and development to improve Flexpa’s Services
Investigate and prevent fraudulent transactions, unauthorized access to the Online Services
Comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others
Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others
For other purposes for which we obtain your consent

We may anonymize and de-identify aggregate information collected through the Online Services so that such information does not identify you as the source of the information. We may use such information to improve the Online Services, by and through any third-party we use to integrate Online Services with the users’ database, for research.

#5. Data Subject Rights and Your Choices

When you share information with us, the Personal Information that you share may have an impact on others. For example, if you share Personal Health Information related to genetic or family history, this may have an impact on your family members.

You have certain rights with respect to your information as further described in this section.

If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” at Section 12. You have the following rights with respect to your Personal Information

You have the right to request we provide access to and/or a copy of certain information we hold about you.
You have the right to prevent the processing of your information for direct-marketing purposes.
You have the right to have us update information which is out of date or incorrect.
You have the right to restrict the way that we process and disclose certain of your information.
You have the right to withdraw your consent at any time where we rely on your consent as the basis to process or use your Personal Information.

Please note that we may ask you to verify your identity before responding to such requests. We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

#6. Third-Party Links

The Online Services contain links to third-party websites. If you choose to use these sites or features, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third-parties.

#7. Data Security

We use commercially reasonable administrative, technical, and physical measures to safeguard your information in our possession against loss, theft and unauthorized use, disclosure or modification. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. In the unlikely event of a data breach, you will be notified as soon as reasonably possible, in accordance with applicable law. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information.

#8. Data Retention

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

We reserve the right to retain any Personal Information as long as the Personal Information are needed to: (i) fulfill the purposes that are described in Section 4 and (ii) comply with applicable law.

If your account is deleted or terminated, your Personal Information will be deleted within 180 days from termination or request for deletion. Once this time period has expired, we will delete your data, except as to the extent necessary to comply with applicable law. If your account is dormant without activity for over a year, your Personal Information will be deleted within 180 days from the one-year dormant period, except as to the extent necessary to comply with applicable law.

#9. Control of Your Information

There are several ways that you can control your Personal Information

You may change your personal account information by updating your health insurance account page
You may request deletion of your account by contacting us at privacy@flexpa.com
You may request deletion of your Personal Information pursuant to Section 8 by contacting us at privacy@flexpa.com

Users in certain jurisdictions may have additional rights regarding control of their Personal Information.

In certain circumstances, we share personal information with third parties where disclosure is necessary in connection with the delivery and offering of the Online Services to you and the operation of our business. These third-party service providers are required to protect personal information we share with them and may not use any directly identifying personal information other than to provide the services for which we have contracted them. They are not allowed to use the personal information we share for purposes of their own direct marketing (unless you have separately consented to such use under the terms provided by the third party). Any information shared will be governed by the third-party provider’s privacy policy (including any Personal Information we may access via the third-party provider). These third-party providers should inform you about how you can modify your privacy settings on their sites.

We may share Your Personal Information in the following situations:

With Service Providers: We may share Your Personal Information with Service Providers for provision of the Online Services and to monitor and analyze the use of our Service, for payment processing, to contact You.
With Affiliates: We may share Your Personal Information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
With business partners: We may share Your Personal Information with Our business partners to offer You certain products, services or promotions.
With other users: when You share Personal Information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
When necessary to comply with laws and law enforcement requests or otherwise to protect the Company: Under certain circumstances, the Company may be required to disclose Your Personal Information if required to do so by law or in response to valid requests by public authorities. We may disclose Personal Information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Flexpa Agreements, or as otherwise required by law
With Your consent: We may disclose Your Personal Data for any other purpose with Your consent.

#11. Information Shared in Connection With a Business Transfer

If ownership of all or substantially all of Flexpa’s business changes, or we undertake a corporate reorganization (including, but not limited to, a merger or consolidation) or any other transfer between Flexpa entities, you expressly consent to Flexpa transferring your Personal Information to the new owner of successor entity so that we can continue providing the Flexpa Online Services. If required by applicable law, Flexpa will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with the notification procedures under applicable data protection law. We will endeavor to provide you with notice of any material changes to the Privacy Policy following a business transaction.

#12. Children

We do not knowingly collect Personal Information online from children under 16 (note that the minimum age may vary based on location and on local law). If you become aware that a child has provided us with Personal Information without parental consent, please contact us through privacy@flexpa.com. If we become aware that a child under 16 has provided us with Personal Information without parental consent, we will take steps to remove the data and cancel the child’s account.

#13. California Requirements

If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”). This policy explains the tools that we have made available to you to exercise your data rights under the CCPA, such as the right to deletion and the right to request access to the categories of information we have collected about you. We encourage you to manage your information, and to make use of the privacy controls we have included in our Services. You will not be discriminated against for exercising any of your privacy rights under the CCPA. In order to protect your information from unauthorized access or deletion, we may require you to provide additional information for verification. If we cannot verify your identity, we will not provide or delete your information.

This policy describes the categories of personal information we may collect, the sources of that information, and our deletion and retention policies. We have also included information about how we may process your information, which includes for "business purposes" under the CCPA - such as to protect against illegal activities, and for the development of new products, features, and technologies.

#14. Changes to Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

We will not make changes that have a retroactive effect unless we are legally required to do so.

#15. Contact Information

If you have questions or complaints regarding this Privacy Policy, please contact us by email at privacy@flexpa.com.