General Privacy Notice
Your privacy is important to us. This General Privacy Notice (“Notice”) describes the information HealthEquity, Inc. ("HealthEquity", "we", "our", “us”) collects in connection with our products and services (such as health savings accounts and various employer sponsored plans and programs, each an “Account” and collectively, “Services”), as well as how our website and mobile application automatically collect information from you.
We encourage you to review our other applicable product, state, and regulatory privacy notices provided through the Quick Links to the left. Please read those notices to understand how they apply to you and the Services. You can view the privacy practices applicable to specific types of information and to our different Services, and how we use personal information to conduct our business.
This website is intended for individuals who reside in the United States. We honor all individual privacy rights defined by law, as set forth herein, and in the governing regulations, such as the right to access, correct or delete personal information. Please see our California Privacy Notice for more information.
This Notice does not apply to any activity on third-party websites and mobile applications that may link to our website. We do not control third-party websites and applications and are not responsible for their actions or privacy practices.
We reserve the right to make changes to this Notice and our other privacy notices at any time, and recommend you read them regularly. Your use of the HealthEquity website and/or our Services constitutes your acceptance of and agreement to this Notice. If you do not agree to this Notice, do not use the website or the Services. If we provide Services to you, to stay current on our practices, please update your email address with us if it changes.
What information we collect
In order to provide Services to you we may collect, among other information:
E-mail and physical address;
Social security number ("SSN");
Date of birth;
Names of the dependents (and other identification or "ID") that are connected to or covered by your Account;
Names and ID of people authorized by you to use your Account;
Names and ID of people authorized by you to access your Account information;
Technical information associated with the device you use, such as the type and model, system language, browser type, geographical location, operating system, Internet protocol (IP) address, IDFA (identifier for advertisers), and other unique identifiers collected automatically when you interact with our website (as further detailed below in the “Cookies and Website” section); and
Transactions with us such as your Account balance, fees, payments, reimbursements, distributions, contributions, and the identity of persons to whom you make payments, including health care providers.
We may combine personal information that you provide us through this website with other information we have received from you, whether online or offline, or from other sources such as from our business partners and service providers.
How we collect information
Your Personal Information
You provide us information when interacting with us through this website or mobile applications, or signing up for and receiving Services. It is your choice whether to provide us with personal information, however, our ability to provide or continue to provide Services or information to you may be impacted should you decline to provide us with requested information. If you receive Services from us, you provide us with personal information on Account applications and in communications with us. Additionally, information may be provided by your employer, your health plan, or benefit provider, as well as from our business partners, contractors, and other third parties. We may also obtain information from public sources such as government records.
Cookies and Website Tracking
“Cookies” may be placed on your computer when you visit HealthEquity’s website. We, our business partners, and service providers may set cookies when you visit our website. Typically, cookies allow us to automatically collect technical information associated with the device you are using and collect information, including clickstream information, browser type, time and date you visited the website, and other information about your interactions with the website (as detailed above in “What Information We Collect”). Cookies can be for a single session or interaction with our website or can be persistent and stored on your computer or device until they are deleted or expire. Most internet browsers allow you to disable cookies or can be set to notify you when you receive a cookie allowing you decide whether to accept it. If you choose to disable cookies some functionality on the website may be impacted or not work at all.
Additionally, like many websites, we use standard internet technology (such as web beacons, tracking pixels, and embedded scripts) to track your web-surfing activity when you are visiting our website. We also include standard internet technology in advertisements and promotional e-mail messages to determine whether advertising or messages have been acted upon. This information enables us to customize the services we offer our website visitors, to deliver targeted advertisements, and to measure the overall effectiveness of our online advertising, content, programming, or other activities. Some other examples of ways we use your activity information include:
Product development and research purposes
Developing reports regarding website usage, activity, and statistics
Assisting users experiencing website problems
Tracking paths of visitors to our website and within our website
We may use and disclose your activity information unless restricted by our policies and notices or by applicable law.
We use Google, Adobe, and Facebook remarketing technologies to advertise online. This means we show ads to visitors who have previously visited our website even when they are no longer on our website. These technologies help us tailor ads that we think may be of interest to you. As always, we respect your privacy and do not collect any personal information using remarketing technologies. HealthEquity and our third-party vendors, use remarketing cookies to inform, optimize, and serve ads based on your past visits to our website. It could mean that we advertise to previous visitors who have completed a specific task on the website. For example, we may tailor advertising based on the specific product pages you viewed on the website. These ads may appear across the internet, including websites on Google and Facebook. You may be able to opt out of these cookies by visiting the ad settings on these entities’ webpages. Any data we collect through these technologies is used in accordance with our own privacy policies and notices, in addition to these entities’ privacy policies.
We use Google Analytics as described at https://policies.google.com/technologies/partner-sites. You can prevent your data from being used by Google Analytics on our websites by installing the Google Analytics opt-out browser add-on. If you have accounts with third-party providers, you may be able to control your ad preferences through your account settings.
How we use and share information
We may use or share the personal information listed above for the following business or commercial purposes:
Delivering our Services to you, or on behalf of another, including:
Verifying your identity, opening and administering your Accounts and benefits, and providing other financial services under the USA PATRIOT Act;
Administering the Services that we offer you or your employer, including to determine eligibility or to review and pay claims;
Displaying claims information in your health savings account portal with your authorization;
Communicating with you or others designated by you about your Account, benefits, and/or our Services;
Responding to inquiries;
Making payments to medical service providers;
Providing you with any health insurance information related to our Services, if applicable;
Helping to protect you and us from fraud and financial loss;
Linking accounts you provide us to facilitate the movement of funds as directed by you;
Preparing Account statements;
Preparing annual tax reporting information, if applicable;
Protecting your health, safety, or welfare;
Delivering user surveys; and
Delivering customized content and analytics on our websites or app.
Operating our websites and maintaining or servicing your Account;
Engaging third party service providers to assist us in administering and providing our products and services pursuant to a written agreement;
Performing analytics and improving our Services and website;
Conducting internal research to develop and demonstrate technology;
Marketing our Services, only as permitted by law;
Keeping a record of our transactions and communications;
Conducting audits and reporting related to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
Detecting, analyzing, and preventing security incidents, and other fraudulent or illegal activity;
Identifying, debugging and repairing errors in our systems, websites, or app that impair existing functionality;
Complying with applicable laws, regulations, administrative or legal requests, subpoenas, or otherwise as required by law;
In connection with a merger, acquisition, or other sale or transfer of all or part of our assets or business;
In accordance with your consent, authorization, or instructions;
Short-term, transient use of personal information that is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction; and
As otherwise necessary or useful for us to lawfully conduct our business, provide our Services, or administer an Account.
We do not sell our customer lists or individual customer information. We will only share your personal information with third parties as outlined in this Notice and our other privacy notices, and as otherwise permitted by law. From time-to-time, we provide your information to nonaffiliated third-party service providers (i.e., subcontractors) to perform services for or functions on our behalf, to effect, administer, or enforce transactions necessary for the proper administration of an Account or as otherwise authorized by you.
We may also exchange information with reputable reference sources or reporting agencies for risk management and verification, in order to maximize the accuracy and security of your personal information. We only use and share information needed to service your account or protect against fraud, unless we are required or allowed to do so by law. HealthEquity is not and cannot be responsible for the activity or privacy policies of any third party with whom your personal information is shared.
If you have an Account and are receiving Services from us, you may authorize other individuals to access your information or make changes to your Account (such as a spouse, dependent, or legal representative). You are responsible for your authorized user’s transactions. Your authorized users will have access to the Account balance if they are authenticated by our system. It is your responsibility to keep your authorizations up to date and accurate. You will be able to see all activities conducted by an authorized user.
Rights and Choices
You may have rights such as the right to know, access, and/or delete your information. These rights may differ depending on your State of residency or the source of the information, or the type of Services or Account you have. You can submit a request regarding your personal information to Privacy@healthequity.com.
Electronic and Online Communications
We use e-mail to send newsletters, account notifications, marketing materials, and other communications, on a periodic basis to various individuals and organizations. You have the ability to opt-out of these communications at any time. For example, you can opt-out using links in a specific email communication or contact us (see Contact Information below). Opt-outs may not apply to communications related to your Account status, administrative messages, website updates, or other communications that are necessary for to provide our Services.
HealthEquity places a high priority on protecting your personal information. We maintain reasonable administrative, technical, and physical safeguards designed to protect the information that you provide on this website and in connection with the Services from unauthorized access to or acquisition of such information. Please be advised, however, that regardless of our best efforts to protect information, the confidentiality and security of any communication or material transmitted to or from the website or via email cannot be guaranteed to be 100% secure at any time. We also cannot guarantee that the information you transmit over the Internet will not be unlawfully intercepted or accessed by third parties. Any transmission of your information is at your own risk. Therefore, we strongly encourage all users to be careful and responsible about what you choose to provide online. Further, when you create an Account with HealthEquity, you will create a unique password. It is your responsibility to personalize your password and protect and secure such password. HealthEquity is not responsible for any information compromised due to your failure to secure your Account or login credentials.
If you have any reason to believe that your interaction with us through this website or other means is no longer secure, please immediately notify us (see Contact Information below).
For more details regarding our information security practices, please see our Information Security information available in the Quick Links on the left.
HealthEquity will, for example:
Never ask for your login or password through email or phone call;
Use your secret question and answer to authenticate you on a phone call;
Never utilize an automated voice response system when contacting you.
Information provided via our web portal is submitted within a secure session. These sessions utilize Transport Layer Security (TLS, formerly known as SSL) technology to ensure that the information is encrypted while in transit. Your browser must be able to support this technology to use our web services.
Require a User ID and password in order to access an Account or receive Services. This may either be provided to you or you will be allowed to choose your own. The User ID and password are designed to protect you by confirming your identity to our computer network systems. Our employees do not have access to your password.
Automatically log you out of your Account if you are inactive after logging in for a certain amount of time.
Require you to regularly change your password from time to time.
Monitor your Account for any signs of suspicious or potentially fraudulent activity.
Maintain up to date policies, standards, and processes designed to protect your personal information and comply with applicable state and federal data security laws, regulations, and guidance.
Train our workforce on our policies, standards, and processes.
Limit access to your personal information to only those who need it to perform their duties.
Retain your personal information as needed for the business purposes listed in this Notice and as permitted by law.
Require our subcontractors to maintain the same privacy and security standards for protecting your information as we do.
California Privacy Practices
If you are a California resident, please see more information about our privacy practices and your rights in our California Privacy Notice.
HealthEquity’s Services are intended for individuals who are at least 13 years of age. The Services may include information about dependents or beneficiaries who are under the age of 13, however, there are no Services offered directly to children under the age of 13. We do not collect personal information from children under the age of 13. If you think we have collected personal information from a child under the age of 13, without parental consent, please alert us (see Contact Information below).
If you have any questions or comments about this Notice or our other privacy notices, the ways in which we collect and use information, or choices and rights regarding personal information, please contact us at:
Mail: HealthEquity, Inc.
Attn: Privacy Officer
15 West Scenic Pointe Drive
Draper, UT 84020
Last updated February 2022.