Privacy Policy

1. Information We Collect

We collect information you provide directly when creating an account and using the Service, including your name, email address, healthcare expense details (provider, date, amount, category), and receipt images you upload. We also automatically collect certain technical data — such as your IP address, browser type, and pages visited — to operate and improve the Service.

2. How We Use Your Information

We use your information to provide and maintain the Service, including displaying your expense history, calculating reimbursement totals, and generating tax summaries. We use your email address to send account-related communications such as magic link sign-in emails. We do not use your data for advertising and we do not sell your personal information to any third party.

3. Receipt and Financial Data

Receipt images you upload are stored securely using Supabase Storage and are encrypted at rest. Access to your files is restricted to your account through row-level security policies — no other user can access your data. When you use the AI receipt scanning feature, your receipt image is sent to Google Gemini solely to extract expense details on your behalf. This data is not used to train Google's models under our usage terms. You can delete your receipts and expense data at any time from within the app.

4. Third-Party Service Providers

We use the following third-party services to operate HSA Helper:

• Supabase — database, authentication, and file storage
• Vercel — web hosting and deployment
• Google Gemini — AI-powered receipt data extraction

5. Data Retention

We retain your account and expense data for as long as your account is active. If you delete your account, we will permanently delete your data within 30 days, except where retention is required by law. You can request account deletion by contacting us at support@hsahelper.com.

6. Security

We implement industry-standard security measures including TLS encryption in transit and encryption at rest for stored data. Access to your data is enforced at the database level using row-level security — meaning your data is only accessible to your account, even within our infrastructure. That said, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

7. Administrator Access

As the operator of HSA Helper, we have administrative access to the underlying database and storage infrastructure. This access exists for operational purposes such as debugging and maintenance. We do not access individual user data except when necessary to resolve a technical issue or when required by law. This is standard practice for cloud-hosted software services and is disclosed here for full transparency.

8. Cookies

We use cookies to maintain your authenticated session. These are strictly necessary for the Service to function and are not used for advertising or cross-site tracking. You can configure your browser to block cookies, but the Service will not work without them.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The date at the top of this page reflects when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated Policy.

11. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at support@hsahelper.com.