Privacy Policy

Effective Date: January 1, 2024 | Last Updated: March 15, 2024

BenefitsFront, Inc. ("BenefitsFront," "we," "us," or "our") is committed to protecting your personal and financial information. This Privacy Policy describes how we collect, use, share, and protect information about users of our platform, including employees ("Participants") and employers ("Employer Clients"). This Policy is provided in compliance with the Gramm-Leach-Bliley Act ("GLBA"), the California Consumer Privacy Act ("CCPA"), and other applicable privacy laws.

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

• Full legal name, date of birth, Social Security Number (last 4 digits for identity verification)
• Email address, phone number, home address
• Employment information: employer name, job title, start date, annual salary
• Government-issued ID (for identity verification under Bank Secrecy Act)

1.2 Financial Information

• Bank account number and routing number (for advance deposits and repayments)
• ESPP plan details: contribution percentage, offering period, purchase prices
• Payroll verification data (via Plaid or equivalent bank connection service)
• Transaction history: advance amounts, profit calculations, fee payments
• Tax identification information for 1099 reporting

1.3 Usage Data

• IP address, browser type, device identifiers
• Pages visited, features used, time spent on platform
• Referral source (UTM parameters, referring URL)
• Error logs and performance data

2. How We Use Your Information

We use your information to:

• Provide Services: Process advance applications, fund contributions, calculate profit shares, disburse payments
• Verify Identity: Comply with Bank Secrecy Act Know Your Customer (KYC) requirements
• Prevent Fraud: Detect and investigate suspicious activity, protect against unauthorized access
• Tax Compliance: Generate and file required tax forms (1099-MISC, W-9)
• Communicate: Send account notifications, transaction confirmations, and service updates
• Improve Services: Analyze usage patterns to enhance platform features
• Legal Compliance: Comply with applicable laws and respond to lawful requests from government authorities

3. Information Sharing

We share your information only as follows:

3.1 Bank Partner

We share necessary information with Meridian Bank, N.A. ("Bank Partner") to originate and service advances. This includes identity verification data, employment information, and bank account details. The Bank Partner is subject to federal banking privacy regulations.

3.2 Equity Plan Administrators

We coordinate with your employer's equity plan administrator (e.g., Fidelity, E*TRADE, Charles Schwab) to verify ESPP enrollment, purchase dates, and share sale proceeds. We share only the minimum information necessary for this purpose.

3.3 Your Employer

We share aggregate, anonymized participation data with your employer. We do not share your individual financial details (advance amounts, earnings) with your employer without your consent, except as required by law.

3.4 Service Providers

We engage trusted third-party service providers for cloud hosting (AWS), bank account verification (Plaid), fraud detection (Sardine), email communications (SendGrid), and analytics (limited, anonymized). All service providers are bound by data processing agreements.

3.5 Legal Requirements

We may disclose information when required by law, court order, or to protect the rights, property, or safety of BenefitsFront, our users, or others.

We do not sell your personal information to third parties.

4. Security

We implement industry-leading security measures to protect your information:

• 256-bit TLS Encryption: All data in transit is encrypted using AES-256 TLS 1.3
• Encryption at Rest: All stored data is encrypted using AES-256
• SOC 2 Type II: Our security controls are independently audited annually
• Access Controls: Strict role-based access control; employees access only necessary data
• Multi-Factor Authentication: Required for all employee and admin accounts
• Penetration Testing: Annual third-party security assessments
• Incident Response: We will notify you within 72 hours of any breach affecting your data

5. GLBA Privacy Notice

As a financial services company, BenefitsFront is subject to the Gramm-Leach-Bliley Act. We collect nonpublic personal information about you from: (a) information you provide on applications and forms; (b) information about your transactions with us or our affiliates; (c) information from consumer reporting agencies; (d) information from your employer and equity plan administrator. We limit the sharing of nonpublic personal information consistent with GLBA requirements and do not share such information for marketing purposes without your opt-in consent.

6. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: Request information about categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information (subject to legal retention requirements)
• Right to Opt-Out: Opt out of sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights

To exercise these rights, email contact@benefitsfront.com or call 1-800-BENEFIT. We will verify your identity before processing requests.

7. Data Retention

We retain personal information for as long as your account is active and for seven (7) years after account closure for regulatory compliance purposes (Bank Secrecy Act, IRS record-keeping requirements). Financial transaction records are retained for a minimum of seven years. We may retain anonymized, aggregated data indefinitely for analytical purposes.

8. Cookies and Tracking

We use cookies and similar technologies for session management, fraud prevention, and analytics. You may disable cookies in your browser settings, but this may affect the functionality of the platform. We do not use third-party advertising cookies or behavioral tracking for marketing purposes.

9. Contact Us