Last Updated: June 21, 2025
Welcome to hsa_stack! We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains what information we collect through hsa_stack's website, app, and related services (collectively, the "Service"), how we use and share that information, and the choices you have. By using our Service, you agree to the practices described in this Policy and our Terms of Use. If you do not agree, please do not use hsa_stack.
hsa_stack is a U.S.-based platform that helps users manage Health Savings Account ("HSA") receipts and reimbursements. Our Service is intended for U.S. residents and is governed by U.S. laws.
Important: While our platform may handle health-related information (e.g. medical expense receipts), we are not a healthcare provider or insurance company, and thus the Health Insurance Portability and Accountability Act ("HIPAA") generally does not apply. However, we treat all personal and health-related data with care and implement industry best practices to safeguard your privacy.
We collect various types of information to provide and improve our Service. This includes:
When you create an account, we collect personal information such as your name, email address, and password or authentication credentials. If you sign up via an identity provider (e.g. Auth0 or a similar auth service), we receive basic profile details from that provider. We also assign a user ID to your account for internal reference. This information helps us identify you and communicate with you.
If you choose to link your HSA or bank account, we use Plaid to connect to your financial institution. Through this integration, we obtain data about your HSA account, such as account name/type, account balances, and transaction details (e.g. dates, amounts, merchant or provider names of HSA transactions).
We do not receive or store your bank login credentials – those are handled by Plaid's secure systems. The connection only accesses the specific HSA account information needed for our Service, nothing more. You can disconnect your bank account at any time if you no longer want to share this data with us.
Our Service allows you to upload images or PDFs of medical expense receipts and related documents. These uploads may contain personal information, such as names of healthcare providers or family members, dates of service, and treatment or purchase details. We store the uploaded receipt files securely in our cloud storage (hosted on Supabase). Each receipt is associated with your user account.
When you upload a receipt, we may use an Optical Character Recognition (OCR) process powered by Google Gemini AI to extract relevant information from the image. This can include the service date, provider or merchant name, amount paid, expense category, and if discernible, the patient or family member name on the receipt.
hsa_stack is a subscription-based service. When you subscribe or make payments, we use a third-party payment processor (Stripe) to handle your credit card and billing information. We do not store your full credit card number or sensitive payment details on our servers.
We use analytics tools (specifically Google Analytics) to automatically collect information about how you use our Service. This may include data like your IP address, device type, browser type, operating system, referring URLs, pages viewed, links clicked, and the date/time when you accessed the Service.
hsa_stack's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Our application accesses and uses information from Google APIs to provide and enhance our services. Specifically, we use Google Authentication to allow you to sign up and log in to your hsa_stack account securely.
When you connect your Google account to hsa_stack, we access the following information:
Your Google data is used for the following purposes:
We use the collected information for the following purposes:
We use your information to operate hsa_stack's core functionality. This includes creating and managing your user account, allowing you to link your HSA account and upload receipts, and displaying your aggregated HSA information back to you.
A key feature of hsa_stack is helping you optimize HSA reimbursements over time. We track which of your HSA transactions have corresponding receipts and which have been reimbursed.
We may use your contact information (like your email address) to send service-related communications. This includes confirmations when you sign up or link an account, notifications about receipt processing status, and important account or subscription updates.
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, secure storage systems, and regular security assessments.
You have several rights regarding your personal information:
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
Email: privacy@hsastack.com
Website: https://hsastack.com/contact
We may update this Privacy Policy from time to time. When we do, we will post the updated policy on this page and update the "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.