Skip to main content

Privacy, security and compliance

Privacy statement

At PayFlex, we value the trust you place in us and take great care to help protect the information you share. This Privacy Statement describes our practices in connection with data we collect through software applications. This includes mobile applications and websites we host that contain a link to this Privacy Statement. We describe our privacy practices so they’re easy to navigate, read and understand. We’re committed to treating your data with care and respect. And we manage our applications in a manner that’s compliant with law.

Types of information we collect

We may collect two types of data: Personal Information and Non-Personally Identifiable Information.

“Personal Information” means data that’s unique to you as an individual. This could mean your name, address, social security number, email address and/or telephone number. It could also mean information about your personal device. We describe this further below.

“Non-Personally-Identifiable Information” means data that doesn’t identify you personally. An example is usage data, either individually or taken together. And it may include demographic data, or data related to multiple members that does not include member-specific information, and certain data collected automatically through your device. This could be web browser data, server log files, cookies, pixel tags or beacons. And it could be other technologies and other non-personally identifiable data collected by us or given to us by you.

By collecting this data, we can provide you with better access to our services.

How we collect your information

We get Personal Information when you register or create a personal profile with us. And we get it when you request products, services or information from us.

We may collect certain personal device information to authenticate you or your device. We do this for application security. It can help prevent fraud and data loss. Device information we collect may be physical location, IP address, battery information, application activity, data usage, accelerometer data and malware information.

Where required by law or regulation, you’ll be able to update your data by sending us an email. Or, if you have set up a personal profile, you’ll be able to update your data online.

Protecting the confidentiality and security of member information

We have adopted and adhere to stringent security standards designed to help protect non-public personal information against accidental or unauthorized access or disclosure. We maintain physical, electronic and procedural safeguards to help secure the information and comply with federal standards.

PayFlex employees are kept informed of all current security and privacy practices. They complete training annually. And we remind them of the importance of member privacy. Our employees play a vital role in protecting your data.

Here are some ways PayFlex protects your data

17 steps for securing health information

Protecting your account

You should take the following steps to help safeguard your account:

  • Create a new, unique and strong password every three months.
  • Use unique usernames and strong passwords that others can’t easily figure out. Avoid using your first initial, last name, email, date of birth, initials, work ID number, etc.
  • Choose usernames and passwords that are at least eight characters in length and have a mix of uppercase and lowercase letters, plus numbers and special characters.
  • Avoid using information that can be found publicly, like your mother’s maiden name, your address, email address, birthdate, etc.
  • Use a different password for each online account.
  • Register directly at payflex.com. This is true even if you typically use single sign-on (SSO) to access your PayFlex account. You should use a different username and password for SSO and for the payflex.com registration.
  • Review your account often. This includes all transaction history, personal and account information (like phone number, email address, etc.).
  • Call us immediately if you notice any suspicious account activity. You can either call us using the number on the back of your PayFlex debit card or our fraud line at 1-855-542-5988 (TTY: 711).
  • Always be on the lookout for email phishing attempts. We will never send you an email asking you to enter or re-enter your login information to verify your account. You should never click on a link inside of an email; you should always log in to your account as you normally do.

Why, when and who we share data with 

Access to client and member data is strictly limited. We don’t disclose any personal data unless the law requires or permits it. PayFlex may use and disclose your personal data when administering your benefits. In limited cases, we may disclose it to unrelated third parties as permitted or required by law. In all cases, we stress the confidential nature of the data we share and require any third party receiving it to keep it confidential. Data won’t be distributed or shared for marketing purposes. And we won’t share it for any other purpose outside the scope of our business requirements.

Collecting and using non-personally identifiable information

When you visit our website, we collect certain information about you to help us analyze and improve the usefulness of the information we provide on this website. The information we collect does not identify you personally. It’s anonymous "usage data," such as the number of unique visitors we receive, what pages are visited most often and the navigation preferences and characteristics of our visitors. We have included information below on what we collect and how we do it.

  • Web browser information - Web browsers collect and store information about the type of device and operating system you are using to access our website, as well as your device’s Media Access Control (MAC) address for facilitating network communications. Accessing this information helps us establish a secure and consistent connection to you during your visits to our website.
  • "Cookie" technology - A "cookie" is an element of data that a website can send to your browser when you link to a website. It is not a computer program and has no ability to read data residing on your computer. It also does not instruct your computer to perform any step or function. By assigning a unique data element to each visitor, the website is able to recognize repeat users, track usage patterns and better serve you when you return to that site. The cookie does not extract other personal information about you, such as your name or address.
  • Client-side page tagging - This technology uses code on each web page to write certain information about the page and the visitor to a log when a page is rendered to you by your web browser. "Tagging" does result in a JavaScript program running in your browser, but it is limited to providing information about the page that you are requesting and the configuration of your browser. It will not read any of your data files and will not execute any additional programs. It does not extract any personal information about you, such as your name or email address. You can prevent tagging by disabling JavaScript in your browser, but that may prevent you from using all of our website's functions.
  • Tracking pixels or beacons - These techniques use electronic files to track your navigation of our website, your completion of transactions and other browsing behavior.
  • IP Address - When you subscribe to an Internet Service Provider (ISP), your computing device is assigned an IP Address. We track and store this address to help us manage security and monitor usage volume and patterns.

Compliance with the Health Insurance Portability and Accountability Act (HIPAA) 

PayFlex complies with all applicable regulatory requirements pertaining to the services it provides. This includes the Health Insurance Portability and Accountability Act of 1996/Health Information Technology for Economic Clinical Health Act (HIPAA/HITECH). We’ve set up technical and physical safeguards to help protect the privacy of your personal health information. And we set limits on the use and disclosure of such information without your authorization.

Changes to this statement

PayFlex may change this statement from time to time. When updates are made, we’ll also update the version date located at the bottom of this privacy statement. We encourage you to periodically review this privacy statement to see if there have been any changes that may affect you. This statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Contact us if you have any questions or concerns about our Privacy, Security & Compliance policies. 

Privacy statement updated: April 13, 2020

 

Account security concerns

We're here to help

1-855-542-5988 (TTY: 711)