Privacy Policy

We may collect the following types of information when you use our service:

Personal Information

• Contact information (company name, contact name, email address, phone number)
• Company details (industry, company size, renewal month)
• Benefits program information (plan types, coverage details, costs)

Usage Information

• Browser type and version
• Operating system
• Pages visited and features used
• Time and date of visits
• Other statistics related to your use of the calculator

Your calculator data is stored locally in your browser using localStorage. This means your information remains on your device and is not transmitted to our servers unless you explicitly choose to submit it for further analysis or consultation.

When you submit data for analysis or consultation, we implement reasonable security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Our Service and Proprietary Information

The ScoreMyBenefits calculator, including its algorithms, methodologies, benchmarking data, and recommendation engine, constitutes our proprietary information and intellectual property. While we collect and process your data to provide our service, we implement specific measures to protect our intellectual property:

• Watermarking: Reports and outputs may contain digital watermarks to prevent unauthorized distribution
• Access Monitoring: We monitor for unusual access patterns that may indicate attempts to extract or copy our proprietary technology
• Usage Analytics: We collect analytics on service usage to detect potential misuse or competitive analysis

Your Obligations

By using our service, you agree not to:

• Attempt to reverse engineer our algorithms or methodologies
• Use our service for competitive analysis or to build competing products
• Share access credentials or provide unauthorized access to the service
• Extract, scrape, or harvest data from the service beyond normal use

Violation of these obligations may result in immediate termination of your access to the service and potential legal action.

Service Provider Management

We may engage third-party companies and individuals to facilitate our Service ("Service Providers"). These third parties have access to your Personal Data only to perform specific tasks on our behalf and are obligated to protect your information. All Service Providers are:

• Bound by contractual obligations that include confidentiality provisions
• Required to implement appropriate technical and organizational security measures
• Subject to regular security assessments and compliance reviews
• Prohibited from using your data for any purpose other than providing the contracted services

Service Provider Categories

We use the following categories of service providers:

• Cloud infrastructure providers for hosting our application
• Analytics providers to help us understand service usage
• Email delivery services for communications
• Payment processors for subscription management

Data Processing Agreements

We maintain formal Data Processing Agreements with all service providers who process personal data, ensuring they:

• Process data only according to our documented instructions
• Implement appropriate security measures
• Assist with data subject rights requests
• Delete or return all personal data at the end of the service provision
• Submit to audits and inspections to verify compliance

If you access our service through a white-label or partner implementation, the following additional provisions apply:

Data Segregation

• Your data is logically segregated from other clients' data
• Custom access controls are implemented for white-label implementations
• Partner-specific data retention policies may be established by agreement

Ownership and Usage Rights

• Your white-label or partner provider may have access to aggregated, anonymized data
• Individual client data remains subject to this Privacy Policy
• The underlying proprietary technology and methodology remain the exclusive property of ScoreMyBenefits

Partner Obligations

White-label and partner providers are contractually obligated to:

• Maintain the confidentiality of the ScoreMyBenefits proprietary technology
• Implement appropriate security measures to protect both your data and our intellectual property
• Notify us promptly of any security incidents or unauthorized access
• Comply with all applicable data protection laws and regulations

These provisions ensure that your data remains protected while also safeguarding our intellectual property in white-label and partner implementations.

You have certain rights regarding your personal information:

• Access and Update: You can access and update certain information about you from within your account settings or by contacting us.
• Opt-Out: You can opt out of receiving promotional communications from us by following the instructions in those communications.
• Delete: You can request deletion of your personal information by contacting us. Note that we may retain certain information as required by law or for legitimate business purposes.

We implement advanced security measures to protect your information and our proprietary technology:

Technical Safeguards

• All data is encrypted both in transit and at rest using industry-standard encryption protocols
• Multi-factor authentication is required for administrative access to systems
• Regular security assessments and penetration testing are conducted by independent third parties
• Intrusion detection and prevention systems actively monitor for unauthorized access attempts
• Automated vulnerability scanning is performed on all system components

Access Controls

• Strict role-based access controls limit data access to authorized personnel only
• All system access is logged and monitored for suspicious activity
• Regular access reviews ensure that only appropriate personnel maintain access privileges
• Employee access is promptly terminated upon separation from the company

Data Handling Procedures

• All staff receive regular security awareness and data protection training
• Formal data classification policies govern the handling of sensitive information
• Data retention policies ensure that information is not kept longer than necessary
• Secure data disposal procedures are followed when information is no longer needed

Incident Response

We maintain a comprehensive incident response plan that includes:

• Prompt notification of affected users in the event of a data breach
• Coordination with law enforcement and regulatory authorities as appropriate
• Regular testing of our incident response procedures through simulated exercises
• Post-incident analysis to prevent similar occurrences in the future