Privacy Notice

Last updated on September 20, 2024

FSA Store Inc. ("HSA Store", “we”, “our”, “us”) is committed to protecting the information we collect via our website: https://hsastore.com (the “Website”), our mobile application (the “App”), as well as information we collect when we interact with you by phone, electronically, or in-person (collectively, when providing you the “Services”). This Privacy Notice describes the types of information we collect and how such information is used. It also describes the choices available to you regarding our use of certain information collected about you and how you can access, update and delete this information.

This Privacy Notice applies to information we collect:

  • on our Website;
  • on our App;
  • over the phone, via email, text and other electronic messages or through our webform or chat function between you and our team; and
  • when you interact with our advertising and applications on third-party websites or when using third-party services if those applications or advertising include links to this Privacy Notice.

It does not apply to information collected by:

  • any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Website or the App.

Please read this Privacy Notice carefully prior to your use of, or creation of an account on, the Website and/or the App. If you do not agree to abide by this Privacy Notice, please do not use the Website or the App.

This Privacy Notice may change from time to time and should be read in conjunction with our Terms of Use, which include all disclaimers of warranties and limitation of liabilities.

1.             Information We Collect About You and How We Collect It

We collect information from and about you (“Personal Information”), including information:

  • by which you may be personally identified, such as name, mailing address, email address, or telephone number (“Personal Information”);
  • regarding your spending account; your spending account balance; your purchases and preferences;
  • that is about you but individually does may not specifically identify you, such as your geographic location; and/or
  • about your internet connection, the equipment you use to access our Website, your IP address, and usage details.

We collect this information:

  • directly from you when you provide it to us while being provided the Services;
  • from your third party administrator when you enroll in our Integration Services (as defined below);
  • automatically as you navigate through the Website (information collected automatically may include usage details and information collected through cookies, web beacons, and other tracking technologies); or
  • from third parties, including our marketing affiliates.

2.             Information You Provide Us:

The information we collect on or through the Website, the App and when providing you the Services may include information you provide:

  • when you provide contact information such as name, email address, mailing address, billing address or phone number;
  • when you create an account on the Website or the App;
  • when you interact with your account on the Website or the App by updating your information including but not limited to, providing us your deadline information or letting us know your grace period status;
  • when you enroll in or participate in our loyalty programs including, but not limited to HSA Perks®;
  • when you use our HSA Expense Dashboard(™), HSA Your Way(™), HSA Tax Savings Calculator(™), HSA Future Value Calculator(™), HSA 401(k) Maximizer(™); 
  • when you participate in sweepstakes or contests that we offer on our own or in partnership with third parties;
  • when you participate in quizzes or surveys that we administer on the Website, on the App, or via email on our own or in partnership with third parties;
  • when you redeem coupons or offers from us;
  • when you enroll in or participate in our Integration Services including, but not limited to single sign-on, balance display, cardless pay, or DirectPay;
  • when you enroll in or participate in our receipt tracking services including, but not limited to Expense Dashboard;
  • when you indicate that you are interested in receiving information about our products or services, such as email alerts, SMS texts and other notifications;
  • when you interact with our SMS texts, including your messaging history and any information included in those messages;
  • when you add a product to your cart on the Website;
  • when you make a transaction on the Website or the App, including purchase history, order status (for tracking purposes);
  • when you make returns or exchanges and your financial information such as your credit or debit card information to process your payment;
  • when you interact with the Website and other services including content you post such as reviews, testimonials, and other feedback;
  • when you use the Website, including search terms, pages you visit, computer and mobile device information and general location information from your browser or device; and
  • when you share your social media account information with us.

Usage Information: We may also collect information that is not Personal Information, but that relates to your usage of the Website or the App and that may be necessary for the proper functioning or improvement of the Website or the App (“Usage Information”), including:

  • the dates and times at which you use the Website or the App;
  • the extent of your use of the Website or the App;
  • the general location from which you access and/or use the Website or the App;
  • the URL or advertisement that referred you to the Website or the App;
  • the search terms you entered into a search engine that led you to the Website or the App;
  • your usage preferences, areas and pages within the Website or the App that you access or use, which products/services you view or purchase, and any other items or links within the Website or the App that you click, view or access; and
  • the mobile platform or service provider you use, your browser type, your operating system, and referring/exit pages.

We may collect Usage Information over time and across third-party websites or other online services for behavioral tracking purposes.

Third Party Information: We may collect information about you that we receive from third parties (“Third-Party Information:”). For example, we may supplement certain information that we collect from you with outside records, or information third parties may provide us about you in connection with a co-marketing or other agreement.

While Usage Information and Third-Party Information are generally non-identifying on a standalone basis, we may in certain instances combine this information with other information collected on the Website or the App, as described above. If Usage Information can be used to identify you, we treat such information as Personal Information.

3.             Categories of Personal Information We Process

For purposes of this Privacy Notice, the term “Personal Information” means information about you that can identify you individually or by household.

In the past 12 months, we have processed the categories of Personal Information listed in the table below. The table also lists, for each category, the source, business purpose, and a general description of third parties to whom this information may be disclosed.

Personal Information Category Source of Information Business Purpose Third Parties to Whom Information is Shared
Identifiers (e.g., name, mailing address, email address, IP address) You, your company, and/or your use of the Website or the App To contact you; provide you or your company, or other HSA Store customers with goods, services, or information you or your company request; or to make our products and services better We disclose your information to service providers, such as mailing fulfillment vendors and companies that help us identify you and your preferences, to conduct our business. We may also share your personal information with other service providers, such as credit card processors or professionals, like attorneys or accountants, where necessary for our business. We may also share this information with advertisers for cross-context behavioral i.e., targeted advertising.
Payment information (e.g., credit card information) You, your company, and/or your use of the Website or the App See above See above
Commercial information (e.g., products or services purchased or considered); your favorite products on the Website You, your company, and/or your use of the Website or the App See above See above
Internet or other similar network activity; Usage information You, your company, and/or your use of the Website or the App See above See above
Geolocation data (e.g., physical location) You, your company, and/or your use of the Website or the App See above See above
Inferences drawn from other Personal Information You, your company, and/or your use of the Website or the App See above See above
IInformation concerning your spending account, including as needed for the Integration Services (e.g., name, postal address, phone number, account balance,, participant identification, administrator identification) You, your plan’s Third-Party Administrator To display account information to you; to administer our Integration Services See above

Generally, we retain Personal Information for as long as it serves the business purpose for which it was collected. If there is a specific retention period required by law or contract, the Personal Information will be retained for that length of time. Where we collect Personal Information in relation to our Integration Services, we collect your consent to do so. After you have enrolled, you can opt out of the Integration Services by logging in to your account portal and following the opt out prompts.

4.             Sensitive Personal Information

Under applicable law, some categories of Personal Information are considered sensitive, requiring, in some cases, that we obtain your consent to process such information, and that we take certain additional steps to protect it. The table below lists the categories of Sensitive Personal Information we have processed in the last 12 months, the purposes for such processing, and whether we sell or share Sensitive Personal Information.

Sensitive Personal Information Category Business Purpose Sold or Shared for Purposes of Targeted Advertising?
Financial account or spending account information, including account log-in, financial account, debit card, or credit card number and potential credentials allowing access to an account To allow you to make purchases; to display spending account information; to offer you the Integration Services No
Health information To offer you products and services you may need or be interested in; to answer your questions via our chat function No

We retain Sensitive Personal Information as per our general retention practices, noted above. We only process your Sensitive Personal Information as necessary to perform the services or provide the goods that you reasonably expect when dealing with us, or as otherwise authorized by law. 

5.        Use of Personal Information

We may use the Personal Information we collect to:

  • identify you and improve and/or customize the Website or the App;
  • complete your transactions, fulfill your orders or process your returns/exchanges;
  • send you browse or cart reminders, order confirmations and other administrative or account notices;
  • send you requested product or service information;
  • respond to customer service requests, questions or comments;
  • administer your account and manage your account information;
  • send you emails;
  • send you SMS messages (subject to certain terms described herein);
  • contact you with offers, promotions, and other product specials;
  • send you more relevant marketing communications and general information/updates about the Website or the App;
  • create a more personalized shopping experience and customize certain content you see on the Website and the App;
  • identify trends, conduct data analysis, optimize, and determine the effectiveness of our marketing and promotions and other service offerings;
  • improve your user experience and increase the efficiency and effectiveness of the Website or the App;
  • analyze your usage of the Website or the App;
  • maintain security;
  • enforce our Terms of Use;
  • support purposes that we believe are necessary to protect our rights and the rights of others, or as otherwise described to you at the time of collection;
  • perform internal operations that are reasonably aligned with your expectations as a consumer or reasonably anticipated based on your existing relationship with us; and
  • perform internal operations that are otherwise compatible with processing data in furtherance of the provision of a product or service specifically requested by you or the performance of a contract with you.

We may also use certain information on an aggregated and/or anonymized basis to conduct market research, engage in project planning, for troubleshooting purposes or to help detect and protect against error, fraud or other criminal activity. We will not de-aggregate or re-identify the aggregated and/or anonymized data that we process. 

6.        Disclosure of Personal Information

We may disclose Personal Information that we collect or that you provide us as described in this Privacy Notice:

  • to any of our current or future subsidiaries or affiliates;
  • to contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep such Personal Information confidential and use it only for the purposes for which we disclose it to them;
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about the Website or App users or customers is among the assets transferred;
  • to third parties to market their products or services to you if you have consented to these disclosures;
  • to fulfill the purpose for which you provide it;
  • for any other purpose disclosed by us when you provide the information; and
  • with your consent.

We may also disclose your Personal Information:

  • to comply with any court order, law, or legal process, including to respond to any government, law enforcement, or regulatory request;
  • to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; and
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of HSA Store, our customers, or others; this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We may disclose aggregated information or any information that does not identify any individual without restriction.

7.        Cookies and Other Tracking Technologies

We may use cookies, for example, to keep track of your preferences and profile information, or to engage in certain retargeting activities that we feel will better enhance your user experience and the efficiency and effectiveness of the Website or the App and certain product and service offerings. For example, we may use cookies to track the items in your shopping cart and may use that information to send you triggered text campaigns (e.g., sending you personalized text messages such as browse reminders or shopping cart reminders). Cookies are also used to collect Usage Information.

Cookies are small pieces of information that are stored as text files by your Internet browser on your computer’s hard drive, mobile device, or tablet. Most internet browsers are initially set to accept cookies. You can set your browser to refuse cookies from websites or to remove cookies from your hard drive, but if you do so, you may not be able to access or use portions of the Website, or certain offerings on the Website may not function as intended. We must use cookies to enable you to select products, place them in an online shopping cart, and to purchase those products. If you do this, we will keep a record of your browsing activity and purchases.

We may use a third-party service to place cookies on your computer to collect information and compile aggregated statistics for us about visitors to the Website.

We do not control third parties’ collection or use of your information to serve interest-based advertising. For more information about these forms of targeted advertising and to understand your right to opt out from these practices, please visit: https://youradchoices.com/choices-faq. Additional information on how to opt out of targeted advertising practices of NAI or DAA affiliated advertisers is available here: NAI Opt Out or DAA Opt Out. To further prevent targeted advertising based on browser behavior, you can disable digital tracking tools on your browser.

8.        Web Beacons

The Website pages may contain electronic images known as web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how the Website is used, and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.

We also use third parties to gather information about how you use the Website. For example, we will know how many users access a specific page and which links they clicked on. We use this aggregated information to understand and optimize how the Website is used.

9.        Use of Chatbots 

We may use automated chat features, or “chatbots” on the Website or the App. Information collected by a chatbot is used only for the intended purpose stated at the time of collection, such as to answer a specific user question. We will only collect the information a user submits as part of a chatbot conversation, along with session information described generally above. We recommend that users not submit Personal or Sensitive Personal Information through the chatbot features unless specifically prompted to do so. We may recommend products based on your questions submitted through the chatbot, but you should not take chatbot suggestions as medical advice. If you have a specific question requiring a detailed response, we recommend contacting Customer Service at (888) 372-1450. 

10.      Email Opt-Out

We maintain a strict “no-spam” policy. Unless you request otherwise in your account settings at the time of your initial account creation or specifically opt out as provided below, by accepting the Terms of Use and this Privacy Notice, you expressly agree that we may use your information to contact you by email in order to deliver you information that is relevant to your use of the Website or the App such as administrative notices, product offers, service enhancements or “newsletters”, or that, in some cases, is targeted to your interests, such as targeted advertisements or information about certain eligible products (including deals, discounts or other promotions for such products) that we believe you may be interested in learning more about. You may choose to stop receiving these email communications from us by following the instructions included in such communications or by accessing your account at My Account and changing your email preferences. If a third-party vendor provides such newsletters, you may unsubscribe in accordance with the instructions provided by such third party. If you are having problems unsubscribing, please contact us at privacy@fsastore.com (forwarding the newsletter, if applicable, and including in the Subject line the words “Unsubscribe”), and we will make commercially reasonable efforts to complete your request within seven (7) business days. Please note that we cannot process any unsubscribe requests submitted as direct replies to any newsletter.

11.      SMS Opt-In and Out

By providing your mobile phone number and deadline information, and electing to opt-in to our SMS messaging program via the Website or the App or by sending us an opt-in text message, you confirm that you are the subscriber or customary user of that mobile phone number and affirmatively consent to our use of your mobile phone number for calls and texts (including prerecorded and/or by automatic telephone dialing systems) in order to provide you with (i) order confirmations and tracking information; (ii) reminder notifications regarding your account deadline (Note: deadline information provided is based solely on the information you provide us; we cannot confirm the validity of the information provided.); (iii) information and reminders regarding certain eligible product offerings and promotions; (iv) information and reminders regarding certain product specials, deals and discounts; (v) any push notifications delivered by us; and (vi) browse or cart reminders (Note: We uses cookies to collect information around abandoned shopping carts. A cart is considered abandoned within one hour of inactivity/lack of purchase. Once the cart is considered abandoned, an SMS message will be sent as a reminder.). Message frequency may vary. We will not assess any charges for calls or texts, but standard message and data rates may apply. If you have any questions or need assistance regarding any text message received, you can text us “HELP” to receive assistance. You may opt-out of receiving text messages from us by texting “STOP” in response to any text. You understand that we may send you a text confirming any opt-out by you.

12.      Sweepstakes, Contests and Promotions

We may offer sweepstakes, contests, and other promotions (each a “Promotion”) that may require registration. By participating in a Promotion, you are agreeing to the official rules that govern that Promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor(s) of the Promotion to use your name, voice, likeness, or other indicia of persona in advertising or marketing associated with the Promotion. If you choose to enter a Promotion, your Personal Information may be disclosed to third parties or the public in connection with the administration of such Promotion, including, without limitation, in connection with winner selection, prize fulfillment, and as required by law or permitted by the Promotion’s official rules, such as on a winner’s list.

13.      Links to Other Websites

The Website or the App may include links to other websites, mobile applications, or services (“Third-Party Sites”), whose privacy practices may differ from ours. Such links are not an endorsement by us of those Third-Party Sites and/or the products or services they offer. If you visit Third-Party Sites, or submit information to Third-Party Sites, your visit, and the information you provide is governed by the privacy statements on those sites. We encourage you to carefully read the privacy statement of any Third-Party Site you visit, as it may differ substantially from that of this Privacy Notice. We make no representations or warranties nor are we responsible for the privacy statements of any third party. If you decide to click on any such links or access any Third-Party Sites appearing on the Website or the App, you do so at your own risk.

The Website includes hyperlinks to an eyewear/optical prescription fulfillment website. Our Terms of Use and this Privacy Notice do not extend to such eyewear/optical prescription fulfillment website, and we therefore encourage you to review the terms and conditions and privacy statement of such fulfillment website before accessing, using, or providing any information to such website. Any Personal Information, including prescription and credit card information, that you provide via the eyewear/optical prescription fulfillment website will be governed by the privacy statement of such website.

14.      Children

We are committed to protecting the privacy and rights of children online. To that end, no part of the Website is directed towards persons under the age of 16 and we do not collect any Personal Information from users who we know are under the age of 16. Should we discover or be informed that a child has submitted their Personal Information, we will delete such information.

15.      Security

The security of your information is important to us. When you enter payment information into the Website or the App, we encrypt its transmission. We use appropriate administrative, technical, and physical safeguards to protect the information submitted to us, both during transmission and once we receive it, and to keep such information confidential (unless it is non-confidential by nature, for example, publicly available information) and free from any unauthorized access or alteration. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and the nature of security risks is constantly evolving. The security of any information collected, stored, or used by us cannot be guaranteed.

If you have any questions about security on the Website or the App, you can contact us at privacy@fsastore.com.

16.      Accessing and Updating Your Personal Information

To access and update your Personal Information go to My Account.

17.      Your Rights and Choices

We will not sell the Personal Information we collect. However, we may share it with third parties for cross-context behavioral, i.e., targeted advertising. To opt-out of Personal Information sharing for targeted advertising purposes, email privacy@fsastore.com. We will not share the mobile information we collect for targeted advertising purposes. However with your authorization, we will share your mobile information with service providers solely for the purpose of providing you with marketing e.g., when you sign up to receive SMS texts from us.

Applicable law may provide consumers with specific rights regarding their Personal Information. This section describes these rights and explains how to exercise them. You may also have the right to appeal our decision regarding your request.

Access to Specific Information and Data Portability Rights

You may have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you.
  • Our business or commercial purpose for collecting or selling that Personal Information.
  • The categories of third parties with whom we share that Personal Information.
  • The specific pieces of Personal Information we collected about you.

You may also have the right to a copy of the Personal Information we have collected from you in a readily useable, electronic format.

Deletion Request Rights

You may have the right to request that we delete any of your Personal Information that we collected from or about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) applicable Personal Information from our records, unless an exception applies. Please note that if you wish to have Personal Information collected by one of our affiliate sites (e.g., optical) deleted, you must contact that affiliate directly and follow the data deletion request process outlined in that affiliate's privacy notice to do so. 

Correct Inaccurate Information

You can make any corrections needed in your profile by logging into My Account. If you need to correct any other Personal Information that we process concerning you, please contact us as noted below.

Exercising Data Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by either:

Only you, or a person duly authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. We will need proof showing you have authorized someone else to make a request on your behalf, which may include a Power of Attorney form or other signed document.

Before we fulfill a deletion, access, or correction request, we must verify your identity and ability to exercise some of these rights. In order to do this, we may require you to provide your name, contact information and the nature of your relationship with us.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless authorized by law. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If we reject your request, you may have the right to appeal our decision. If we reject your request, we will provide instructions on how to make an appeal.

Non-Discrimination

Of course, we will not discriminate against you for exercising any of your data rights. Unless permitted by applicable law, we will not do any of the following, if you exercise your data rights:

  • deny you goods or services;
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • provide you a different level or quality of goods or services; or
  • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

18.      Notice of Financial Incentive/ Bona Fide Loyalty Program Disclosure

We offer our customers a loyalty program, HSA Perks(™), that provides certain benefits, such as rewards and exclusive offers. We may also provide other programs, such as sweepstakes, contests, or other similar promotional campaigns (collectively, the “Programs”). When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of personal information and offering of certain benefits, they might be interpreted as a “financial incentive” program under California law or a “bona fide loyalty program” under Colorado law. Under the California law, the value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less the expense related to offering those products, services, and benefits to Program participants.

You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Visit the terms and conditions page of each Program to view full details, including how to sign up.

19.      Contact Information

You can contact us about this Privacy Notice by writing, emailing, or calling us at:

HSA Store Inc.

5473 Blair Rd

Suite 100

PMB 24308 

Dallas, TX 75231

Email: privacy@fsastore.com

19.      Business-to-Business Privacy 

Residents of California that have a business-to-business (“B2B”) relationship (e.g., relationships with third-party administrators or service providers, each a “B2B Contact”) with us have the rights outlined above. For information on how we process Personal Information concerning job applicants, employees, please see this Notice

In the past 12 months, we have collected the following categories of Personal Information from and concerning B2B contacts:

Categories of personal information we collect Source of information Business Purpose Third Parties to Whom Information Is Disclosed
Identifiers (e.g., name, email address, phone number) Our B2B Contacts, their employers, and other third parties. Engaging in transactions and other business with employers of B2B Contacts We disclose your information to service providers, such as mailing fulfillment vendors and companies that help us connect and do business with your employers. We may also share your Personal Information with other service providers, such as professionals, like attorneys or accountants, where necessary for our business.
Information relating to Internet activity or other electronic network activity (e.g., browsing data) Our B2B Contacts See above See above

We may also disclose your information to government entities, regulators and law enforcement or other B2B Contacts. We disclose Personal Information concerning B2B Contacts to support our operations.

If you would like to exercise your privacy rights in relation to this Personal Information, please contact us as noted above. 

To print out a copy of this Privacy Notice, please click here.