Stack Healthcare Logo

Privacy Policy

Last Updated: May 20, 2026

Administering healthcare benefits requires the use of personal and financial information. That is a reality that deserves clarity.

At Stack Healthcare Inc. (“Stack,” “we,” “us,” or “our”), we provide services related to health, benefits, and financial support. To do that responsibly, we collect information that is necessary to administer benefits, operate our platform, and perform other business functions described below. We structure our systems to limit access, require defined safeguards, and align our practices with applicable federal and state privacy laws, including HIPAA where it applies.

This Privacy Policy explains what information Stack collects, why it is collected, how it is used, how it may be shared, and the choices available to you.

When you see the term “personal information” in this Privacy Policy, we mean information that can be linked to an identifiable individual or household.

1. Our Role and Relationship With You

Stack operates a platform that helps individuals access and manage health benefits, including employer-sponsored ICHRAs, insurance enrollment support, care navigation services, Stack Pay programs, and related administrative services (collectively, the “Services”).

When you use Stack through your employer, your employer sponsors the benefit plan (the “Plan Sponsor”). Stack provides administrative and technology services to support that plan.

In those cases, Stack acts as a “service provider” or “Business Associate” to employer-sponsored health plans, and your personal information, which is considered protected health information (PHI), is subject to HIPAA and applicable Business Associate Agreements with your employer. Your employer is the entity that is ultimately responsible for how and why your personal information is used, with our assistance.

When you interact with Stack directly outside of a plan-sponsored context, Stack acts as a direct provider to you and Stack is considered the “controller” of your personal information.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal information collected through Stack’s website, www.stackhealthcare.com (our “Site”), as well as the mobile applications and platform used to deliver our Services (the “Platform”). Individuals can access the Platform through our Site, but the Site and Platform are described separately in this Privacy Policy.

This Privacy Policy does not apply to:

  • Insurance carriers or health plans, which maintain their own privacy policies and notices of privacy practices
  • Employers’ internal HR systems
  • Third-party websites or services linked from our platform
  • Social media providers used for login

This Privacy Policy is incorporated into our Terms of Use. You should review our Terms of Use carefully before using our Site and Services.

3. HIPAA and Protected Health Information; Stack as a Business Associate

In certain circumstances, as described above, Stack acts as a Business Associate to employer-sponsored health plans and processes Protected Health Information (“PHI”) subject to HIPAA and applicable Business Associate Agreements. When acting in that capacity, we use and disclose PHI only as permitted by our agreements and by law, and implement safeguards designed to protect PHI. We do not use or sell PHI for advertising or unrelated commercial purposes. Your employer or health plan provides the applicable HIPAA Notice of Privacy Practices.

Our Site is not intended to collect or retain any PHI. Sections of this Privacy Policy that discuss personal information collected on the Site do not apply to PHI, and we do not request, obtain, use or disclose any PHI through our Site.

4. Personal Information We Collect

We collect different personal information depending on the context in which you interact with us.

Information We Collect Through Our Platform and Services

When you use our Services, we collect certain personal information from you directly or, where applicable, from the Plan Sponsor, including:

A. Identifiers

  • Name, email address, mailing and residential address, phone number
  • Account credentials and authentication information
  • Social Security number or other government identifiers
  • IP address and online identifiers

B. Insurance and Benefit Information

  • Insurance enrollment forms
  • Policy numbers and coverage selections
  • ID card details
  • Reimbursement submissions and supporting documentation
  • Explanation of Benefits (EOBs) or similar records

C. Financial Information

When financial features are made available through the Platform, we may collect or process certain financial information in connection with benefit administration, reimbursement payments, or related services. This may include:

  • Bank account details for reimbursement payments
  • Payment card information processed through service providers
  • Transaction history related to benefit administration

D. Employment and Eligibility Information

  • Employer name and employment status
  • Eligibility verification data
  • Plan participation information

Information We Collect Automatically

When you use our Site or access our Services, we collect certain device and usage information automatically, such as:

  • Browser type, operating system, device identifiers
  • Log data and usage activity

We do not deploy non-essential third-party cookies or similar tracking technologies on our Platform but may collect device and usage data for purposes such as ensuring the security and integrity of our Services. See below for additional information about our use of Cookies and Related Technologies.

Information We Collect From Social Media Companies

If and when we offer social login functionality, we may receive limited profile information such as name and email address from the provider.

5. Cookies and Related Technologies

As described, when you interact with our Site, certain information about your use of the Site is automatically collected. Much of this information is collected through cookies, web beacons, and other tracking technologies, which may be operated by our partners who assist us in collecting information about usage of the Site, serving ads, or providing other services to you. For example, we use Google Analytics to collect usage details. You can learn more about privacy and Google Analytics by visiting https://support.google.com/analytics/answer/6004245, and opt out of collection of your data by using the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout. We may also use cookies set by other third-party services.

We do not use non-essential third-party cookies or similar technologies on our Platform.

You may be able to opt out of tracking by cookies or control how information collected by cookies is used via a number of means, as described below.

Your browser or device may include Do-Not-Track functionality. Because there is no uniform standard for Do-Not-Track signals, please note that we do not respond to such signals. However, our Site will honor Global Privacy Control signals where required by law.

6. Service Providers and Platform Integrations

We use service providers to support communications, analytics, and employment-related data integrations. Depending on the features made available, these providers may process information on our behalf to help us operate, improve, and secure the Platform.

Service providers may include:

We also use third-party service providers to support payment processing and financial verification, including:

  • Stripe (payment processing, money transmission, financial account services, and card issuing through its bank partners Celtic Bank and Fifth Third Bank) – Privacy Policy
  • Finch (payroll integration) – Privacy Policy
  • Enigma (financial verification) – Privacy Policy

These providers operate under their own privacy policies and terms of service. We may add, remove, or replace service providers as our services evolve.

7. How We Use Personal Information

We may use your personal information for the following purposes:

  • To deliver our Site and Services, including for account management and eligibility verification, reimbursement processing and payment facilitation, and care navigation and support services
  • To interact with you, including responding to your requests, providing customer support, providing information about additional products, services, and promotions that may be of interest to you, and informing you about important changes to this Privacy Policy, our Terms of Use, or other policies
  • To tailor the content we display to you on our Site and Services
  • To comply with legal and regulatory obligations, including employee benefit plan requirements, respond to any subpoena or government investigation, and to enforce our Terms of Service and other legal rights
  • For fraud detection, security monitoring, and system integrity
  • Communicating about our Products and Services, to the extent permitted by law

8. How We Share Information

We may disclose any personal information we collect to the following recipients for the purposes outlined above:

  • Employers and plan sponsors, as necessary to administer benefits
  • Insurance carriers and brokers involved in enrollment or claims support
  • Service providers and vendors performing services on our behalf
  • Payment processors
  • Analytics and advertising partners, as described elsewhere in this Privacy Policy
  • Government authorities where necessary to comply with applicable law or to respond to requests from law enforcement agencies or other government authorities
  • To communicate about our Products and Services, as permitted by law
  • If you request or direct us to do so

We may share your personal information when it is necessary to protect our customers, employees, or property; in emergency situations; or to enforce our rights under our Terms of Use and other policies. We reserve the right to transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Privacy Policy.

We do not “sell” personal information or “share” personal information for purposes of cross-contextual behavioral advertising.

9. Artificial Intelligence and Automated Processing

We may use artificial intelligence or machine learning technologies to support document review, workflow automation, search, and administrative efficiency.

Where AI tools process personal information, we maintain contractual safeguards designed to restrict use of such information to providing services on our behalf.

10. Your Privacy Choices

You may have certain choices when it comes to how we collect and use your personal information. For additional information about rights you may have under applicable privacy laws, see below.

Account Information. Please visit your account page to update your personal information and payment method.

Email Marketing. If at any time you no longer wish to receive marketing communications from us, you can click the unsubscribe link at the bottom of any email or email us at privacy@stackhealthcare.com.

Online Activity Tracking and Interest-Based Advertising. You have several options to either prevent our collection of information regarding your online activity, or prevent third parties from using such information for interest-based advertisements:

  • You may modify your browser settings to disable or reject cookies across the internet; but if you do so, some features of our website or Services may not function properly or be available. If you are visiting the Services from a mobile device, the operating system of the device may offer you options regarding how the device collects and uses your information for interest-based advertising. Please visit https://thenai.org/opt-out/mobile-opt-out/ for more information.
  • You may be able to prevent third parties from using your information for interest-based advertisements across the internet by visiting http://www.networkadvertising.org or http://www.aboutads.info. Please note this does not opt you out of being served ads, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs.

SMS Marketing. Consent to receive automated marketing text messages is not a condition of any purchase. You can opt out of receiving commercial text messages by responding to any of our text messages with STOP or UNSUBSCRIBE. If you opt out, we may still send you messages regarding the status of your orders and other service-related communications. We do not sell your SMS consent and only share such SMS consent information with third parties as necessary to facilitate text message delivery (i.e., with our technology partners).

11. Data Retention

We retain personal information as long as necessary to provide Services and comply with legal obligations.

Certain benefit administration, reimbursement, tax, and audit records may be retained for at least seven (7) years or longer where required by law.

12. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, or misuse.

  • Encryption in transit and at rest
  • Role-based access controls
  • Monitoring and logging
  • Vendor oversight and contractual safeguards

While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.

13. Children and Minors

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information directly from minors through the Platform. If we learn that a minor has provided personal information without required parental or guardian consent, we will take reasonable steps to delete such information.

We may collect and process personal information relating to children when that information is provided by a parent, guardian, employer, or plan sponsor for legitimate benefit administration or services.

14. Your Rights in Certain US States

The laws of certain U.S. states provide their residents with certain rights to access, delete, and correct certain personal information we collect about you, as well as to restrict the use of personal information for personalized advertising, restrict the “sale” or “sharing” of personal information, and control our use of personal information considered sensitive. We will not discriminate against you for exercising these options.

You may exercise your rights by contacting us using the information described in the “Contact Us” section. We may need to verify your identity before fulfilling certain requests. We do this by asking you to provide personal identifiers we can match against information we may have collected from you previously.

Right to Know and Request Access to, Correction of, and Deletion of Personal Information

You have the right to request access to personal information collected about you in a portable format and to receive information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. You also have the right to request we correct inaccurate personal information and to request, in certain circumstances, that we delete any that we have collected directly from you.

You may submit a request to exercise your rights to know/access, correct, or delete your personal information by contacting us at privacy@stackhealthcare.com.

In order to process your request, we must verify your identity. We do this by asking you to provide personal information we can match against information we may have collected from you previously and confirm your request using the email account stated in the request.

We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Right to Opt Out of Personalized Advertising and Sale to Third Parties

You have the right to opt out of the use and disclosure of your personal information for the purposes of selecting or delivering advertising based on your activity over time and across different online platforms. U.S. residents also have the right to opt out of certain disclosures that are considered “sales” under applicable state laws. We do not currently “sell” or “share” personal information in this manner, and so you are already opted out. We also do not use your personal information for purposes of “targeted advertising.”

Right to Limit Use of Sensitive Personal Information

At this time, we do not process your sensitive personal information in circumstances that would be subject to a right to limit. Please note that we may process information such as social security numbers or other government identifiers on behalf of your employer that are considered sensitive under certain laws. To restrict our processing of such information, you should contact your employer directly.

Right to Opt Out of Automated Decisionmaking

Residents of certain states have the right to opt out of automated profiling in certain instances where such processing would produce legal or other similarly significant effects. At this time, we do not use personal information to make automated decisions about you in any situations where you may have a legal right to opt out.

List of Third Parties to Which Personal Data is Disclosed

If you are a resident of Oregon or Minnesota, you can request a list of the specific third parties to which we have disclosed your personal information.

Right to Appeal

If we deny your request, you may have the right to appeal our decision by contacting us as described in the “Contact Us” section below.

15. Special Information for California Residents

Your California Privacy Rights

In addition to the rights already described, California’s “Shine the Light” law permits customers in California to request details about how certain types of their information are shared with third parties for those third parties’ own direct marketing purposes. If you are a California resident, you may opt out of such sharing by emailing us at privacy@stackhealthcare.com or mailing a written request to the address in our “Contact Us” section below.

California Notice at Collection

At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Policy above.

16. Updates to This Privacy Policy

We may make changes to this Privacy Policy from time to time. The “Last Updated” date at the top of this page indicates when this Privacy Policy was last revised. We may also notify you in other ways from time to time about the collection, use, and disclosure of your personal information described in this Privacy Policy.

17. Contact Us

If you have questions or concerns about this Privacy Policy, please contact:

Stack Healthcare Inc
8 East Broad Street
Columbus, OH 43215
privacy@stackhealthcare.com

If you are using our Services through your employer and have questions about your privacy rights, please contact your employer’s human resources department.

© 2026 Stack Healthcare, Inc. All rights reserved
Terms Of UsePrivacy Policy
Stack Healthcare, Inc. is a financial technology company and is not a bank. Stack Healthcare, Inc. partners with Stripe Payments Company for money transmission services and account services with funds held at Fifth Third Bank N.A., Member FDIC. Stack Premium Payments Visa® Commercial cards are issued by Celtic Bank.