Stack Healthcare Logo

Privacy Policy

Last Updated: February 25, 2026

Healthcare benefits require sharing personal and financial information. That reality deserves clarity.

Stack exists to simplify access to coverage, reimbursements, and care navigation. To do that responsibly, we collect only the information necessary to administer benefits and operate our platform. We structure our systems to limit access, require defined safeguards from our partners, and align our practices with applicable federal and state privacy laws, including HIPAA where it applies.

We do not treat personal information as a marketing asset. We treat it as infrastructure required to deliver benefits.

This Privacy Policy explains what information flows through Stack, why it is collected, how it is used, how it may be shared, and the choices available to you.

1. Our Role and Relationship With You

Stack Healthcare Inc. (“Stack,” “we,” “us,” or “our”) operates a platform that helps individuals access and manage health benefits, including employer-sponsored ICHRAs, insurance enrollment support, care navigation services, Stack Pay programs, and related administrative services (collectively, the “Services”).

When you use Stack through your employer, your employer sponsors the benefit plan (the “Plan Sponsor”). Stack provides administrative and technology services to support that plan.

In certain contexts, Stack acts as a service provider or Business Associate to employer-sponsored health plans. In those cases, personal information, including protected health information (PHI), is subject to HIPAA and applicable Business Associate Agreements.

When you interact with Stack directly outside of a plan-sponsored context, Stack acts as a direct service provider to you.

2. HIPAA and Protected Health Information

In certain circumstances, Stack acts as a Business Associate to employer-sponsored health plans and processes Protected Health Information (“PHI”) subject to HIPAA and applicable Business Associate Agreements. When acting in that capacity, we use and disclose PHI only as permitted by our agreements and by law, implement safeguards designed to protect PHI, and do not use or sell PHI for advertising or unrelated commercial purposes. Your employer or health plan provides the applicable HIPAA Notice of Privacy Practices.

3. Scope of This Privacy Policy

This Privacy Policy applies to personal information collected through Stack’s website, mobile applications, and platform Services.

This Privacy Policy does not apply to:

  • Insurance carriers or health plans, which maintain their own privacy policies and notices of privacy practices
  • Employers’ internal HR systems
  • Third-party websites or services linked from our platform
  • Social media providers used for login

4. Personal Information We Collect

A. Identifiers

  • Name, email address, mailing and residential address, phone number
  • Account credentials and authentication information
  • Social Security number or other government identifiers
  • IP address and online identifiers

If biometric identifiers are collected in future features, they will be collected only with appropriate notice and consent.

B. Insurance and Benefit Information

  • Insurance enrollment forms
  • Policy numbers and coverage selections
  • ID card details
  • Reimbursement submissions and supporting documentation
  • Explanation of Benefits (EOBs) or similar records

C. Financial Information

When financial features are made available through the Platform, we may collect or process certain financial information in connection with benefit administration, reimbursement payments, or related services. This may include:

  • Bank account details for reimbursement payments
  • Payment card information processed through service providers
  • Transaction history related to benefit administration

To support financial verification, payment processing, and related services, we may use third-party service providers. These providers operate under their own privacy policies and terms of service. We may add, remove, or replace financial service providers as the Platform evolves. Any such providers will be contractually required to implement reasonable security measures consistent with applicable law.

D. Employment and Eligibility Information

  • Employer name and employment status
  • Eligibility verification data
  • Plan participation information

E. Device and Usage Information

  • Browser type, operating system, device identifiers
  • Log data and usage activity

F. Service Providers and Platform Integrations

We use service providers to support communications, analytics, and employment-related data integrations. Depending on the features made available, these providers may process information on our behalf to help us operate, improve, and secure the Platform.

Service providers may include:

These providers process information in accordance with their own privacy policies and contractual obligations.

G. Analytics and Advertising Technologies

We use cookies and similar technologies to operate and improve the Platform, including essential cookies for functionality and analytics cookies to understand usage.

We may use third-party providers such as:

These providers may use cookies and similar technologies to collect usage and device information. You can manage cookie preferences through your browser settings, though disabling cookies may affect Platform functionality.

We may update our use of analytics and tracking technologies as the Platform evolves.

H. Social Login

If we offer social login functionality, we may receive limited profile information such as name and email address from the provider.

5. How We Use Personal Information

We may use your Personal Information for the following:

  • Account management and eligibility verification
  • Reimbursement processing and payment facilitation
  • Care navigation and support services
  • Compliance with legal and regulatory obligations, including employee benefit plan requirements
  • Fraud detection, security monitoring, and system integrity
  • Communicating about our Products and Services, to the extent permitted by law

We do not sell personal information.

We do not use health information for advertising.

6. How We Share Information

We may share you Personal Information with third parties for certain purposes, including:

  • Employers and plan sponsors, as necessary to administer benefits
  • Insurance carriers and brokers involved in enrollment or claims support
  • Service providers and vendors performing services on our behalf
  • Payment processors
  • Government authorities where required by law
  • Corporate successors in connection with a merger or acquisition
  • To enforce our Terms of Use and protect the safety and integrity of our Services
  • To communicate about our Products and Services, as permitted by law
  • If you request or direct us to do so.

We require service providers to use personal information only to provide contracted services and to protect it in accordance with applicable law.

7. Artificial Intelligence and Automated Processing

We may use artificial intelligence or machine learning technologies to support document review, workflow automation, search, and administrative efficiency.

Where AI tools process personal information, we maintain contractual safeguards designed to restrict use of such information to providing services on our behalf.

8. Your Privacy Choices

A. Cookies and Tracking

Most browsers allow you to restrict or delete cookies through your settings. Disabling certain cookies may affect platform functionality.

Where required by law, you may opt out of certain tracking technologies used for advertising.

B. Targeted Advertising

We may work with advertising partners that use cookies or similar technologies to display relevant ads.

We do not control how third-party advertising networks use information they collect directly. Their practices are governed by their own privacy policies.

If applicable under state law, you may opt out of targeted advertising as described in the “California Privacy Notice” or other state rights sections.

C. Marketing Communications

You may opt out of marketing emails by using the unsubscribe link in the message or adjusting your account preferences.

You may opt out of SMS marketing by replying “STOP” or “UNSUBSCRIBE.”

Opting out does not affect service-related communications necessary to administer your account or benefits.

D. Access, Correction, and Deletion

You may review and update certain information through your account.

You may request correction or deletion by contacting us. We may retain certain information as required for legal, regulatory, or benefit administration purposes.

E. Third-Party Websites

We are not responsible for the privacy practices of third-party websites or services linked from our platform. We encourage you to review their policies.

9. Do Not Track

Because there is no uniform standard for Do-Not-Track signals, we do not currently respond to DNT browser signals.

10. Data Retention

We retain personal information as long as necessary to provide Services and comply with legal obligations.

Certain benefit administration, reimbursement, tax, and audit records may be retained for at least seven (7) years or longer where required by law.

11. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, or misuse.

  • Encryption in transit and at rest
  • Role-based access controls
  • Monitoring and logging
  • Vendor oversight and contractual safeguards

12. Children and Minors

Our Services are not directed to individuals under 18 years of age.

We do not knowingly collect personal information directly from minors through the Platform. If we learn that a minor has provided personal information without required parental or guardian consent, we will take reasonable steps to delete such information. We may collect and process personal information relating to children when that information is provided by a parent, guardian, employer, or plan sponsor for legitimate benefit administration or services.

13. California Privacy Notice

If you live in California, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) and its implementing regulations.

You may ask us to share what personal information we have about you, correct it, delete it, limit how we use sensitive information, or opt out of certain types of data sharing where applicable.

If you request this information, we will provide the categories of personal information we’ve collected and the categories of third parties we’ve shared it with during the relevant period, as required by law. These disclosures are generally available once per calendar year.

We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us using the information below. We will verify your identity and respond within the timelines required by law.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact:

Stack Healthcare Inc
8 East Broad Street
Columbus, OH 43215
privacy@stackhealthcare.com