Sweet Bennies ("Sweet Bennies," "we," "us," or "our") is a benefits-administration platform operated by [Legal entity name], [Registered address]. This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have. It applies to sweetbennies.com, the Sweet Bennies application, and related services (together, the "Service").
1. Whose data this covers
Sweet Bennies is sold to employers (our "Customers") who use it to run benefit programs for their people. That creates two relationships:
- Customer administrators who set up and operate the platform.
- Employees and other individuals of a Customer who submit reimbursement requests, receipts, and related information.
For most personal information submitted through a benefit program, the Customer is the party that decides how the information is used (the "controller"), and Sweet Bennies processes it on the Customer's behalf under our agreement with them. If you are an employee and have questions about your data, please also contact your employer.
2. Information we collect
Information you provide
- Account & identity: name, work email address, employer, role, and profile details, largely obtained when you sign in with Google.
- Company setup: program configuration, budgets, categories, employee classes, and policy documents entered during onboarding.
- Reimbursement data: receipts, invoices, Explanation of Benefits (EOB) documents, proof of insurance coverage and premium notices, expense dates, amounts, categories, and claim notes.
- Communications: messages you send us (e.g., support or a price-match request).
Information collected automatically
- Usage & device data: log data, IP address, browser/device type, and actions taken in the Service, used to operate, secure, and improve it.
3. Google account data and Google Drive access
Sweet Bennies uses Google OAuth so you can sign in and, if you are a Customer administrator, connect your organization's Google Drive.
- Sign-in: we access your basic Google profile (name, email address, and profile identifier) to authenticate you and route you to the correct workspace.
- Google Drive: with your explicit authorization, we access a Google Drive folder you select in order to store and retrieve the receipts and documents that belong to your benefit programs. We do not access files outside the scope you grant, and we request the narrowest access needed to provide the Service.
You can revoke Sweet Bennies' access to your Google account or Drive at any time from your Google Account permissions.
4. How we use information
- Authenticate users and provide the reimbursement, health-plan, and incentive features you configure.
- Read receipts and documents so our AI can suggest amounts, dates, and categories, and so reviewers can approve claims. AI suggestions are advisory and reviewed within your workspace.
- Generate policy documents, reminders, payroll-ready exports, and audit records.
- Provide support, secure the Service, prevent fraud and abuse, and meet legal obligations.
- Improve the Service using aggregated or de-identified data.
We do not sell personal information, and we do not use it to serve third-party advertising.
5. Health information
Some programs (such as the Health Reimbursement Arrangement and Individual Coverage HRA) involve health-related information. We handle it with care:
- We collect only what is needed to substantiate and process a claim, and we minimize health details before any AI review.
- Health documents are stored in the Customer's own Google Drive, under the Customer's control.
- We support disposal on a schedule the Customer sets; when a claim is withdrawn or deleted, associated files are removed from Drive, not merely hidden.
- Where a Customer's program is subject to HIPAA, Sweet Bennies acts as a service provider to the Customer and will enter into a Business Associate Agreement (BAA) where required. Our own use of third-party subprocessors that may handle such data is governed by appropriate agreements.
6. Where your data lives
A defining feature of Sweet Bennies is that receipts and benefit documents are stored in the Customer's own Google Drive, not on a Sweet Bennies-controlled document store. Structured records (such as claim amounts, statuses, and configuration) are stored in our application database with our hosting and database providers. We do not issue payment cards and do not process card transactions.
7. Who we share information with
We share information only as needed to run the Service:
| Recipient | Purpose |
|---|---|
| Cloud hosting & database providers | Run the application and store structured records |
| Sign-in and Drive storage you authorize | |
| Email provider | Send transactional notifications and reminders |
| AI provider | Read receipts/documents to suggest claim details (advisory) |
| Your employer / their appointed administrator | Review and approve claims within your workspace |
| Advisors, authorities, or acquirers | Legal compliance, to protect rights and safety, or in a business transfer |
These providers are bound by contracts that limit their use of information to providing services to us. We require providers that handle health data to offer appropriate protections.
8. Data retention & deletion
We keep personal information for as long as needed to provide the Service and to meet legal, tax, and audit obligations, then delete or de-identify it. Customers control retention of health documents on their own Drive and can configure disposal schedules. To request access to, correction of, or deletion of your information, contact us or your employer (see below).
9. Security
We use administrative, technical, and organizational safeguards designed to protect information, including encryption in transit, access controls, and least-privilege access to Google scopes. No method of transmission or storage is perfectly secure, but we work to protect your information and to promptly address issues.
10. Your choices & rights
- Access & correction: request a copy of, or corrections to, your information.
- Deletion: request deletion, subject to legal retention needs.
- Revoke Google access: disconnect Sweet Bennies from your Google Account at any time.
- Regional rights: depending on where you live (for example, under U.S. state privacy laws), you may have additional rights to access, delete, correct, or limit certain processing, and to appeal a decision. We honor applicable rights and do not discriminate against you for exercising them.
Because much of this data is controlled by your employer, we may direct certain requests to them or fulfill them on their behalf.
11. Other important information
Children
The Service is for workplace use by adults and is not directed to children under 16. We do not knowingly collect information from children.
United States
The Service is operated in the United States and intended for U.S. employers and their workforces. Information is processed in the United States.
Changes to this policy
We may update this Privacy Policy from time to time. We will change the "Last updated" date above and, for material changes, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.
12. Contact us
Questions or requests about privacy? Email privacy@sweetbennies.com or hello@sweetbennies.com, or write to us at [Legal entity name], [Registered address].
This document is provided as a template and does not constitute legal advice. Please have qualified counsel review and adapt it before you rely on it.
