Placeholders to complete before publishing. Replace [Legal entity name] and [Registered address] with the legal entity that operates Sweet Bennies, and have counsel review this document. It is a starting template, not legal advice.

Sweet Bennies ("Sweet Bennies," "we," "us," or "our") is a benefits-administration platform operated by [Legal entity name], [Registered address]. This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have. It applies to sweetbennies.com, the Sweet Bennies application, and related services (together, the "Service").

On this page
1. Whose data 2. What we collect 3. Google data & Drive 4. How we use it 5. Health information 6. Where data lives 7. Who we share with 8. Retention & deletion 9. Security 10. Your choices 11. Other 12. Contact

1. Whose data this covers

Sweet Bennies is sold to employers (our "Customers") who use it to run benefit programs for their people. That creates two relationships:

For most personal information submitted through a benefit program, the Customer is the party that decides how the information is used (the "controller"), and Sweet Bennies processes it on the Customer's behalf under our agreement with them. If you are an employee and have questions about your data, please also contact your employer.

2. Information we collect

Information you provide

Information collected automatically

3. Google account data and Google Drive access

Sweet Bennies uses Google OAuth so you can sign in and, if you are a Customer administrator, connect your organization's Google Drive.

Google Limited Use. Sweet Bennies' use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the Service's user-facing features, do not transfer or sell it for advertising, credit, or other unrelated purposes, and do not allow humans to read it except as you direct, with your consent, for security or legal reasons, or where the data has been aggregated and anonymized. We do not use Google Workspace data obtained through Drive scopes to train generalized artificial-intelligence models.

You can revoke Sweet Bennies' access to your Google account or Drive at any time from your Google Account permissions.

4. How we use information

We do not sell personal information, and we do not use it to serve third-party advertising.

5. Health information

Some programs (such as the Health Reimbursement Arrangement and Individual Coverage HRA) involve health-related information. We handle it with care:

Sweet Bennies is not an insurer, a health plan, or a provider of medical, tax, or legal advice. Program compliance (including HIPAA, ACA/ICHRA, and ERISA obligations) is the Customer's responsibility as plan sponsor.

6. Where your data lives

A defining feature of Sweet Bennies is that receipts and benefit documents are stored in the Customer's own Google Drive, not on a Sweet Bennies-controlled document store. Structured records (such as claim amounts, statuses, and configuration) are stored in our application database with our hosting and database providers. We do not issue payment cards and do not process card transactions.

7. Who we share information with

We share information only as needed to run the Service:

RecipientPurpose
Cloud hosting & database providersRun the application and store structured records
GoogleSign-in and Drive storage you authorize
Email providerSend transactional notifications and reminders
AI providerRead receipts/documents to suggest claim details (advisory)
Your employer / their appointed administratorReview and approve claims within your workspace
Advisors, authorities, or acquirersLegal compliance, to protect rights and safety, or in a business transfer

These providers are bound by contracts that limit their use of information to providing services to us. We require providers that handle health data to offer appropriate protections.

8. Data retention & deletion

We keep personal information for as long as needed to provide the Service and to meet legal, tax, and audit obligations, then delete or de-identify it. Customers control retention of health documents on their own Drive and can configure disposal schedules. To request access to, correction of, or deletion of your information, contact us or your employer (see below).

9. Security

We use administrative, technical, and organizational safeguards designed to protect information, including encryption in transit, access controls, and least-privilege access to Google scopes. No method of transmission or storage is perfectly secure, but we work to protect your information and to promptly address issues.

10. Your choices & rights

Because much of this data is controlled by your employer, we may direct certain requests to them or fulfill them on their behalf.

11. Other important information

Children

The Service is for workplace use by adults and is not directed to children under 16. We do not knowingly collect information from children.

United States

The Service is operated in the United States and intended for U.S. employers and their workforces. Information is processed in the United States.

Changes to this policy

We may update this Privacy Policy from time to time. We will change the "Last updated" date above and, for material changes, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.

12. Contact us

Questions or requests about privacy? Email privacy@sweetbennies.com or hello@sweetbennies.com, or write to us at [Legal entity name], [Registered address].

This document is provided as a template and does not constitute legal advice. Please have qualified counsel review and adapt it before you rely on it.