Privacy Notice

This notice explains how HR Benefits Inc. handles personal data through our website and our service. Because benefits administration involves health and financial information, this notice is more detailed than most.

Roles

We act as a controller for personal data we collect directly through this website. We act as a processor under our customers' instructions for personal data they upload to the platform. For US customers we sign a HIPAA Business Associate Agreement; for Canadian customers we comply with PIPEDA and provincial PHI law (PHIPA in Ontario).

Data we collect

• From visitors — name, email, employer, role, message content, IP, browser metadata.
• From customer admins — username, business email, hashed credentials, role, audit metadata.
• From employees enrolled in customer plans — identifiers, demographic data, dependent information, benefit elections, deduction data, and limited health information necessary to administer the benefit.

Why we process it

• To provide the service under customer agreements.
• To meet legal obligations under benefits law, ACA, ERISA, and provincial regulators.
• To prevent fraud and secure the platform.

Sharing

We share personal data only with: customer-authorised carriers and TPAs to administer benefits; sub-processors under contract; the customer's broker as authorised; professional advisors; and authorities where legally required. We don't sell personal data.

Retention

Marketing-form: 24 months. Customer platform data: per the customer's contractual schedule and applicable law. Audit logs: 7 years. PHI: per HIPAA and provincial requirements.

Your rights

Rights vary by jurisdiction. Contact privacy@hr-benefits.it.com.

Security

SOC 2 Type II and HIPAA security-rule controls. Suspected compromise: security@hr-benefits.it.com.

Contact

HR Benefits Inc. · 130 King Street West, Suite 1800, Toronto, ON M5X 1E3