Privacy Policy

Effective Date: January 1, 2019

Last Updated: 6/30/2025

DataPath, Inc. (“DataPath,” “we,” “our,” or “us”) respects the privacy of individuals who access and use our secure platform to manage benefits-related services and accounts. This Privacy Policy describes how we collect, use, disclose, and protect personal information processed through our web-based platforms.

This policy applies only to the platform and services accessible through authorized user login. It does not apply to our corporate website or any other external websites.

Information We Collect

We may collect the following types of personal information from users accessing our platform:

  • Name, username, and login credentials
  • Employer or plan administrator affiliation
  • Contact information (e.g., email address, mailing address)
  • Account activity, including benefit elections or reimbursement submissions
  • Device and browser information, IP address, session data
  • Security-related metadata (e.g., multi-factor authentication logs)

We do not directly offer services to individuals. Any personal information we process is on behalf of plan administrators, TPAs, financial institutions, or employers who engage us to provide platform services.

How We Use the Information

Personal information is used to:

  • Authenticate and manage platform access
  • Process account activity and benefits transactions
  • Maintain and improve the platform’s functionality and security
  • Support compliance with applicable laws, plan rules, and contractual obligations
  • Provide user support and respond to inquiries

Cookies and Tracking Technologies

Our platform uses limited cookies and similar technologies to:

  • Maintain secure login sessions
  • Track session activity for audit and compliance
  • Monitor platform performance and usage trends

We do not use third-party advertising cookies or track users across unrelated websites.

Sharing of Information

We may share personal information:

  • With the authorized third-party administrator (TPA), plan sponsor, or financial institution managing your account
  • With contracted service providers who support platform operations (e.g., hosting, IT, fraud detection)
  • When required by law, regulation, legal process, or to protect our legal rights

We do not sell or share personal information for marketing or advertising purposes.

Data Security

We implement appropriate technical and administrative safeguards to protect personal information, including:

  • Encryption of data in transit and at rest
  • Role-based access controls
  • Multi-factor authentication
  • Intrusion detection and monitoring systems

Despite these measures, no system can be completely secure. Users are encouraged to safeguard their credentials and report any suspected unauthorized access.

Data Retention

We retain personal information as necessary to:

  • Provide ongoing platform services
  • Fulfill legal or regulatory retention requirements
  • Support audits, inquiries, and historical account resolution

Retention periods are determined in coordination with our clients and legal obligations.

Your Rights

Users may request to:

  • Access the personal information associated with their platform account
  • Correct inaccurate information
  • Request deletion (subject to plan sponsor approval and legal obligations)

Requests should be directed to your plan administrator or benefits provider. You may also contact us at [Insert Email Address] for assistance.

California Residents

If you reside in California, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including:

  • The right to know what personal information is collected and for what purposes
  • The right to request deletion of your personal information
  • The right to opt out of any sale or sharing of your personal information (we do not sell or share data)

To submit a California privacy request, contact:

privacy@dpath.com

Or mail to:
DataPath
Attn: Privacy
1601 Westpark Drive, Suite 9
Little Rock, AR 72204

Children’s Privacy

Our platform is not directed to children under the age of 16, and we do not allow children to create accounts or access the platform directly. However, in the course of providing services to businesses, we may receive limited personal information about dependents, including minors, as part of benefits enrollment or claims processing.

This information is collected and processed solely to fulfill our contractual obligations and in accordance with applicable privacy and security laws.

If you believe we have collected a child’s information outside of this context or without proper authorization, please contact us so we can investigate and take appropriate action.

Contact Us

If you have questions about this Privacy Policy or our data practices:

privacy@dpath.com

Or mail to:
DataPath
Attn: Privacy
1601 Westpark Drive, Suite 9
Little Rock, AR 72204

Changes to This Policy

We may update this Privacy Policy periodically. The “Last Updated” date will reflect the latest version. Continued use of the Website constitutes your agreement to the current version.