Privacy Policy

Last Updated: January 2025

1. Introduction

HRMAX.AI ("we", "us", "our") is committed to protecting your privacy and the privacy of the employee data you process through our Service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our COBRA letter generation service at www.hrmax.ai.

2. Information We Collect

Account Information

When you register for an account, we collect:

• Name and email address
• Company name and address
• Payment information (processed securely through Stripe)
• Account credentials

Employee Information

To generate COBRA letters, you may provide:

• Employee names and addresses
• Employment dates
• Qualifying event information
• Insurance plan details
• Dependent information (if applicable)

Usage Information

We automatically collect:

• Log data (IP address, browser type, access times)
• Device information
• Pages viewed and features used
• Document generation history

3. How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Generate COBRA compliance documents
• Process payments and manage subscriptions
• Send service-related communications
• Improve and optimize the Service
• Comply with legal obligations
• Detect and prevent fraud or abuse

4. Data Storage and Security

Data Storage: Your data is stored using Supabase, which employs industry-standard security measures including encryption at rest and in transit.

Security Measures: We implement appropriate technical and organizational measures to protect your data, including:

• SSL/TLS encryption for data transmission
• Encrypted database storage
• Regular security audits
• Access controls and authentication
• Regular backups

Data Retention: We retain your account information for as long as your account is active. Generated documents are retained for 7 years to assist with compliance requirements, unless you request deletion.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in these circumstances:

• Service Providers: With trusted third parties who assist in operating our Service (e.g., Stripe for payments, Supabase for data storage)
• Legal Requirements: When required by law, subpoena, or court order
• Protection of Rights: To protect our rights, property, or safety, or that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. HIPAA Compliance

While HRMAX.AI handles employee health insurance information, we are not a Covered Entity under HIPAA. However, we:

• Implement strong security measures to protect sensitive information
• Limit access to employee data on a need-to-know basis
• Will enter into Business Associate Agreements if required by our users

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Receive your data in a structured, machine-readable format
• Opt-out: Unsubscribe from non-essential communications

To exercise these rights, contact us at support@benefitmax.ai

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session
• Remember your preferences
• Analyze usage patterns
• Improve Service performance

You can control cookies through your browser settings, but disabling them may limit Service functionality.

9. Third-Party Services

Our Service integrates with:

• Stripe: For payment processing (see Stripe's privacy policy)
• Supabase: For data storage and authentication
• Vercel: For application hosting

These services have their own privacy policies governing their use of your information.

10. Data Breaches

In the event of a data breach that may compromise your personal information, we will:

• Notify affected users within 72 hours of discovery
• Provide information about the breach and potential impacts
• Offer guidance on protective measures
• Cooperate with regulatory authorities as required

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

12. International Data Transfers

Your information may be transferred to and processed in the United States. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers.

13. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising privacy rights

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

15. Contact Information

For questions about this Privacy Policy or our privacy practices, contact us at:

HRMAX.AI
Email: support@benefitmax.ai
Website: www.hrmax.ai

16. Data Protection Officer

For privacy-related inquiries, you may also contact our Data Protection Officer at: privacy@benefitmax.ai