Privacy Notice Summary

We regularly review and update this Privacy Notice to ensure compliance with applicable privacy laws and accuracy of information.

At HealthEZ® we respect your right to privacy and value the trust you have placed in us. We are committed to the responsible management, use and protection of our customers’ and their members’ personal information. This following table is a summary of key provisions of our Privacy Notice (with links to details) for our services, our website(s), including as found on the myhealthez.com and healthez.com domains, and any other websites we own or license, our mobile application, and any user account (collectively our “Services”). Our Privacy Notice sets out what personal information we may collect from you or about you and how we use it.

Who are We?

We are HealthEZ (collectively with our affiliates: “HealthEZ”, “we” or “our”). HealthEZ is a Delaware limited liability company based in Minnesota that provides third party administration services to our customers (i.e., plan sponsors) for self-funded plans offered by such employers for the benefit of their employees and dependents (i.e., members). HealthEZ works with brokers, employers, members and providers to provide the Services.

Consent to Use HealthEZ® Services

By using our Services, or providing us with any information through our Services, you are consenting to the terms of this Privacy Notice regarding our collection, use, and disclosure of your Personal Information in accordance with this Privacy Notice. If you do not agree with the practices described in this Privacy Notice, please do not use our Services.

Information We Collect

We may collect information that we need to provide you or your employer (i.e., the plan sponsor) with our Services. Personal information about a member or user of our Services is “Personal Information”. We also collect technical data such as IP address, browser type, device identifiers, and usage patterns through cookies and similar technologies.

We may have access to the following information about you either through the Services (e.g., from the plan sponsor, or if we implement a user account option, through your user account):

>> Your Personal Information, including your name, address, email address, and telephone number;

>> Your Personal Information used to enroll in the plan (e.g., member identification number, names of dependents, plan number and date of birth);

>> Your financial information if we process payments from you;

>> Operational Information (defined below); and

Usage Information (defined below) which we use to assess and improve our Services.

How We Use Personal Information

Our processing is based on contractual obligations, legitimate business interests, and your consent where required by law.

We may use the information we collect about you, including Personal Information you provide to us and the Operational or Usage Information we collect about your use of our Services to:

>> Establish, authenticate or confirm your identity to use your user account;

>> Personalize and enhance your experience using our Services;

>> Provide our Services to you (as further defined below);

>> Deliver content we think may be of interest to you;

>> Process your requests;

>> Assess, enhance and improve our Services, and/or develop new services, or for customer support;

>> Perform data analytics;

>> Communicate with you (via email, text, phone, or mail) either directly or indirectly through our Third Party Provider(s) to send you special offers, discounts or marketing information related to our Services, our affiliates or our business partners; and

Take any action we believe necessary or appropriate to comply with law, provide our Services including with related parties (i.e., plan sponsor, brokers, members and providers), and to protect our rights (including investigating unauthorized activity).

How We Share Personal Information

We may share your data with the following third parties:

>> The health care provider you may designate as having a right to receive your Personal Information;

>> Any of our authorized Third Party Providers who need to have access to your information in order for us to provide you with our Services and/or for marketing or analytics purposes; and

>> Any regulators, law enforcement or emergency services if we are legally obliged to do so.

We do not sell or share your Personal Information with any unaffiliated third party for their marketing purposes. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other privacy and security commitments in this Privacy Policy apply to SMS subscriber data.

Your Rights

>> Your right to Access – means that you can ask us for a copy of all Personal Information we hold about you.

>> Your right to Correct – if you believe that any of the Personal Information we hold about you is incorrect or out of date, you have the right to correct such Personal Information by providing us with the correct up-to-date Personal Information.

>> Right to Erasure – you can ask us to delete the incorrect or out-of-date Personal Information and we will be happy to do so unless we are prevented from doing so by law or regulation. In certain circumstances you may also have the right to ask us to erase your Personal Information. For example, if you no longer wish to use our Services.

Right to Portability – you have the right to request that a copy of your Personal Information is provided to you or to such other third party as you specify in a commonly used and machine-readable format for any Personal Information we may have collected.

Communications with You

When you registered for our Services and opened a user account, you expressly opted into our right to communicate with you by email, mail, phone, text and/or chat. You may subsequently opt out of receiving communications from us by certain methods (e.g., utilizing the unsubscribe option found in the footer of each email, not selecting our chat function, etc.). In addition, you may request to opt out of all marketing materials by contacting us.

Our Data Security

>> Encryption in Transit: All data transmitted through our Services is protected using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption.

>> Secure Storage: Personal Information is stored on secure servers located in the United States, unless otherwise required to support service delivery.

>> Administrative, Technical & Physical Controls: We employ strict access controls, monitoring, and operational procedures designed to prevent unauthorized access, disclosure, alteration, or misuse of your Personal Information.

>> Access Restrictions: Only authorized personnel who require access to perform their job duties, support your account, improve our Services, or meet legal obligations are permitted to handle your Personal Information.

Data Retention

>> Service-Driven Retention: Personal Information is maintained as long as your account is active or as needed to support ongoing service delivery.

>> Legal & Contractual Requirements: Certain information may be retained beyond your request for deletion if required to comply with law, system integrity needs, audit requirements, or obligations to our clients (such as plan sponsors).

>> User-Initiated Deletion: You may request deletion of your Personal Information at any time. Deleting your Personal Information may limit or disable your ability to use the Services and will result in the deactivation of your user account.

>> Good-Faith Efforts to Remove Data: When a deletion request is received, we will take all reasonable steps to remove personally identifiable information from our active systems, subject to exceptions noted above.

Children’s Online Privacy Protection Act

In compliance with the Children’s Online Privacy Protection Act, 15 U.S.C. § 6501.06 and 16 C.F.R. §§ 312.1 – 312.12, we do not knowingly collect information from children under the age of 13, nor do our website(s) target children under the age of 13. By using our Services and any associated user account, you represent that you are not younger than 13. Notwithstanding the foregoing, we acknowledge that you may provide us with information about a dependent who may be a child under the age of 13 and you consent that you have the legal right to provide their information through our Services. Please contact us if you believe we have collected information directly from a child under the age of 13.

Substance Use Disorder (SUD) Records

Contact Us

HealthEZ

Email:          service@healthez.com

Telephone:  952-896-1200

We may modify, alter or update our Privacy Notice at any time, so we encourage you to review our Privacy Notice frequently. We will not provide individual notice to you of changes to our Privacy Notice, but when we make updates to our Privacy Notice, we will update the date in this section.

Last Revised: February 16, 2026

Copyright © 2025 by HealthEZ®. All rights reserved.