Privacy Policy

Last updated: 26 July 2025

Introduction

This Privacy Policy explains how our store (“we,” “us,” or “our”) collects, uses, and shares personal information when you visit or make a purchase from our website. Federal and state laws require online merchants to publish a privacy policy describing how data is collected and used. We also take seriously our obligations under U.S. privacy laws, the California Consumer Privacy Act (CCPA/CPRA), the General Data Protection Regulation (GDPR) (where applicable), and other data‑protection laws. By using our site, you consent to the data practices described in this policy.

Information We Collect

We collect information that you provide directly to us and information automatically collected when you interact with our store.

• Personal and Contact Information – When you purchase something from our store or create an account, we collect information such as your name, billing and shipping address, email address, phone number and any other details necessary to process your order. This is similar to other e‑commerce stores that collect name, address and email as part of the buying and selling process.
  
  
• Payment Information – If you choose to pay via credit/debit card, HSA or FSA card, Shop Pay, or other payment methods, our payment processors collect your payment details. We do not handle or store full payment card numbers ourselves. Shopify’s payment gateways are PCI DSS compliant, meaning they meet industry standards for the secure handling of payment information.
  
  
• Device and Usage Information – When you browse our store, we automatically receive information about your device (such as IP address, browser type and operating system) to help us understand your visit. We use cookies and similar technologies to track your session, maintain your shopping cart and collect analytics (see Section 6 for more details).
  
  
• Marketing Information – If you opt in to receive marketing communications (e.g., newsletters or promotional emails), we collect your email address and preferences. You can withdraw consent at any time.
  
  
• Limited Health‑Related Information – We sell products that are eligible for purchase with health savings accounts (HSAs) or flexible spending accounts (FSAs). We do not collect medical diagnoses or treatment information and are not a covered entity under HIPAA. We may collect general eligibility information (for example, whether a product is covered by your HSA/FSA) but we do not store protected health information (PHI) as defined by HIPAA. Because the Federal Trade Commission’s Health Breach Notification Rule applies to vendors of personal health records, entities that collect PHR identifiable health information must notify individuals of breaches; since our store does not offer personal health records, this rule typically does not apply, but if we ever collect such data, we will comply.
  
  

How We Use Your Information

We use the information we collect for the following purposes:

• To Process and Fulfill Orders. We use your personal and payment information to process payments, arrange shipping, send order confirmations and invoices, and deliver products to you.
  
• To Communicate With You. We may use your email to send order updates, respond to inquiries, and provide customer support. If you opt in, we send marketing communications about new products or promotions; you may unsubscribe at any time.
  
  
• To Operate, Maintain and Improve Our Site. Device and usage information helps us analyze performance, troubleshoot issues, and develop new features.
  
  
• For Legal and Security Requirements. We may use your information to comply with applicable laws, respond to legal requests, enforce our terms of service, or investigate potential violations (e.g., suspected fraud or misuse). For example, the FTC’s Children’s Online Privacy Protection Act (COPPA) prohibits tracking data from children under 13. We do not knowingly collect information from children; see Section 8 below.
  
  
• To Protect Our Rights and the Rights of Others. We may share information to detect and prevent fraud, to protect our customers and our business, or to address threats to safety.
  
  

How We Share Information

We do not sell your personal information. We share data only as necessary to operate our business:

• Shopify and Payment Processors. Our store is hosted on Shopify Inc., which provides the e‑commerce platform that allows us to sell our products. Your data is stored through Shopify’s secure servers and databases. When you complete a purchase, payment processors adhere to PCI‑DSS standards to ensure secure handling of payment information. We share only the information needed to process your payment.
  
  
• Third‑Party Service Providers. We may use third‑party companies to help us with shipping, marketing, analytics or website functionality. These providers receive only the information necessary to perform their services and are contractually obligated to protect your data. If third‑party providers are located in another jurisdiction, your information may be subject to local laws.
  
  
• Legal Obligations and Business Transfers. We may disclose your information if required by law or in response to legal requests, or if our business is involved in a merger, acquisition or asset sale.
  
  

International Transfers

We are based in the United States, but some service providers may operate in other countries. When your information is transferred across borders, we rely on lawful data‑transfer mechanisms (such as the standard contractual clauses or equivalent measures under the GDPR) to protect your data.

Cookies and Tracking Technologies

Cookies are small text files that your browser stores on your device. We use cookies to remember your session, store your cart and track website analytics. For example, Shopify cookies like _session_id and _secure_session_id allow the platform to store information about your session and keep your cart persistent. You may adjust your browser settings to refuse cookies or notify you when cookies are set; however, some features of our site may not function properly without them.

Data Security

We follow reasonable administrative, technical and physical security measures to protect your personal information from unauthorized access, loss, misuse, disclosure, alteration or destruction. When you provide payment information, it is encrypted using Secure Socket Layer (SSL) technology and stored with AES‑256 encryption. While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet or electronic storage is 100 % secure.

Age Restrictions and Children’s Privacy

Our products and services are intended for adults. By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority and have given consent for any minors to use this site. We do not knowingly collect or solicit personal information from children under 13, and we do not direct our marketing to children. If we learn that a child under 13 has provided us with personal information, we will promptly delete it.

Your Rights and Choices

Depending on your jurisdiction, you may have rights over your personal information, such as:

• Access and Portability: Request a copy of the personal information we hold about you.
  
  
• Correction: Request that we correct or update inaccurate or incomplete personal information.
  
  
• Deletion: Request deletion of your personal data, subject to certain exceptions (e.g., if we must keep it for legal compliance).
  
  
• Opt‑Out of Marketing: Opt out of marketing communications at any time by following the unsubscribe instructions or contacting us.
  
  
• Do Not Track / Opt‑Out of Sale: We do not sell personal information. If you reside in California, you may use the “Do Not Sell or Share” link if applicable.
  
  

To exercise these rights, please contact us using the details in Section 12 below. We may ask you to verify your identity before responding to your request.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. When we no longer need your information, we will securely delete or anonymize it.

Changes to This Privacy Policy

We may modify this Privacy Policy at any time. Changes will take effect immediately upon posting on this page. If we make material changes, we will update the “Last updated” date and may provide additional notice (e.g., via email). Your continued use of our site constitutes acceptance of the revised policy.

Contact Us

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or would like to withdraw consent, you can contact us by email at hsaandfsashop@thinkdiscountllc.com or by mail at:

HSA and FSA Shop (by Think Discount, LLC)
23092 Alder Ln SE
Black Diamond, WA 98010
United States

Email: hsaandfsashop@thinkdiscountllc.com