Privacy Policy

Last updated: March 30, 2026

1. Introduction

BenefitsSafe ("we," "our," or "us") is a grant disbursement platform that helps nonprofit organizations manage restricted funds on behalf of beneficiaries receiving SSI, SSDI, Medicaid, and Medi-Cal benefits. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

Account Information: Name, email address, organization name, EIN (Employer Identification Number), and role within your organization.

Authentication Data: We use Google OAuth and email/password authentication. We do not store your Google password.

Financial Data: Grant amounts, expense records, vendor payment information, and virtual card transaction data. All financial data is encrypted at rest and in transit.

Beneficiary Data: First name, last name, date of birth, benefit program enrollment status (SSI, SSDI, Medi-Cal). We store only the last 4 digits of Social Security Numbers.

Usage Data: Log data, device information, and analytics to improve our platform.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the BenefitsSafe platform
  • Process grant disbursements and expense approvals
  • Verify nonprofit status through EIN verification
  • Ensure compliance with SSI, SSDI, and Medicaid regulations
  • Issue and manage virtual payment cards via Stripe
  • Generate financial reports and audit trails
  • Send notifications about account activity
  • Prevent fraud and unauthorized access

4. Data Protection

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA/2FA)
  • Role-based access control (RBAC) with 12 distinct user roles
  • Immutable audit logs for all financial transactions
  • Regular security assessments and monitoring via Sentry
  • AWS infrastructure with SOC 2 compliance

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe: For payment processing and virtual card issuance
  • Amazon Web Services (AWS): For secure data storage and hosting
  • Your Organization: Admins within your nonprofit can view data related to their organization
  • Legal Requirements: When required by law, regulation, or legal process

6. Your Rights

Under CCPA/CPRA and applicable privacy laws, you have the right to:

  • Access your personal information
  • Request deletion of your data
  • Opt out of data sharing
  • Request a copy of your data in a portable format
  • Correct inaccurate personal information

To exercise these rights, contact us at privacy@benefitssafe.com.

7. Data Retention

We retain financial records and audit logs for a minimum of 7 years as required by IRS regulations for nonprofit organizations. Account data is retained for the duration of your account plus 30 days after deletion request. Beneficiary data follows HIPAA-aligned retention policies.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

BenefitsSafe is not intended for use by individuals under 18. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or platform notification.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

BenefitsSafe
Email: privacy@benefitssafe.com
Website: https://benefitssafe.com