Health Savings Account Privacy Information

This document supplements the HealthEquity, Inc. (“HealthEquity”, “we”, “our”, “us”) General Privacy Notice and only applies to health savings accounts (“HSA”), including the web-only HSA investment advisor services offered by HealthEquity Advisors, LLC (“HEA”), a wholly owned subsidiary of HealthEquity, Inc. If you are a HEA client, information about you may be collected, used, and disclosed by HEA and its affiliates in connection with the services HEA provides to you.

Your HSA is a custodial account subject to the privacy and security protections of the Gramm-Leach-Bliley Act (“GLBA”). A copy of the https://resources.healthequity.com/forms/agreements/healthequity_custodial_agreement.pdf is available online for your review.

GLBA Notice of Privacy Practices

The GLBA Privacy Rule defines nonpublic personal information (“NPI”) broadly. NPI includes names, addresses, phone numbers, Social Security numbers, income, credit scores, transaction information, cookies, and similar data related to your HSA.

When you open an HSA with us, we collect personal information about you, such as your name, address, phone number, Social Security number, email, employer name, date of birth, driver’s license number, and beneficiary information. We also collect information from credit reporting agencies, your employer or health plan, and other sources that help us serve your account.

We may disclose NPI to our affiliated companies and to nonaffiliated third parties as permitted by law. Our GLBA Privacy Notice describes our full privacy practices in detail.

HSA Data Sharing Practices

In addition to the disclosures described in our GLBA Privacy Notice, HealthEquity may share your HSA information with third parties under the following circumstances:

Employer, Health Plan, or Insurance Company Disclosures

We may disclose HSA information, including personally identifiable information, to your Agent (employer, health plan, or insurance company) as permitted under your HSA Custodial Agreement. SEC rules compliance monitoring is conducted, and opt-out is available by contacting Member Services.

SSO or Links to Other Websites

We may provide single sign-on (“SSO”) capability to partner websites. When you follow a link to leave our site, you are subject to the privacy practices of those third-party sites. HealthEquity is not responsible for the privacy practices or content of these websites.

Data Sharing Arrangements

HealthEquity has enabled functionality for viewing HSA information on certain third-party websites. These arrangements allow you to access your HSA data through trusted partner platforms.

Integrated Claims

If you authorize disclosure of HIPAA-protected health information (“PHI”) to your HSA for tax recordkeeping purposes, that information is no longer subject to HIPAA protections once transferred to your HSA. It then becomes financial data subject to GLBA protections.

Contact Information

If you have questions about our HSA privacy practices, you may contact us at:

Phone: 1-866-629-6347 or 1-801-727-1000

Email: Privacy@healthequity.com

Effective Date

This supplement was last updated in April 2025.

For more information about our overall privacy practices, please see our General Privacy Notice.