- +1 602-737-3306
- hello@125plans.com
Effective Date: April 5, 2025
Section 125 Solutions LLC (referred to as “Company,” “we,” “us,” or “our”) operates the website www.125plans.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and protect personal and business information when you use our Site and services (collectively, the “Services”). Our Services connect businesses (employers and their authorized representatives) with third-party Section 125 plan providers. By using the Site or submitting information to us, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.
Business Use Only: Our Site and Services are intended for business use by employers and authorized representatives. They are not intended for personal, family, or household use, and not directed to minors. We do not knowingly collect information from individuals under 18 years of age, and we specifically do not knowingly collect personal information from children under 13. (See Children’s Privacy below for more information.)
We are committed to protecting your privacy and handling your personal and business information in a secure and compliant manner. This Privacy Policy covers:
Information We Collect: What personal and business data we gather and how.
How We Use Your Information: Why we collect data and how we utilize it.
Cookies and Tracking Technologies: Details on cookies, pixels, and other tracking tools we use (e.g., UTM parameters, Facebook Pixel, TikTok Pixel, Google Analytics, email tracking, AI-based print tracking).
How We Share Your Information: Who we share data with (third-party providers, service partners) and our policy on selling data.
Your Rights and Choices: Opt-out mechanisms for communications and tracking, and privacy rights under laws like CCPA and GDPR.
Data Security: How we protect your information (including our use of HIPAA-grade security practices, even though we are not a HIPAA-covered entity).
Data Retention: How long we keep your information and why.
International Transfers: What happens if you access our Services from outside the United States.
Children’s Privacy: Our policy regarding minors.
Changes and Contact: How we will notify you of changes to this Policy and how you can contact us with questions or concerns.
Please read this Privacy Policy carefully. If you have any questions, you can contact us using the information in the Contact Us section at the end of this document.
We collect both personal information and business information that you provide directly, as well as certain information automatically through your use of our Site. In this Policy, “Personal Information” means any information that identifies or relates to an identifiable individual, and “Business Information” means information about an organization or company that may not individually identify a person but is provided in the context of using our business Services. The categories of information we collect include:
When you interact with our Site (for example, by filling out forms, registering for Services, or contacting us), you may voluntarily provide us with:
Contact Details: Your name, email address, phone number, and job title or role.
Business Details: Your company or employer name, business address, industry, number of employees, and other information about your organization’s size or benefits needs.
Inquiry Information: Information you provide when requesting a quote or information about Section 125 plans – for example, details about the benefits you are interested in, your current benefit plans, or any comments/questions you submit.
Account Credentials: If our Site allows account creation, any username and password or similar security information for authentication.
Communication Content: The content of your communications with us, such as the messages you send through contact forms, emails you send, or feedback you provide. This can include any other personal or business information you choose to share in those messages.
Note: Please ensure that any personal data you provide is your own or that you have the authority to provide it. Our Services are intended for use by employers and authorized representatives; you should not submit someone else’s personal information (e.g., an employee’s name or health information) unless you are authorized to do so.
When you visit or use our Site, we automatically collect certain information about your device and usage of the Site through cookies, pixels, and other tracking technologies (see Cookies and Tracking Technologies below for more detail). This automatically collected data may include:
Device and Browser Information: Your device type (e.g., PC, tablet, phone), operating system, browser type, and browser language.
IP Address and Geolocation: Your Internet Protocol (IP) address, which may indicate general geographic location (city, state, or country).
Usage Data: Details about how you use and navigate our Site, such as the pages or screens you view, the dates/times of your visits, the referring URL or advertisement that led you to our Site, and your interactions with Site features.
Cookies and Tracking Identifiers: Unique identifiers or tracking codes we or our partners place on your device. For example, cookie IDs, advertising IDs, or pixel tags that record your activity (e.g., whether you clicked on an ad or opened an email).
Analytics Information: Data from analytics services (like Google Analytics) such as how long you stay on a page, what links you click, and conversion information (for instance, if you filled out a form after arriving from a marketing campaign).
This automatically collected information helps us understand how our Site is being used, enables us to personalize user experience, and assists in our advertising and marketing efforts (such as attributing leads to the correct advertising source). For more information, see the Cookies and Tracking Technologies section of this Policy.
In general, we collect information directly from you or automatically through your use of the Site. We do not typically obtain personal information from third-party sources without your knowledge. However, in certain cases we may receive information about you from:
Referral Partners or Direct Connections: If another website, referral service, or marketing partner directed you to our Site, they may have passed along campaign information (for example, a UTM code or referral ID) that we use to identify the marketing source. This helps with lead attribution but typically does not include your personal details beyond what you enter on our Site.
Third-Party Section 125 Providers: If you engage with a third-party plan provider through our platform, that provider may share back with us certain information needed for record-keeping or commission purposes (for example, whether you purchased a plan, the type of plan, or feedback about the lead). This information is generally about the transaction and your status as a customer, not sensitive personal data.
Public Sources and Enrichment: We do not presently enrich your data with information from data brokers or public databases. If in the future we need to verify business information (such as confirming a business address or checking business creditworthiness), we will do so in compliance with applicable laws and will update this Policy accordingly.
We treat any information obtained from third-party sources with the same respect and security as information you give us directly, and we combine it with data we have collected under this Privacy Policy.
We use the personal and business information we collect for a variety of legitimate business purposes, all aimed at operating our platform, serving our users, and improving our Services. Specifically, we may use your information in the following ways:
To Provide and Improve Our Services: We process your information to connect you with appropriate Section 125 plan providers and to facilitate the purchase of Section 125 (cafeteria) plans. For example, we use the information you submit on our forms (company size, contact info, etc.) to identify suitable third-party providers and to send your inquiry or quote request to them. We also use data to manage accounts, provide customer support, and improve the functionality and usability of our Site.
To Communicate with You: We use your contact information (email, phone number) to communicate with you about your use of the Services. This includes responding to inquiries or requests you make, sending confirmations or updates about your requests for Section 125 plans, and providing you with informational materials. We may also send you administrative messages such as changes to terms, privacy policy updates, or security notices.
For Marketing and Promotional Purposes: We may use your information to send you marketing communications about our Services or new offerings that might interest you, provided it is in a business context. For instance, if you give us your email, we might send newsletters or promotions about Section 125 plan benefits, or follow up with you about plan options. Each marketing email will include an unsubscribe link so you can opt out of future communications if you choose. We also use data (like how you interact with our Site or emails) to tailor and improve our marketing efforts.
Remarketing and Advertising: We (and our advertising partners) use cookies and tracking technologies to show you targeted advertisements on other platforms. For example, if you visit our Site or fill out a form, we might later show you ads on Facebook or TikTok related to Section 125 plans. This process, known as remarketing, uses information about your visit to trigger ads that should be relevant to you. We also use tracking data to measure the effectiveness of our ad campaigns (lead attribution). For instance, knowing which ad campaign or UTM parameter led you to our Site helps us understand our marketing ROI and optimize our advertising strategy.
Analytics and Product Development: We analyze usage data and feedback to understand how our Services are used and to improve them. For example, we might look at aggregate Site visitor trends to decide which new features to develop or what content is most helpful to users. Analytics may also help us troubleshoot problems (like a page not performing well) and enhance the user experience.
To Share with Selected Third-Party Providers: As part of our core service, we use your information to facilitate introductions to Section 125 plan providers. This means we will share certain information (such as your contact and company details, and plan requirements) with third-party benefits providers who can offer you Section 125 plans. We do this to fulfill your requests and help you obtain quotes or plan services. (More detail on this sharing is provided in How We Share Your Information below.)
Compliance with Legal Obligations: We may use and disclose your information as necessary to comply with applicable laws, regulations, and legal processes. For example, we might retain and use certain data to fulfill record-keeping obligations, tax requirements, or to respond to lawful requests by government authorities.
Protection of Rights and Interests: We may use information as needed to enforce our Terms of Service or other agreements, and to prevent, investigate, or take action regarding fraudulent or illegal activities, suspected abuse of our Services, security incidents, or violations of this Privacy Policy. This includes using data to detect security breaches or to debug and repair technical issues.
AI Use: We may use artificial intelligence (AI) tools to enhance or repurpose content that you voluntarily submit, such as turning written reviews or testimonials into video, audio, or other formats for marketing purposes.
Use of Reviews, Comments, and Internal Success Tracking: If you provide us with feedback, success stories, or comments—whether formally as a review or informally during communication—we may use that information to help us better understand how users engage with our services. This includes sharing relevant comments or performance insights internally among our team members, brokers, affiliates, or marketing personnel for the purpose of improving our services, celebrating client success, or identifying potential case study opportunities. With or without attribution, your feedback may also be adapted and used, in whole or in part, for marketing or promotional purposes in accordance with our Terms of Service.
Other Purposes (with Notice or Alignment to Terms): If we intend to use your personal information for a purpose that is materially different from those listed in this Privacy Policy or not otherwise described in our Terms of Service, we will notify you and obtain your consent where required by law. However, as noted in our Terms, if you voluntarily submit feedback, comments, testimonials, or other content, we may use, enhance, or repurpose that content for marketing, internal insights, or promotional purposes, including sharing via affiliates, brokers, and authorized representatives, without additional notice or compensation. We will continue to update this Privacy Policy as our data practices evolve and will inform you where legally required. If we intend to use your personal information for a purpose that is materially different from those listed in this Privacy Policy or not otherwise described in our Terms of Service, we will notify you and obtain your consent where required by law. However, as noted in our Terms, if you voluntarily submit feedback, comments, testimonials, or other content, we may use, enhance, or repurpose that content for marketing, internal insights, or promotional purposes, including sharing via affiliates, brokers, and authorized representatives, without additional notice or compensation.
If at any time you would like us to remove your testimonial or attributed feedback from public use, you may contact us to request removal. While we may not be able to recall content already distributed or used in paid advertising, we will make reasonable efforts to honor your request going forward.
We base our use of your information on various legal grounds, depending on the context. In most cases involving business contact data in the United States, we rely on our legitimate interests in operating and marketing our Services to businesses like yours. When we send marketing communications to individuals, we do so either with your consent (for example, if required under EU law or via opt-in) or under an applicable exception for business communications. If you are located in the European Economic Area (EEA) or a similar jurisdiction, see Your Privacy Rights below for more on the legal bases we use and your choices.
Like many online services, we use cookies and similar tracking technologies to collect information automatically from your device. These technologies help us provide our Services, analyze usage, personalize your experience, and engage in advertising and remarketing. Below is an overview of the tracking technologies we utilize and how you can control them:
Cookies: A cookie is a small text file placed on your browser or device that allows us to recognize you on future visits. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period or until deleted). Cookies help us remember your preferences, keep you logged in (if applicable), and gather analytics about your interactions. For instance, cookies enable features like remembering form field inputs or saving your site preferences. You can control or delete cookies through your browser settings. However, note that if you disable cookies entirely, some features of our Site may not function properly.
UTM Parameters: We use UTM parameters in our URLs and marketing campaigns. UTM codes are tracking tags appended to a URL (for example, utm_source, utm_campaign) that let us know how you found our Site — such as via a particular email campaign, advertisement, or partner site. When you click a link with UTM parameters, our Site records those parameters. This helps us attribute your visit or sign-up to the correct marketing effort (lead attribution). UTM tracking does not place anything on your device by itself; it works in conjunction with cookies or our own records to tie your activity to a campaign source.
Analytics (Google Analytics): We use Google Analytics to collect information about how visitors use our Site. Google Analytics uses cookies and similar technologies to gather data such as what pages users visit, how long they stay, how they got to our Site, and what they click on. This information is aggregated and does not identify you personally; it helps us understand user behavior in order to improve our Site. Google Analytics may also capture your IP address (truncated in some regions to protect privacy). Google provides an opt-out mechanism for Google Analytics – you can install the Google Analytics Opt-out Browser Add-on if you do not want your data collected by Google Analytics across all websites.
Advertising Pixels (Facebook Pixel and TikTok Pixel): We have implemented the Facebook Pixel and TikTok Pixel on our Site. These are small pieces of code provided by Facebook and TikTok that create a link between your visit to our Site and those advertising platforms. The pixels allow us to measure ad conversions (for example, to see if someone who clicked one of our ads later filled out a form on our Site) and to build custom audiences for ads (for example, to retarget visitors with relevant ads on Facebook or TikTok). These pixels may cause cookies to be set on your device or use existing cookies (such as the Facebook cookie) to identify you. The information collected (such as which pages were visited or actions taken) is transmitted to the respective platform (Facebook or TikTok), which can then match it with your user profile if you’re logged in to those services. This helps us create more effective and relevant advertising. Keep in mind that the use of data collected by these platforms is also governed by each platform’s own privacy policy. You can opt out of certain targeted advertising through your Facebook or TikTok ad settings, or via industry opt-out websites as described in Your Rights and Choices.
Email Tracking: Our communications may contain tracking technologies that let us know if and when you have opened an email or clicked a link within it. For example, we may include a tiny pixel image (clear GIF) in promotional emails or use uniquely coded links. This allows us to gauge the effectiveness of our email outreach and to tailor follow-up messages. If you prefer not to be tracked in this way, you can opt out of marketing emails altogether (each email will have an unsubscribe link), or configure your email client to block remote images (which can prevent tracking pixels from loading).
AI-Based Print Tracking: We may use advanced attribution tools, such as Hyros or Triple Whale, that employ AI-based print tracking to connect offline actions (like printing or viewing documents) with online behavior. These systems may send event data back to advertising platforms (such as Facebook, Google, or TikTok) to help train their algorithms, improve audience targeting, and enhance overall ad performance and tracking accuracy.
Your Choices for Cookies & Tracking: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed. Please note that removing or rejecting cookies could affect the availability and functionality of our Site. For advertising trackers like the Facebook or TikTok Pixel, you can use platform-specific opt-outs (adjust your Facebook ad preferences or TikTok personalization settings). Additionally, you can visit industry opt-out sites like the Network Advertising Initiative (NAI) opt-out page or the Digital Advertising Alliance (DAA) opt-out page to opt out of many third-party ad cookies (including some operated by Facebook, Google, and others). For Google Analytics, as mentioned, you can use their opt-out add-on.
We do not currently respond to “Do Not Track” (DNT) signals from web browsers, because there is not yet a consistent industry standard for handling DNT requests. If a universal standard for DNT is adopted in the future, we will update our practices and this Policy to honor such signals as required.
We understand the importance of your information and share personal data only as necessary to operate our business and provide our Services, or in other limited circumstances described below. When we do share your information, we implement appropriate safeguards and contractual protections to ensure it is handled securely and lawfully by the recipient. The types of third parties with whom we share information, and why, include:
Section 125 Plan Providers (Third-Party Partners): A core purpose of our platform is to connect you with third-party providers of Section 125 plans (cafeteria plan administrators, benefits brokers, insurance providers, or similar service providers in the employee benefits industry). When you submit information through our Site requesting a Section 125 plan or related services, we will share the relevant details with one or more trusted partner providers so that they can contact you with quotes or information. For example, if you fill out a form on 125plans.com with your company information and benefits needs, we may forward your name, business contact details, company size, and plan requirements to a Section 125 plan vendor that services your area or industry. We share this information solely to fulfill the purpose of your request – namely, to help you find and purchase the best Section 125 plan for your business. These third-party providers will use your information to provide you with their product or service information and will handle that information according to their own privacy policies. (We vet our partners for trustworthiness, but we encourage you to review any provider’s privacy policy when you engage with them.)
Service Providers (Processors): We employ other companies and individuals to perform functions on our behalf and to support our Services. This includes hosting our website servers, maintaining our IT systems, sending out emails, analyzing data, providing marketing assistance, or offering customer support. These third-party service providers (often called “data processors” under privacy laws) may have access to personal information as needed to perform their functions, but they are not permitted to use it for any independent purpose. We require that our service providers only process your data for predefined tasks and protect it in accordance with this Privacy Policy and applicable law. Examples of service providers we use include cloud hosting providers, email delivery services, analytics providers (like Google Analytics), and advertising networks (like Facebook and TikTok, who process data via our integrated pixels).
Business Transfers: If the Company (Section 125 Solutions LLC) undergoes a business transaction such as a merger, acquisition by another company, sale of all or a portion of its assets, or a financing or bankruptcy event, personal and business information we have collected may be transferred to the successor or acquiring entity as part of the transaction. For instance, if another company acquires our platform, your information would likely be one of the assets transferred. In such cases, we will ensure that the new owner is bound to respect the terms of this Privacy Policy (unless and until you are notified of changes). Similarly, during any due diligence review for a potential transaction, we might need to share some information under strict confidentiality.
Legal Compliance and Protection: We may disclose your information when we believe in good faith that such disclosure is necessary to comply with a legal obligation or request. This includes responding to subpoenas, court orders, or legal process; addressing requests from government or regulatory authorities; or exercising or defending legal claims. We may also share information if we believe it is necessary or appropriate to protect the rights, property, or safety of Section 125 Solutions LLC, our customers, or others. For example, we might share information with law enforcement or fraud prevention agencies if a user is suspected of fraud or an attack on our systems.
Affiliates: If we have affiliate companies (e.g., a parent, subsidiary, or companies under common control with Section 125 Solutions LLC), we may share your information with them, in which case we will ensure those affiliates honor this Privacy Policy. (As of the effective date, Section 125 Solutions LLC primarily operates the 125plans.com business and does not have unrelated affiliates, but this is stated for completeness should that change in the future.)
With Your Consent or At Your Direction: Apart from the cases above, we will share your personal information with third parties only if you have given consent or if you ask us to. For instance, if you request that we introduce you to a specific benefits consultant, or if you opt-in to a co-marketing program where we explicitly ask if we can share your details with another company, we will do so only with your knowledge. We may also offer integrations or links to other services (for example, if in the future our Site allows you to connect directly to a third-party benefits management platform); such transfers of information would happen only at your initiative, and we will clarify any data exchange that occurs.
No Sale of Personal Data (with Limited Exception): In general, we do NOT sell your personal information. We do not exchange your personal details with third parties for money or other valuable consideration for their independent use, which is the typical definition of a “sale” under consumer privacy laws. We do not harvest your data to sell to marketing lists, data brokers, or unaffiliated companies. However, we want to be transparent that there are limited contexts in which the sharing of personal information with a third party could be deemed a “sale” under certain laws (like the California Consumer Privacy Act, CCPA). For example, if a third-party Section 125 provider pays us a fee for referring your business once you become a paying customer of that provider, that could be interpreted as a “sale” of personal information (even though we view it as a core part of the service you requested). Additionally, should we ever decide to broaden our business model, we reserve the right to sell or rent user information in the future where permitted by law, particularly in a business-to-business context after you have converted into a paying customer of our Services. If we ever engage in such data sales, we will do so in compliance with applicable laws and will provide any required notices or opt-out opportunities. For instance, California residents would be provided the right to opt out of the sale of their personal information (see Your Privacy Rights below on how to exercise this right).
Rest assured, any sharing of data we do is primarily to serve you (e.g., connecting you with plan providers) or to run our operations with trusted vendors. We do not disclose more information than necessary for the purpose at hand.
We take the security of your personal and business information seriously. The Company has implemented a variety of administrative, technical, and physical security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include, for example:
Encryption: We use encryption protocols (such as HTTPS/TLS) to protect data transmitted between your browser and our Site. Sensitive data entered into our forms may be encrypted at rest or during transfer to our partner providers.
Access Controls: We limit access to personal information to those employees, contractors, and service providers who need it to perform their duties. All such personnel are subject to confidentiality obligations and are trained on data protection. We also employ authentication measures (like passwords and in some cases multi-factor authentication) to prevent unauthorized access to systems where personal data is stored.
Network & Application Security: Our servers are protected by firewalls and monitoring systems to guard against outside intrusion. We regularly update and patch our software and hosting environment to address security vulnerabilities. Where appropriate, we employ intrusion detection, anti-malware tools, and automated scans to detect potential threats.
Data Handling Practices: We maintain policies and procedures to prevent unauthorized access or disclosure of data. This includes secure destruction or deletion of data that we no longer need, and regular reviews of who has access to what information. If we work with third-party service providers for storage (e.g., cloud platforms), we choose reputable providers with strong security track records and contractual commitments to data security.
We strive to adhere to industry best practices for data security. In fact, we aim for “HIPAA-grade” security in our systems – meaning we endeavor to protect data with safeguards comparable to those required for sensitive health information under the Health Insurance Portability and Accountability Act (HIPAA). This includes strong encryption, rigorous access control, and careful monitoring for breaches. However, it is important to note that Section 125 Solutions LLC is not a HIPAA-covered entity. We are not a healthcare provider, health plan, or clearinghouse, and the information we handle (such as business contact information and benefits plan selections) is generally not Protected Health Information under HIPAA. Therefore, while we voluntarily employ high security standards, we are not legally bound by HIPAA regulations. We mention this to clarify that our commitment to security is proactive and not because we are under HIPAA oversight.
Despite all our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your information. In the event of a data breach or security incident, we will notify affected parties and relevant authorities as required by law, and we will take all reasonable steps to mitigate the issue. We encourage you as well to take precautions with your personal data. Use unique and strong passwords, do not share your account information, and contact us immediately if you suspect any unauthorized activity related to your information or our Services.
We will retain your personal and business information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:
If you submit an inquiry or form on our Site but do not become a customer, we will typically retain the information you provided for a period of time in our lead database. This allows us to follow up on your request, measure our business performance (e.g., conversion rates), and potentially re-contact you with relevant offers if you have not opted out. We generally will not keep such inquiry data longer than necessary – for example, if we realize you are not interested or you ask us to delete it, we will remove your contact from our active systems.
If you become a paying customer or engage in a transaction through one of our partner providers, we may retain your information for a longer period. Customer records are often kept for the duration of our business relationship with you and for a reasonable period thereafter. This is to ensure we can continue to service you, handle any post-sale support or issues, and comply with financial or legal record-keeping obligations. For instance, we might retain contract-related information or communications for a number of years to satisfy tax and accounting laws or to have an accurate history of our dealings in case of any disputes.
We also retain certain usage data as long as necessary for our internal analysis. Usage and analytics data that is not directly tied to your identity may be kept longer, or even indefinitely, as it becomes part of aggregated statistics (for example, overall website traffic trends). However, such data, when aggregated or anonymized, will not identify you personally.
Email correspondences or support inquiries may be archived for a period (which could be several years) as part of our business records. If you unsubscribe from our marketing emails, we will keep a record of your email address on a suppression list to ensure we honor your opt-out. We need to retain that suppression record indefinitely (or as required by law) to avoid accidentally emailing you again.
When we have no ongoing legitimate business need to process your personal information, we will either delete it or anonymize it so that it can no longer be associated with you. If deletion (or anonymization) is not immediately feasible (for example, because your data is stored in backup archives), we will securely store your information and isolate it from further active use until deletion is possible.
In summary, we aim to keep your data only for as long as necessary for the purposes described in this Policy or as required by law. Retention periods can vary based on context and legal obligations. If you have specific questions about our data retention practices for your personal information, you can contact us (see Contact Us below), and we will provide more detail or honor any legal rights you have to request deletion.
We respect your rights to privacy and provide you with various ways to control your information and communications. Depending on your location and applicable law, you have certain rights regarding the personal information we hold about you. Below we outline general choices available to all users of our Services, as well as additional rights specific to residents of California, the European Economic Area (EEA), and other jurisdictions.
Opt-Out of Marketing Communications: If you no longer wish to receive our newsletters or promotional emails, you may opt out at any time. The easiest way to do this is by clicking the “Unsubscribe” link at the bottom of any marketing email we send. You can also contact us directly (see Contact Us section) and request to be removed from our marketing list. Please note that even if you opt out of promotional emails, we may still send you transactional or administrative messages. For example, if you have an ongoing relationship with us or have requested information, we might send communications related to those specific services (such as a quote status update or a policy change notice), which are not promotional in nature.
Cookies & Online Tracking Choices: As detailed in Cookies and Tracking Technologies above, you have control over how cookies and trackers operate on your device. You can adjust browser settings to refuse cookies, and use available tools or plugin extensions to manage trackers (such as ad blocker or tracking blocker tools). For interest-based advertising, you can opt out of many networks via the NAI or DAA websites (links provided above). On mobile devices, you can often limit ad tracking by adjusting your device privacy settings (for example, resetting your mobile advertising ID or enabling “Limit Ad Tracking” on iOS or Android). Keep in mind that opting out of targeted advertising cookies won’t eliminate ads altogether; it just means the ads you see may be less relevant to your interests.
Do Not Sell/Share My Info: As noted, we generally do not sell personal data except in limited contexts. If you want to ensure your data is not sold or shared for valuable consideration, you can contact us to opt out of any potential “sale” or “sharing” of your personal information. This is particularly relevant for California residents (see below), but we will honor such requests from anyone, to the extent applicable. We maintain an internal list of individuals who have opted out of data sale/sharing and will refrain from engaging in any such activity for those individuals’ data, unless and until you might later request to opt back in (if ever).
Accessing, Updating, or Deleting Your Information: You can contact us at any time to request access to the personal information we hold about you. If you find that any of your details are incorrect or outdated, please let us know so we can update them. You may also request deletion of your personal data. We will review such requests and, if we have no legal or legitimate reason to retain the data, we will delete it. (If we must keep certain information for legal or internal business reasons, we will inform you and will securely isolate that data from active use.) For example, if you submitted a contact form and you want us to erase that information, we can usually comply, but if you became a customer and there are transaction records needed for accounting, we might have to retain those for a certain time while deleting other data not needed.
Objecting to Processing or Restricting Processing: If you have concerns about how we are using your data (for example, if you feel our marketing communications are too frequent or our profiling via analytics is too intrusive), you may have the right to object to certain processing or ask us to restrict processing. We will evaluate requests to restrict or cease processing on a case-by-case basis, in line with applicable laws. Generally, if you don’t want us to process your personal information for marketing, the opt-out described above is the best approach. If you have other objections (say, you believe we shouldn’t process your data based on our legitimate interest), please contact us and explain, and we will consider your request in light of your specific situation and applicable law.
If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), which grants you specific rights over your personal information (collectively, for this section, “personal information” has the definition given in the law). These rights include:
Right to Know: You have the right to request that we disclose what personal information we have collected, used, disclosed, or sold about you over the past 12 months. You may request to know: the categories of personal information collected; the categories of sources of that information; the business or commercial purpose for collecting, selling, or sharing the information; the categories of third parties with whom we share or have shared personal information; and the specific pieces of personal information we hold about you. Much of this information is provided in this Privacy Policy. To get specific details, you can make a verifiable consumer request (see How to Exercise Your Rights below).
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions. Once we verify your California request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. (Exceptions might include if the information is required to complete a transaction you requested, to detect security incidents, to comply with a legal obligation, etc., as allowed under CCPA/CPRA.)
Right to Correct: Under the CPRA, California residents also have the right to request correction of inaccurate personal information maintained by a business. If you believe any information we have about you is incorrect, let us know and, once verified, we will correct it as you direct.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. As explained earlier, we do not sell personal information in the traditional sense. We do engage in certain data sharing with third parties (like providing lead info to a partner or using advertising cookies) that could fall under the broad definitions of “sale” or “share” under California law. If you are a California resident, you can instruct us at any time not to sell or share your personal information. We will honor your request and refrain from such activity for your data. To exercise this right, you can use the “Do Not Sell or Share My Personal Information” link on our website (if available) or contact us as described below. Once we receive and verify your opt-out request, we will stop selling or sharing your personal info (unless you later give authorization to do so). If you have enabled the Global Privacy Control (GPC) signal in your browser, we also treat that as a valid opt-out of sale/sharing request for that browser (to the extent we can recognize and honor such signals).
Right to Limit Use of Sensitive Personal Information: The CPRA introduced a right to limit the use of “sensitive personal information.” We do not collect or process sensitive personal information for purposes that would trigger this right (for example, we are not using any sensitive data like social security numbers or precise geolocation in a way that is for anything beyond providing the services requested, etc.). Therefore, this right is not applicable to our operations at this time.
Right of Non-Discrimination: We will not discriminate against you for exercising any of your California privacy rights. This means we will not deny you service, charge you a different price, or provide a different level of quality because you exercised your rights under CCPA/CPRA. However, please note that if the exercise of your rights limits our ability to process your personal information (for example, if you request deletion of necessary information), we may not be able to provide you the full range of our Services (for instance, we can’t connect you with a provider if we have to delete your contact information). We will inform you if such a situation arises.
How to Exercise Your California Rights: If you are a California resident and want to exercise any of the rights described above, you may contact us by email or mail (see Contact Us section). Please clearly indicate that you are making a “CCPA/CPRA Request” and specify which right you seek to exercise (e.g., access/know, delete, correct, or opt-out of sale/sharing). We will need to verify your identity before processing certain requests, which may involve asking you to provide additional information or to log into an existing account (if applicable). For an access or deletion request, we will attempt to match the information you provide with our records (for example, verifying your name, email, and relationship with us). If necessary, we may ask for a signed declaration under penalty of perjury that you are who you claim to be. California residents can also designate an authorized agent to make requests on their behalf. If you choose to use an authorized agent, we may require proof of the agent’s authority and verification of your identity directly with you, depending on the type of request. We aim to respond to verifiable consumer requests within 45 days as required by law, or tell you if we need more time.
While our Services are primarily intended for U.S. businesses, and Section 125 plans are a U.S. tax-related benefit, we recognize that individuals from the European Economic Area (EEA), the United Kingdom (UK), or other regions may occasionally visit our Site or provide information. If you are in the EEA, UK, or Switzerland, you are entitled to rights under the General Data Protection Regulation (GDPR) or equivalent laws. These include:
Right to Access: You have the right to request a copy of the personal data we hold about you, along with information on what we use it for, how we process it, and with whom it’s shared (similar to the “right to know” described above, but under GDPR this is often called a Subject Access Request).
Right to Rectification: You have the right to request that we correct any inaccuracies in your personal data or complete any data that is incomplete.
Right to Erasure: You have the right to request deletion of your personal data (“right to be forgotten”) under certain conditions – for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent (in cases where consent was the basis of processing) and no other legal basis exists, or if you object to processing and we have no overriding legitimate grounds to continue. We will honor valid erasure requests unless an exemption applies (such as needing to keep the data to comply with a legal obligation).
Right to Restrict Processing: You can ask us to restrict (temporarily halt) the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data, or if you have objected to processing and we are evaluating your request. When processing is restricted, we will still store your data but not use it further until the issue is resolved.
Right to Data Portability: Where processing is based on your consent or the performance of a contract and carried out by automated means, you have the right to request a copy of the personal data in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller (or have us transmit it, where technically feasible). In simpler terms, you can ask for your data in a portable form to transfer to another service provider.
Right to Object: You have the right to object to our processing of your personal data when we are relying on a legitimate interest as the legal basis (including profiling based on a legitimate interest). If you object, we must stop that processing unless we have compelling legitimate grounds that override your rights, or the processing is needed for legal claims. You also have an unconditional right to object to your data being used for direct marketing purposes at any time. If you object to marketing, we will cease marketing to you (as also covered under general opt-out above).
Right to Withdraw Consent: In cases where we are processing your personal data based on your consent (for example, if we were to ask for consent for optional email newsletters or non-essential cookies when required by law), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing that occurred before the withdrawal, and it may mean we can no longer provide certain services to you.
Right to Complain: If you believe we have infringed your data protection rights or processed your data unlawfully, you have the right to lodge a complaint with a Supervisory Authority in your country of residence, place of work, or where the incident took place. In the UK, this would be the Information Commissioner’s Office (ICO); in the EU, you can contact your national Data Protection Authority.
Legal Bases for Processing (EEA/UK): Whenever we process your personal data, we do so under a legal basis as defined by the GDPR. As a quick summary, the legal bases we typically rely on are: (a) Contract: if you request services from us, we process your data to fulfill our contract or to take steps at your request before entering a contract (for example, using your details to connect you with a provider you asked for). (b) Legitimate Interests: we process data to pursue our legitimate business interests described in this Policy (such as marketing to business contacts, improving our platform, preventing fraud), except where overridden by your interests or fundamental rights. We consider that our data processing for B2B marketing and lead generation is a legitimate interest, given the context and limited personal data involved (mostly business contact info). (c) Consent: for certain activities, especially related to tracking and advertising in the EU, we may rely on your consent (for example, dropping non-essential cookies or sending certain electronic communications if required). Where we rely on consent, you will have been presented with a clear choice (like a cookie banner or sign-up form) and you can withdraw consent any time. (d) Legal Obligation: in some cases, we must process and retain data to comply with laws (accounting, tax, etc.). We will make sure to document our legal bases and honor your rights related to each basis.
Exercising Your EU/UK Rights: You can exercise any of your rights above by contacting us (see Contact Us below). We may ask you to verify your identity before fulfilling your request, to ensure we do not disclose data to the wrong person. We will respond to your requests within one month, or inform you if we need more time (we can extend by two further months for complex requests, as permitted by GDPR). Typically, we will not charge a fee for handling a rights request, unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request with explanation.
Section 125 Solutions LLC is based in the United States, and our Site is operated from the U.S. If you are accessing our Services from outside the United States, please be aware that your information will likely be transferred to, processed, and stored in the United States or other jurisdictions where we or our service providers operate. Data protection laws in these countries may not be as comprehensive or protective as those in your country of residence. For example, personal data transferred from the EU/UK to the U.S. might not benefit from the same protections as under GDPR unless specific safeguards are in place.
However, we take steps to ensure that if we transfer personal data internationally, appropriate safeguards are implemented in accordance with applicable data protection law. This may include using Standard Contractual Clauses approved by the European Commission for data transfers from the EEA, or comparable legal transfer mechanisms for other regions. By using our Site or submitting your information, you consent to the transfer of your personal data to the United States (and potentially to other countries) as described in this Policy. We will of course handle your personal information in accordance with this Privacy Policy no matter where it is processed.
If you are in a jurisdiction that requires a certain data transfer mechanism, and if we are transferring your personal data from that jurisdiction to a country deemed to have inadequate data protection, we will do so under an approved mechanism (for instance, Standard Contractual Clauses for EU personal data, or any successor arrangement like an EU-U.S. data Privacy Framework if applicable in the future). You can contact us for more information on the safeguards we have in place for international transfers or to request a copy of any relevant contractual commitments.
As noted in the Introduction, our Services are intended for use by businesses and adults. We do not target or market the Site to minors. Specifically, we do not knowingly collect any personal information from children under the age of 13. If you are under 13, please do not use our Site or send us any personal information. If you are between 13 and 18, you should only use the Site under the supervision of a parent, guardian, or authorized business supervisor, and you should not submit personal information to us without such supervision.
If we learn that we have inadvertently collected personal data from a child under 13 (or under the applicable age of consent in certain jurisdictions), we will take immediate steps to delete such information from our records. For example, if a young individual (not an employer representative) somehow submits their name and contact info, upon discovery we will erase that data. If you believe that we might have any information from or about a minor, please contact us so that we can investigate and delete it.
Furthermore, we do not sell the personal information of consumers, including minors under 16, without affirmative authorization as required by law. Since we do not knowingly collect data from minors, this situation should not arise. Our commitment is to maintain a platform and service that is child-free in terms of data collection. The Site’s content and services are all business-focused (tax-advantaged benefit plans, etc.) and not likely to appeal to children.
Parents or guardians: if you have any concerns about your child’s personal information in connection with our Services, please reach out to us (see Contact Us below), and we will promptly address your inquiry.
We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes to how we handle your personal information, we will provide you with notice in accordance with law. This may include, for example, posting a prominent notice on our Site, updating the effective date at the top of the Policy, and/or contacting you via the email address we have on file (if applicable and required) to inform you of the changes.
We encourage you to review this Privacy Policy periodically to stay informed about our data practices and the ways you can protect your privacy. Your continued use of our Site or Services after any updates to this Policy constitutes your acceptance of the changes. If you do not agree to the updated terms, you should stop using the Site and may request that we remove your personal information from our records (consistent with your rights described above).
For reference, the “Effective Date” at the top of this Policy indicates when the Policy was last revised. Prior versions of our Privacy Policy (if any) may be obtained by contacting us.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your information, please do not hesitate to contact us. We are here to help and will respond as promptly as we can.
Contact Information for Privacy Inquiries:
Section 125 Solutions LLC
Website: www.125plans.com
Email: privacy@125plans.com (for privacy questions or to exercise your rights)
Mailing Address: Section 125 Solutions LLC, Attn: Privacy Compliance
(Please contact us for our mailing address address)
You may also contact us via any contact forms on our Site or by phone if a number is provided on our website for customer service. Please direct your inquiry to the Privacy team or include “Privacy” in your communication so we can route it correctly.
We value your privacy and will do our utmost to address any issues. If you reach out to us with a privacy-related request, we may need to verify your identity for security purposes, but we will only use the information provided for verification and to fulfill your request. For further information about privacy or if you feel we have not addressed your concerns satisfactorily, you have the right to contact your local data protection authority (as mentioned above, e.g., a state authority for California or a national DPA for the EU).
Thank you for trusting Section 125 Solutions LLC with your business. We are dedicated to safeguarding your information and helping you take advantage of Section 125 plan benefits with confidence in your privacy.
602-737-3306
