Privacy Policy

1. Introduction

ESA Center ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the "Service").

By using the Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

Information You Provide

• Account information: name, email address, and password when you create an account.
• Financial information: receipt images, expense descriptions, purchase amounts, vendor names, and claim details you submit through the Service.
• Family information: student names, ages, and grade levels as needed to process ESA claims.
• Payment information: billing details processed securely through Stripe. We do not store your credit card numbers on our servers.
• Communications: messages you send to our support team.

Information Collected Automatically

• Usage data: pages visited, features used, actions taken, and timestamps.
• Device information: browser type, operating system, device type, and screen resolution.
• IP address and approximate geographic location.
• Cookies and similar technologies for session management and analytics.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including AI-powered approval predictions and description generation.
• Process your ESA reimbursement claims and track payouts.
• Process payments and manage your subscription.
• Send transactional communications (claim updates, account notifications).
• Improve the Service through aggregated, anonymized usage analysis.
• Respond to your support inquiries and provide customer service.
• Detect, prevent, and address fraud, security issues, and technical problems.
• Comply with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

• Service providers: trusted third parties that help us operate the Service (cloud hosting, payment processing, analytics). These providers are contractually obligated to protect your data.
• AI processing: receipt data and expense descriptions are sent to AI providers solely for generating predictions and suggestions. This data is not used to train AI models.
• Legal requirements: when required by law, subpoena, or government request.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users.
• With your consent: when you explicitly authorize us to share information.

5. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Secure, private cloud storage for uploaded receipts and documents.
• Access controls limiting employee access to personal data on a need-to-know basis.
• Regular security assessments and monitoring.

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion, we will delete or anonymize your personal data within 90 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes).

Uploaded receipts and documents are deleted within 30 days of account deletion.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data.
• Portability: request a machine-readable copy of your data.
• Opt-out: unsubscribe from marketing communications at any time.

To exercise any of these rights, contact us at privacy@esacenter.com. We will respond within 30 days.

8. Cookies

We use cookies and similar tracking technologies for session management, analytics, and improving your experience. You can control cookies through your browser settings, though disabling cookies may affect the functionality of the Service.

We use Google Tag Manager for analytics. For more information on how Google processes data, visit Google's Privacy Policy.

9. Children's Privacy

The Service is intended for use by parents and guardians aged 18 and older. We do not knowingly collect personal information directly from children under 13. Student information (names, ages, grade levels) is provided by parents/guardians solely for ESA claim processing.

If you believe we have collected information from a child under 13, please contact us immediately and we will delete it.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. We will notify active users of significant changes via email.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

• Email: privacy@esacenter.com
• Website: esacenter.com