Privacy Policy

Last Updated: November 12, 2025

1. Introduction

Can I Use My FSA ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, display name, password (encrypted)
  • Preferences: Email cadence, category interests, newsletter subscriptions
  • Community Submissions: Item submissions, descriptions, sources, and related content

2.2 Information Collected Automatically

  • Usage Data: Search queries, pages visited, time spent on pages, click data
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Cookies and Similar Technologies: We use cookies to enhance user experience (see Cookie Policy section)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your search queries and provide eligibility information
  • Send you newsletters and updates (with your consent)
  • Respond to your comments, questions, and requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and fraudulent activity
  • Comply with legal obligations

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., newsletters)
  • Contract: Processing is necessary for a contract we have with you
  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving the Service)
  • Legal Obligation: Processing is necessary to comply with the law

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service Providers: Firebase (Google), Brevo (email), Vertex AI (Google), Sentry (error tracking)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with any merger, sale, or acquisition

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specifically:

  • Account data: Until you delete your account
  • Search history: Last 20 searches, or until you clear it
  • Cached search results: 24 hours
  • Analytics data: Aggregated, up to 2 years

7. Your Privacy Rights

7.1 All Users

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Opt-out of marketing communications
  • Disable cookies

7.2 GDPR Rights (EEA Users)

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

7.3 CCPA/CPRA Rights (California Users)

  • Right to know what personal information is collected
  • Right to know if personal information is sold or shared
  • Right to opt-out of sale/sharing
  • Right to deletion
  • Right to correct inaccurate information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination

To exercise these rights, contact us at: privacy@caniusemyfsa.com

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. You can manage cookie preferences through our Cookie Settings.

  • Essential Cookies: Required for the Service to function
  • Analytics Cookies: Help us understand how you use the Service (requires consent)
  • Advertising Cookies: Used for Google AdSense (requires consent)

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of passwords using industry-standard hashing
  • Regular security assessments
  • Access controls and authentication
  • Monitoring and logging of security events

10. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

12. Third-Party Services

Our Service uses third-party services:

  • Firebase (Google): Authentication, database, hosting
  • Google Vertex AI: AI-powered eligibility analysis
  • Brevo: Email delivery
  • Google AdSense: Advertisements
  • Sentry: Error tracking

These services have their own privacy policies. We encourage you to review them.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date.

14. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

Email: privacy@caniusemyfsa.com

California Privacy Notice

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not sell your personal information. For more information about your rights or to submit a request, please contact us at the email address above.