Data & Privacy Policy

1. Introduction

Welcome to Bnchmrk. This Data & Privacy Policy explains how Bnchmrk, LLC ("Bnchmrk," "we," "us," or "our") collects, uses, protects, and shares information when you use our employee benefits benchmarking platform and services (collectively, the "Services").

By submitting data to Bnchmrk or using our Services, you agree to the terms of this Policy. If you do not agree, please do not submit data or use our Services.

2. What Data We Collect

2.1 Plan Design & Employer-Level Data

We collect employee benefit plan and employer-level information including:

• Plan designs and coverage details (deductibles, copays, out-of-pocket maximums, etc.)
• Premium rates and contribution structures
• Carrier and network information
• Plan documents (SPDs, SBCs, rate sheets)
• Employer information (company name, size, industry, location)

2.2 Account & Communications Data

If you create an account or communicate with us, we may collect your name, email address, company affiliation, and other information you provide to support your use of the Services.

2.3 Usage & Technical Data

Like most online services, we may collect technical and usage data (such as IP address, device/browser information, pages viewed, and access timestamps) to operate, secure, and improve the Services.

2.4 What We Do NOT Collect

Please do not submit any prohibited sensitive data. If you submit prohibited sensitive data, you agree that we may remove or delete such data (to the extent practicable), and you remain responsible for ensuring your submission complies with applicable laws and our Terms.

3. How We Use Your Data

3.1 Primary Uses

We use the data you submit to:

• Create your custom benchmark reports
• Analyze and score plan competitiveness
• Generate benchmarking insights and market intelligence
• Verify and validate plan information
• Communicate with you about your reports and the Services
• Operate, maintain, and secure the Services

3.2 Aggregate Benchmarking Database

As part of providing benchmarking services, we may add submitted plan design and employer-level data to our anonymized, aggregated benchmarking database. This data is:

• De-identified: Company-identifying information is removed as part of our aggregation process
• Aggregated: Combined with data from many other organizations to produce benchmarks
• Not sold as identifiable data: We do not sell identifiable company submissions to third parties
• Used to improve benchmarks: Helps us provide more accurate benchmarking insights to users

3.3 What We Don't Do

We will not:

• Share your identifiable company information without your explicit consent, except as described in this Policy (e.g., service providers, legal obligations)
• Sell your identifiable company submissions to third parties
• Disclose your specific plan details to other users in identifiable form

4. Data Security & Protection

4.1 Security Measures

We implement reasonable administrative, technical, and organizational measures designed to protect data submitted to the Services, including:

• Encryption: Encryption in transit (e.g., TLS) for data transfers
• Access Controls: Access limited to authorized personnel
• Secure Storage: Use of reputable cloud providers and security practices
• Ongoing Improvements: We review and improve our security practices over time

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

4.2 Data Retention

• Source Documents: We may retain source documents you upload (e.g., SPDs/SBCs/rate sheets) as needed to deliver the Services and for reasonable support, audit, and compliance purposes, unless a different retention period is agreed in writing or you request deletion (where feasible)
• Anonymized Benchmark Data: Retained indefinitely in de-identified, aggregated form
• Reports: Stored for your access per your service agreement or account status

5. Your Rights

Depending on your location and the nature of your relationship with us, you may have rights regarding certain information. You may:

• Request deletion of certain source documents after report delivery (where feasible and not required for legal or compliance purposes)
• Request corrections to inaccuracies in submitted data before report generation
• Request access to certain account information we maintain about you

For requests, contact us at privacy@bnchmrk.com.

6. Data Sharing & Disclosure

6.1 When We Share Data

We may share information in the following limited circumstances:

• Service Providers: With vendors that help us deliver the Services (subject to confidentiality and appropriate safeguards)
• Legal Obligations: When required by law, subpoena, or legal process
• Business Transfers: In connection with a merger, acquisition, financing, reorganization, or sale of assets
• Aggregated Publications: We may publish or share aggregate benchmark insights that do not identify specific companies

6.2 Payment Processing

If you purchase Services, payments may be processed by third-party payment processors (e.g., Stripe). We do not store full payment card details on our servers. Payment processors may collect and process payment information according to their own privacy policies.

7. Intellectual Property & Aggregated Insights

7.1 Ownership

All benchmark reports, methodologies, analysis frameworks, software, and aggregated insights created by Bnchmrk remain the exclusive property of Bnchmrk. You receive a limited license to use purchased reports as described in our Terms of Service or your applicable service agreement.

8. Compliance & Legal

8.1 HIPAA

Because we do not collect Protected Health Information (PHI), we are not a HIPAA-covered entity or business associate for the Services. Our Services are designed to avoid the need to process PHI by collecting only plan design and employer-level information.

8.2 State & International Privacy Laws

We will honor applicable privacy obligations based on the types of information we collect and how the Services are used. If you have questions about a specific privacy law or requirement, contact us at privacy@bnchmrk.com.

8.3 Governing Law

This Policy is governed by the laws of the State of Delaware, without regard to conflict of law provisions.

9. Updates to This Policy

We may update this Policy from time to time. We will notify you of material changes by:

• Posting the updated Policy on our website
• Updating the "Last Updated" date
• Emailing you at the address you provided (for significant changes, where appropriate)

Your continued use of our Services after changes becomes effective constitutes acceptance of the updated Policy.

10. Contact Us

If you have questions about this Policy or our data practices, contact us: