Skip to main content
Legal

Privacy Policy

& HIPAA Notice of Privacy Practices

Last Updated: April 14, 2026  |  Effective Date: April 14, 2026

NOTICE: This document serves as both our general Privacy Policy and our HIPAA Notice of Privacy Practices (“NPP”) as required by 45 C.F.R. § 164.520. This notice describes how medical and personal information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

1. Who We Are

BenTrustCo LLC (“BenTrustCo,” “we,” “us,” or “our”) is a HIPAA-compliant digital concierge service that assists beneficiaries and authorized representatives in managing post-loss administrative tasks. In the context of HIPAA, BenTrustCo operates primarily as a Business Associate to individuals and, where applicable, to Covered Entities.

Privacy Officer Contact:
Email: privacy@bentrustco.com

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, phone number, mailing address, date of birth
  • Authentication credentials: Password (stored as a salted cryptographic hash — never in plaintext)
  • Claim information: Information about the deceased individual including name, Social Security Number (if provided), date of death, and relationship to you
  • Platform credentials: Account numbers, usernames, and access credentials for insurance companies, financial institutions, and other service providers you authorize us to contact on your behalf. These are stored with encryption.
  • Documents: Death certificates, insurance policies, identification documents, financial statements, and other supporting documentation you upload
  • Communications: Messages you send through our platform

2.2 Protected Health Information (PHI)

In the course of providing our Services, we may receive, maintain, or transmit Protected Health Information (“PHI”) as defined under HIPAA. This may include information about the health status or health history of deceased individuals that is relevant to insurance claims processing. We treat all such information with the highest level of protection required by HIPAA and the HITECH Act.

2.3 Automatically Collected Information

  • IP address, browser type, device type, and operating system
  • Pages visited, time spent, and navigation paths (via server logs)
  • Session tokens and authentication cookies

We do not use third-party advertising trackers or sell your data to data brokers.

3. How We Use Your Information

3.1 To Provide Services

  • Processing and filing insurance claims on your behalf
  • Communicating with insurance carriers, funeral homes, financial institutions, and utility providers
  • Coordinating document submission and verification
  • Tracking and updating claim status
  • Storing and managing your uploaded documents
  • Facilitating communication between you and our team

3.2 Permitted Uses Under HIPAA

To the extent we handle PHI, we may use or disclose it:

  • Treatment, Payment, and Operations (TPO): PHI may be disclosed to facilitate payment of life insurance claims and funeral expenses
  • As required by law: We will disclose PHI when legally required to do so, such as by court order or governmental inquiry
  • Business Associates: We may share PHI with authorized subcontractors (see Section 7) under BAA agreements

We will not use or disclose PHI for marketing purposes, will not sell PHI, and will not use PHI in a manner not described in this Notice without your written authorization.

4. How We Share Your Information

We do not sell your personal information. We share information only as follows:

  • At Your Direction: Insurance carriers, funeral homes, financial institutions, and other third parties you specifically authorize us to contact
  • Service Providers (Subprocessors): Technology vendors under strict contractual obligations. See our Subprocessors page.
  • Legal Requirements: When required by law, court order, or governmental authority
  • Safety: To protect the vital interests of you or another person
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations

5. Your Rights Under HIPAA

Right of Access

You have the right to inspect and receive a copy of your PHI. Requests will be fulfilled within thirty (30) days.

Right to Amend

You may request amendments to your PHI if you believe it is incorrect or incomplete. We will respond within sixty (60) days.

Right to Accounting of Disclosures

You have the right to receive a list of disclosures of your PHI made in the six (6) years prior to your request.

Right to Restrict

You may request restrictions on how we use or disclose your PHI.

Right to Confidential Communications

You may request that we communicate with you about your PHI in a specific way or at a specific location.

Right to Data Portability

You may request an export of your personal data in a machine-readable format. Contact privacy@bentrustco.com.

6. Data Security

  • Encryption at rest: AES-256 for all stored data
  • Encryption in transit: TLS 1.3 for all data transmission
  • Access controls: Role-based access; principle of least privilege
  • Authentication: Passwords stored as bcrypt hashes; never in plaintext
  • Audit logging: All access to PHI is logged and monitored
  • Incident response: Breach notification per HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400-414)

7. Subprocessors

All subprocessors with access to PHI have executed Business Associate Agreements. See our Subprocessors page for the complete list.

8. Data Retention

  • Active accounts: Duration of account and six (6) years thereafter
  • Claims records: Seven (7) years from claim closure
  • PHI: Six (6) years from creation or last effect (45 C.F.R. § 164.530(j))

9. How to File a Complaint

  • With BenTrustCo: Email privacy@bentrustco.com. We will not retaliate against you for filing a complaint.
  • With HHS/OCR: U.S. Department of Health and Human Services, Office for Civil Rights. Toll-free: 1-877-696-6775. Website: www.hhs.gov/ocr.

10. Contact Us

BenTrustCo Privacy Officer

privacy@bentrustco.com