Security

At Frontier HSA, we are committed to providing a secure and trustworthy platform for managing your health spending accounts. We understand the sensitivity of your personal, business, and financial data and employ multiple layers of security, leveraging industry best practices.

Our security posture is built into our architecture and processes to protect your data throughout its lifecycle with us.

Privacy and Data Protection

Protecting your privacy is fundamental to our service.

  • Limited Data Collection: We strive to collect only the personal information necessary to establish and administer your HSA account, process claims, facilitate payments, and meet legal and regulatory requirements.
  • Defined Use and Disclosure: Your personal information is used solely for the purposes outlined in our Privacy Policy, primarily related to providing and improving our HSA services. Disclosure to third parties occurs only with your express or reasonably implied consent, or when legally required.
  • Consent Management: We utilize mechanisms, including a website cookie consent banner and clear communication, to obtain your consent for the collection and processing of your information.
  • Data Retention: Personal information is retained only as long as necessary for the fulfillment of stated purposes or as required by law (e.g., tax regulations). When data is no longer needed, it is securely destroyed.
  • User Rights: You have the right to access, challenge the accuracy and completeness of, and request updates to your personal information.

Frontier HSA Platform Securement

Our platform is built with security in mind, protecting your data from the moment you interact with us.

  • Secure Authentication: We use Clerk, a leading authentication provider, to handle user logins and account management. Clerk employs strong security measures for user identity verification, and password management.
  • Role-Based Access Control: Our system enforces strict access controls based on user roles. This ensures that administrators can manage company-wide settings and employee data, while employees can only access their own claims and personal information, preventing unauthorized data exposure.
  • Secure Connections: All communication between your web browser or mobile app and our backend API uses HTTPS/SSL encryption (TLS). This protects data from being intercepted or tampered with during transmission over the internet.

Infrastructure Safeguards

The underlying infrastructure supporting Frontier HSA is designed to be robust and secure.

  • Application-Level Data Encryption: We employ a application-level encryption strategy for your sensitive bank account details directly within our application code before storing them in the database.
  • Cloud Hosting Security: Our applications (API, web, workflows) are hosted on the secure cloud platform Fly.io. Fly.io offers built-in infrastructure security, including physical security of data centers, network security, and regular system patching and updates.
  • Secure Workflow Orchestration: We use Temporal to manage our background workflows (like processing funding and payouts). Temporal provides a secure and reliable way to orchestrate complex processes, ensuring that sensitive operations are executed correctly and transactionally, reducing the risk of errors or inconsistencies that could expose data.

Security Posture Maintenance

Maintaining security is an ongoing process.

  • Continuous Integration: Our CI pipeline automatically runs code quality, type checking, and tests on every code change, providing continuous feedback on the health and security of the codebase.
  • Monitoring and Logging: Our API includes basic health check endpoints and custom error logging. While not a full-fledged security monitoring system, it provides visibility into application health and potential issues.
  • Regular Review: Our Privacy Policy is reviewed annually. While code reviews aren't explicitly detailed, they are a standard practice in collaborative development.

In Summary

At Frontier HSA, security is a core consideration in how we build and operate our platform. By combining secure account management, robust data encryption at the application level using AWS KMS, secure infrastructure, reliable workflow orchestration, and disciplined development practices, we aim to provide a secure environment for your Health Spending Account.

We are committed to continuously reviewing and enhancing our security measures to protect your information effectively.