Privacy Policy

Who Are We?

The name of our company is Masthead, Inc. d/b/a Sail, a Delaware corporation ("Sail," "we," "us," "our"). Our company provides a service that enables users to log in to multiple merchants that carry potentially HSA/FSA eligible items, surface what purchases are eligible for reimbursement, and then initiate a reimbursement through Sail's service.

What Is This?

This is a privacy policy, and the reason we have it is to tell you how we collect, manage, store, and use your information. Just so we're clear, whenever we say "we," "us," "our," or "ourselves", we're talking about Sail, Inc. and whenever we say "you" or "your," we're talking about the person who has decided to use our services. When we talk about our services, we mean our platform, websites, or apps; or any features, products, graphics, text, images, photos, audio, video, or similar things we use (collectively, "Services").

Why Are We Showing You This?

We value and respect your privacy. That is why we strive to only use your information when we think that doing so improves your experience in using our Services and is necessary for the provision of those Services. If you feel that we could improve in this mission in any way, or if you have a complaint or concern, please let us know by sending us your feedback to the following email address: [email protected]. Our goal is to be as transparent and open about our use of information and data as possible.

This privacy policy should be read along with, and is incorporated into, our Terms of Use, posted at https://app.savewithsail.com/terms-of-service . Any capitalized terms not defined here are defined in the Terms of Use.

1. Information Collection and Use

In using the Services, you will be asked to provide us with, and we will collect, a variety of information—some of which can personally identify you ("Personally Identifiable Information" or "PII") and some that cannot. We may collect, store, and share this personal information with third parties, but only in the ways we explain in this policy.

Personally Identifiable Information: How we collect it.

Information you provide us or your employer/carrier provides us:

  • Your name, email address, and phone number. Basic user information such as name and email address may be provided by an employer or carrier to set up an account for you.
  • Bank log-in information (e.g., username, password, security tokens) needed to retrieve bank transactions and balances.
  • Merchant log-in information (e.g., username, password) to retrieve retail order history.
  • Any other information you provide through our Services or when you contact us for support.

Information collected automatically:

  • Usage data generated from your interaction with our Services, such as the times and dates of your log-ins, the pages you visit, or features you use.
  • We use strictly necessary cookies, for example, for authentication and to track authenticated user sessions.

Information collected from third parties:

The only data Sail collects about its users from third parties is the data Sail collects from users' connected merchants (transaction and order history) and banks (transaction and balance information) via accounts that users have explicitly connected from within the application.

Personally Identifiable Information: How we use it.

To provide, operate, and maintain our Services, including:

  • For identification purposes and to manage your account.
  • To allow you to log in to the Services and your connected merchant and bank accounts.
  • For the adjudication of HSA/FSA deduction eligibility.
  • To facilitate reimbursements chosen by you.
  • To allow you to view your HSA/FSA account information (balance and transactions).
  • To improve, personalize, and expand our Services.
  • To understand and analyze how you use our Services.
  • To develop new products, services, features, and functionality.
  • To communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes (e.g., Sail may use users' information to market products and services to them from within the application, to the extent allowable by law). Sail may send notifications to users' email accounts.
  • To process your transactions.
  • To find and prevent fraud.
  • For compliance purposes, including enforcing our Terms of Use, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

2. Who We Share Your Information With and Why

Sail only shares Personally Identifiable Information (PII) with the following third parties and for the following reasons:

Retailers:

Your merchant log-in information is transmitted to retailers (e.g., CVS, Walgreens) to enable logging in to your accounts and collecting your order histories. This is done via secure connections at your direction when you connect a merchant account.

Open Banking Providers:

Your bank log-in information is transmitted to open banking providers (e.g., Yodlee, MX) to enable logging in to your bank accounts, collecting your transaction history, and viewing balance information. This is done via secure connections at your direction when you connect a bank account.

Service Providers:

We may share your information with third-party vendors and service providers that perform services for us or on our behalf, such as hosting, data analysis, payment processing (for reimbursement fees, if applicable), customer service, and email delivery. These third parties are authorized to use your PII only as necessary to provide these services to us.

Your Employer/Plan Administrator:

If your access to Sail is provided through your employer or as part of an employee benefit plan, we may share certain information with your employer or plan administrator as necessary for them to administer the benefit, for billing purposes, or as otherwise agreed.

Legal Requirements:

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Sail, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

Business Transfers:

If Sail is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.

Important Note: PII is required for Sail to connect you to your accounts to accurately process what orders and expenses are eligible for HSA/FSA reimbursement. Sail stores your information and links your information to your merchant orders so you can review your expenses and receive reimbursements. Users cannot share information publicly through Sail, and Sail does not use your data for advertising outside of Sail. Users cannot message other users or share content with other users via Sail.

3. How Long We Keep Your Information

Sail stores the Personally Identifiable Information (PII) of its users for so long as they maintain their accounts with Sail, and for a reasonable period thereafter as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

4. Where We Keep and Transfer Your Information

All of Sail's data is stored in the USA. Your information, including PII, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including PII, to the United States and process it there.

5. Protecting Your Information

Sail takes reasonable and appropriate measures to protect your Personally Identifiable Information (PII) from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption:

Sail uses encryption for data both in rest and in transit (e.g., via SSL/TLS).

Two-Factor Authentication:

Sail requires two-factor authentication for user accounts.

Access Controls:

Sail maintains strict access controls for accessing its databases.

Secure Connections:

PII is transmitted to third-party retailers and open banking providers via secure connections.

Security Note: While we strive to use commercially acceptable means to protect your PII, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. Your Data Protection Rights

Depending on your location and subject to applicable law, you may have certain rights regarding your Personally Identifiable Information (PII). These may include the right to access, correct, update, or request deletion of your PII. If you wish to exercise any of these rights, please contact us at [email protected]. We will respond to your request in accordance with applicable law.

7. Cookies and Tracking Technologies

Sail uses only strictly necessary cookies, for example, for authentication and to maintain your session. Sail does not use optional cookies for tracking or advertising. Accordingly, Sail does not have a cookie policy that allows users to opt out of non-essential cookies as no non-essential cookies are used.

8. Do Not Track Signals

Sail does not currently respond to "Do Not Track" (DNT) signals from web browsers or mobile devices. However, Sail does not track its users' online activities over time and across third-party websites or online services outside of its platform.

9. No Use by Minors

The Services are not intended for or directed to individuals under the age of 18. Sail does not intend to and does not knowingly collect PII from individuals under 18 years of age. If we learn we have collected PII from a child under 18, we will take steps to delete such information from our files as soon as possible. If you are a parent or guardian and believe your child has provided us with PII without your consent, please contact us at [email protected].

10. Sensitive Data

Sail does not collect any data that is intended to reveal anything about a user's race; ethnicity; political, religious, or philosophical beliefs; trade union memberships; health (other than as it relates to HSA/FSA eligible items as determined from purchase data); disability status; sexual activity; or sexual orientation.

11. Changes to This Privacy Policy

Our business and the services we provide are constantly evolving. We may change our privacy policy at any time. If we make material changes to this Privacy Policy, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on our Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. We will not reduce your rights under this policy without your consent.

12. Questions and Concerns

We respect the rights of all of our users. If you have any questions or concerns about this Privacy Policy or our data practices, or if you would like to assert any of your rights, please contact us at: [email protected].

Thank you for taking the time to read our Privacy Policy. We are committed to protecting your privacy and being transparent about our data practices.

© Sail 2026. All rights reserved.

Terms of ServicePrivacy Policy