Security
You can count on us to keep your data secure.
We take the protection of your employees’ personal information very seriously. That’s why we’ve implemented state-of-the-art electronic security systems and certifications that exceed industry standards.
HIPAA/HITECH Compliance
A.E. Perkins maintains a comprehensive HIPAA Privacy/Security Policy and an FTC Red Flags policy. A.E. Perkins uses an internal HIPAA committee led by a corporate HIPAA Privacy/Security officer. Additionally, every department that comes in contact with protected health information (PHI) maintains department-level procedures that are updated on a regular basis. All employees are trained and evaluated in part based upon compliance with HIPAA and A.E. Perkins security policies. All infrastructure, facilities and computer systems are governed by our HIPAA security procedures.
We take this commitment to HIPAA compliance a step further by contracting with an outside firm to perform a HIPAA audit every two years. The auditors provide an accurate and thorough assessment of any potential risks and vulnerabilities by examining our business processes, systems infrastructure, and access control. The auditors also perform vulnerability scans on external-facing and select internal infrastructure devices and servers in order to determine high-risk vulnerabilities, as well as operational details such as patch levels, configuration errors, and filtering rules. While the law does not require this audit, we have made it standard protocol so as to ensure that we are truly maintaining the highest data integrity levels possible.
Hosting Site Security
We maintain multiple hosting sites, both on-location with redundant backups between our Texas and New Jersey operations centers (with automatic failover), and off-location at geographically diverse data centers that exceed Department of Defense (DoD) standards for a Sensitive Compartmented Information Facility (SCIF). The security and reliability features of our data centers and network provider are too numerous to list; however, we boast 99.99%+ uptime. A.E. Perkins and all its subcontractors are SAS 70 or SSAE 16 (SOC1) Type II reviewed. All data transmitted to our self-service systems is done using PGP with customizable password and CAPTCHA requirements on a client-by-client basis.
Personnel Security
A.E. Perkins employees undergo PHI and HIPAA training during their onboarding process. They are also instructed on a comprehensive visitor security policy at each facility location, as well as clean desk and computer workstation security policies.
Disaster Recovery
A.E. Perkins has redundant operating centers in Texas and New Jersey, along with automatic database replication and system failover in the event that one site temporarily goes down. Critical systems and databases are not only replicated multiple times per day between the two operating centers, but they are also backed up and hosted in off-site datacenters. We run continuous database backups and store encrypted copies off-site per our SSAE 16 control list. We have a disaster recovery plan that takes advantage of our infrastructure and allows us to service clients from either of our operating centers; in addition, with the redundancies built into our systems and datacenters, clients can continue to self-service in the event of an outage at an office location.
Privacy
Updated January 16, 2026
Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information.
The following outlines our privacy policy:
- Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
- We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
- We will only retain personal information as long as necessary for the fulfillment of those purposes.
- We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
- Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
- We will protect personal information with reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- We will make readily available to customers information about our policies and practices relating to the management of personal information.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
State Privacy Rights
Certain U.S. state privacy laws provide residents of those states with specific rights regarding their personal information. Depending on your state of residence and subject to applicable exemptions, you may have the right to:
- Confirm whether we process your personal information
- Access the personal information we maintain about you
- Correct inaccuracies in your personal information
- Delete certain personal information
- Obtain a copy of your personal information in a portable and readily usable format
- Opt out of certain processing activities, including targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects
We will respond to verifiable consumer requests in accordance with applicable law. Certain information may be exempt from these rights under state or federal law, including information subject to HIPAA, the Gramm-Leach-Bliley Act, or other legal obligations.
Some states, including California, permit you to request certain information regarding disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to [email protected].
CALIFORNIA CONSUMER PRIVACY ACT SUPPLEMENTAL NOTICE
Overview of California Consumer Privacy Laws
This California Privacy Policy applies only to California consumers (“you” or collectively as “consumers”). The California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”), collectively referred to as “California Consumer Privacy Laws”, provide California consumers with specific rights regarding their personal information.
Do California Residents Have Specific Privacy Rights?
Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.
California Civil Code Section 179883, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year If you are a
California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
California Consumer Privacy Act
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) took effect and sets new requirements and rights relating to personal information of California consumers. Any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | Yes |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes |
| C. Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Yes |
| D. Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
| E. Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | Yes |
| F. Internet or other similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Yes |
| G. Geolocation data | Physical location or movements. | Yes |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes |
| I. Professional or employment-related information | Current or past job history or performance evaluations. | Yes |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | Yes |
| K. Inferences drawn from other personal information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes |
| L. Sensitive Personal Information | Yes |
We will use and retain the collected personal information as needed to provide the Services or for:
- Category A – As long as the user has an account with us
- Category B – As long as the user has an account with us
- Category G – As long as the user has an account with us
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels;
- Participation in customer surveys or contests; and
- Facilitation in the delivery of our Services and to respond to your inquiries.
Sensitive Personal Information
We may collect and process sensitive personal information as defined under applicable state privacy laws where necessary to provide our services, comply with legal obligations, or as otherwise permitted by law. We do not process sensitive personal information for the purpose of inferring characteristics about individuals, and we do not use such information for purposes requiring consumer consent unless required by applicable law.
Transfers of Personal Data
The Services are hosted and operated in the United States (“U.S.”) through and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided in the U.S. and will be hosted on U.S. servers, and you authorize A.E. Perkins to transfer, store and process your information to and in the U.S., and possibly other countries.
Right to Correct Personal Information
Your Right to Correction. You have the right to request the correction of any inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information. We will use commercially reasonable efforts to correct the inaccurate personal information as you may direct.
Security
To help protect the privacy of data and personally identifiable information you transmit through use of this site and any other related services, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Categories of Sources
The CCPA information we collect comes directly from you when you inquire about our products and services via our website or by telephone or when you file a claim for reimbursement or view our website; from your employer (where applicable) where your employer is providing benefits; and from third parties that assist us in providing these benefits.
How We Use Information
We may use or disclose the personal information listed above for the following purposes, as permitted by CCPA and other applicable law:
- To provide you with information about our products and services
- To administer the products and services that we offer, including to determine eligibility or to review and pay claims
- To review product performance to evaluate benefits to be offered
- To engage service providers to assist us in administering and providing our products and services
- To consult with you or others designated by you, or as allowed by law, regarding your benefits
- To provide data analytics to allow us to assess product performance or enhance our products or website
- To comply with administrative or legal requests, subpoenas, or otherwise required by law
- For any purpose that would be permitted under HIPAA or Gramm-Leach-Bliley.
Selling your Personal Information
We do not sell your CCPA information.
Your Rights
In the future, where the CCPA applies to the product or service we offer, you may have the right to request access, data portability, and deletion rights.
Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
Changes to Our Privacy Notice
We reserve the right to amend our Privacy Policy or this privacy notice at our discretion and at any time.
Requesting Notice in Alternative Format/Language
You may be able to request this notice in another language where we provide such notices in the ordinary course of business or in an alternative format if you have a disability. Please see our contact information below to request an alternative format.
Contact Information
If you have any questions or comments about this notice, our Privacy Policy, the ways in which we collect and use your information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
A.E. Perkins
Attn: General Counsel
2508 Highlander Way, Suite 200
Carrollton, TX 75006
Or
Appeals of Privacy Rights Requests
If we decline to take action on your request, you may appeal our decision by contacting us using the information provided below and stating that you are submitting an appeal. We will respond to your appeal within the time period required by applicable law and provide a written explanation of our decision.
Authorized Agents
You may designate an authorized agent to submit a privacy rights request on your behalf. We may require verification of the agent’s authority and your identity before processing such a request, as permitted by law.
Data Retention
We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, including to provide services, comply with legal and regulatory obligations, resolve disputes, enforce agreements, and for legitimate business purposes. Retention periods may vary depending on the nature of the information and applicable legal requirements.
Targeted Advertising and Profiling
We do not engage in targeted advertising as defined under applicable state privacy laws, and we do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
Substance Use Disorder Treatment Records (42 CFR Part 2)
In certain circumstances, we may receive records relating to the diagnosis, treatment, or referral for treatment of substance use disorder (“SUD”) from a federally assisted substance use disorder treatment program that is subject to the confidentiality requirements of 42 C.F.R. Part 2 (“Part 2 Program”).
When we receive SUD records that are subject to Part 2, those records continue to receive special privacy protections under federal law. We will use and disclose such records only as permitted by Part 2 and applicable provisions of HIPAA, and only for purposes expressly authorized by law, including treatment, payment, and health care operations, where permitted.
Federal law provides additional protections for SUD records received from a Part 2 Program. Such records may not be re-disclosed in a manner that would identify an individual as having or having had a substance use disorder, except as permitted by 42 C.F.R. Part 2 or as otherwise authorized by the individual or required by law. We maintain administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of SUD records and to ensure compliance with applicable confidentiality requirements.
Individuals have the right to request access to and obtain copies of their SUD records received from a Part 2 Program, subject to applicable law. Individuals also have the right to request corrections to such records and to receive an accounting of certain disclosures, consistent with HIPAA and 42 C.F.R. Part 2. These rights may be subject to limitations where disclosure is prohibited or restricted by law.
Federal law prohibits discrimination against individuals based on their receipt of substance use disorder treatment. We do not use or disclose SUD records for unlawful or discriminatory purposes, including employment, housing, insurance underwriting, or access to benefits, except as permitted by law.
Individuals may file a complaint regarding the use or disclosure of SUD records with the U.S. Department of Health and Human Services or with us directly at [email protected]. Filing a complaint will not result in retaliation or adverse treatment.
Terms & Conditions of Use
1. Terms
By accessing this website, you are agreeing to be bound by these website Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.
2. User License
Permission is granted to temporarily download one copy of the materials (information or software) on A.E. Perkins’ website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:
Modify or copy the materials;
Use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
Attempt to decompile or reverse engineer any software contained on A.E. Perkins’ website;
Remove any copyright or other proprietary notations from the materials; or
Transfer the materials to another person or “mirror” the materials on any other server
3. Disclaimer
The materials on A.E. Perkins’ website are provided “as is”. A.E. Perkins makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, A.E. Perkins does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet website or otherwise relating to such materials or on any sites linked to this site.
4. Limitations
In no event shall A.E. Perkins or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on A.E. Perkins’ Internet site, even if A.E. Perkins’ or a A.E. Perkins authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
5. Revisions and Errata
The materials appearing on A.E. Perkins’s website could include technical, typographical, or photographic errors. A.E. Perkins does not warrant that any of the materials on its website are accurate, complete, or current. A.E. Perkins may make changes to the materials contained on its website at any time without notice. A.E. Perkins does not, however, make any commitment to update the materials.
6. Links
A.E. Perkins has not reviewed all of the sites linked to its Internet website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by A.E. Perkins of the site. Use of any such linked website is at the user’s own risk.
7. Site Terms of Use Modifications
A.E. Perkins may revise these terms of use for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these Terms and Conditions of Use.
8. Governing Law
Any claim relating to A.E. Perkins’s website shall be governed by the laws of the State of Texas without regard to its conflict of law provisions.
Accessibility Statement
Updated February 16, 2026
Our Commitment to Accessibility
A.E.Perkins LLC, and its affiliates including Interflex Payments, LLC DBA Ameriflex, Aterran LLC DBA Workforce Go, and Accresa Health LLC (“AEP”), are committed to ensuring digital accessibility for individuals with disabilities. We strive to provide an inclusive, user-friendly experience for all visitors to our website, including participants, employers, brokers, and partners accessing our consumer-directed healthcare account services.
We are actively working to increase the accessibility and usability of our website and online services in alignment with:
- The Americans with Disabilities Act (ADA)
- Section 508 of the Rehabilitation Act
- The Web Content Accessibility Guidelines (WCAG) 2.1 Level AA
Our goal is to provide equal access to information, tools, and services regardless of technology or ability.
Accessibility Standards
Our website is designed and maintained to conform, where feasible, with WCAG 2.1 Level AA standards. These standards address accessibility requirements including:
- Text alternatives for non-text content
- Keyboard navigability
- Logical structure and heading hierarchy
- Color contrast and visual presentation
- Compatibility with screen readers and assistive technologies
- Resizable text and responsive design
We regularly evaluate our website through automated testing tools and manual review processes to improve accessibility and usability.
Ongoing Efforts
Accessibility is an ongoing process. A.E. Perkins is committed to continuous improvement and regularly:
- Conducts accessibility audits and reviews
- Remediates identified accessibility barriers
- Incorporates accessibility into development and design practices
- Trains internal teams on accessibility best practices
As new technologies and standards evolve, we aim to ensure our digital properties remain compliant and accessible.
Third-Party Content
Certain areas of our website may link to or integrate third-party platforms, tools, or applications (e.g., payment processors, banking partners, mobile applications, benefits enrollment systems). While we encourage our vendors and partners to provide accessible content, we cannot guarantee full accessibility of third-party systems not under our control.
If you experience accessibility issues within third-party platforms accessed through our site, please contact us and we will assist you.
Assistive Technology Compatibility
Our website is intended to be compatible with commonly used assistive technologies and modern web browsers. We recommend using the most recent version of your browser and assistive software for the best experience.
Need Assistance?
If you experience difficulty accessing any part of our website, encounter an accessibility barrier, or need information in an alternative format, please contact us:
Email: [email protected]
Mailing Address: 2508 Highlander Way, Carrollton, TX 75006
When contacting us, please include:
- The web page URL (if applicable)
- A description of the issue
- The assistive technology or browser used (if known)
We will make reasonable efforts to respond promptly and provide the requested information in an accessible format.
Feedback
We welcome feedback on the accessibility of our website and services. Your input helps us improve and ensure we continue to meet the needs of all users.
