← Home

Privacy Policy

Last updated February 15, 2026

Who We Are

Enrollmint ("Mint," "we," "our") is a benefits enrollment platform. We provide software that helps brokers, employers, and employees manage the benefits enrollment process in one place.

This policy describes what information we collect through the platform, why we collect it, and how we protect it. It applies to everyone who uses Enrollmint—employees enrolling in benefits, employers managing their workforce, and brokers serving their clients.

We never sell your personal data. Not to advertisers, not to data brokers, not to anyone.

What We Collect

Information you provide

  • Account details — name, email address, phone number, mailing address
  • Employment information — employer, job title, hire date, compensation
  • Personal details — date of birth, gender, marital status
  • Dependents — names, dates of birth, and relationships of people you enroll
  • Benefits elections — the plans and coverage levels you choose
  • Documents — files uploaded during enrollment or onboarding

Information from connected accounts

  • OAuth tokens — encrypted access and refresh tokens when you connect Microsoft, Google, or Calendly
  • Account email — the email address associated with your connected account

Information collected automatically

  • Device type and browser version
  • IP address and general location
  • Pages visited and time spent on the platform
  • Cookies and similar identifiers (see Cookies)

How We Use It

  • Processing and managing your benefits enrollment
  • Sending enrollment confirmations, reminders, and deadline notifications
  • Connecting you with your benefits broker for guidance
  • Providing platform support when you reach out
  • Improving how the platform works for everyone
  • Detecting fraud and keeping the platform secure
  • Meeting legal and regulatory requirements

Who Sees It

We share your information only when there is a clear, necessary reason:

  • Your employer — to administer your benefits and employment records
  • Your broker — licensed professionals who guide you through your options (see next section)
  • Insurance carriers — to process the plans you select
  • Service providers — trusted partners who help us run the platform (hosting, email delivery, etc.)
  • Legal authorities — only when required by law or to protect safety
We do not share your personal information with third parties for marketing or advertising. Full stop.

Your Broker

Enrollmint is used by independent benefits brokers to serve their employer clients. When your company uses the platform, your broker has access to enrollment data for the companies they serve.

This means your broker can view your enrollment information, benefits elections, and contact details so they can help you make informed coverage decisions. Your broker's use of your data is governed by their own agreement with your employer and applicable regulations.

Third-Party Integrations

Brokers may optionally connect third-party accounts to enhance the Platform's capabilities. These connections are entirely voluntary and are initiated by the broker through our Settings page.

Microsoft 365

When a broker connects their Microsoft account, we request access to send and read emails (Outlook) and manage calendar events on their behalf. We store an encrypted OAuth access token and refresh token to maintain the connection. We access only the scopes the broker explicitly authorizes.

Google Workspace

When a broker connects their Google account, we request access to send and read emails (Gmail), manage calendar events (Google Calendar), and access files (Google Drive) on their behalf. We store an encrypted OAuth access token and refresh token. We access only the scopes the broker explicitly authorizes.

Enrollmint's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Calendly

When a broker connects their Calendly account, we request access to create and manage scheduling links on their behalf. We store an encrypted OAuth access token and refresh token.

How we handle integration data

  • Purpose limitation — We use connected account access only to perform actions the broker explicitly requests (e.g., sending an email, creating a calendar event). We do not access data from connected accounts for analytics, advertising, or any purpose beyond the broker's direct instructions.
  • Token storage — OAuth tokens are stored encrypted in our database and are associated with the individual broker's account.
  • No background access — We do not access connected accounts in the background. Access occurs only when the broker actively requests an action through the Platform.
  • Revocation — Brokers can disconnect any integration at any time through Settings. Upon disconnection, we immediately delete the stored tokens. Brokers can also revoke access directly from their Microsoft, Google, or Calendly account settings.
  • No sharing — Data accessed through connected accounts is never shared with third parties.

Security

We protect your information with multiple layers of security:

  • 256-bit SSL/TLS encryption on every connection
  • Encrypted storage for sensitive data (Social Security numbers, bank details)
  • Regular security audits and vulnerability assessments
  • Role-based access controls and multi-factor authentication
  • Ongoing team training on data protection practices

Your Rights

You have control over your data. You can:

  • Access — request a copy of the personal information we hold
  • Correct — ask us to fix anything inaccurate or incomplete
  • Delete — request deletion of your data (subject to legal retention requirements)
  • Opt out — unsubscribe from non-essential communications anytime
  • Export — request your data in a portable format

Email [email protected] to exercise any of these rights. We respond within 30 days.

Cookies

We use cookies to:

  • Keep you logged in between sessions
  • Remember your preferences
  • Understand how people use the platform so we can improve it

You can manage cookies through your browser settings. Some features may not work properly with cookies disabled.

Retention

We keep your information as long as necessary to provide our services and meet legal requirements. Benefits enrollment records are typically retained for seven years after the end of the plan year, consistent with ERISA regulations. After that period, data is securely deleted.

Children

Enrollmint is intended for adults. We do not knowingly collect information from children under 13. When dependent information for minor children is collected, it is provided by their parent or guardian and used solely for benefits enrollment purposes.

Changes to This Policy

If we make meaningful changes, we will notify you through the platform or by email before they take effect. Continued use of Enrollmint after a change constitutes acceptance of the updated policy.

Questions?

[email protected]

(515) 400-1011

Enrollmint · Des Moines, Iowa