ERISA Scout

Privacy Policy

Last updated: December 1, 2025

Maudlin Works, LLC ("we," "our," or "us") operates ERISA Scout (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use our Service or otherwise interact with us.

This Privacy Policy is intended to provide you with clear, practical information. It is not legal advice. Depending on where you live, additional rights may apply under local laws (for example, GDPR or CCPA). Where those laws apply, we handle your personal information in line with them.

1. Information We Collect

We collect different types of information depending on how you use the Service. "Personal information" means any information that identifies or can reasonably be linked to an identifiable person.

1.1 Information You Provide

  • Account Information: When you create an account, we collect information such as your name, business email address, organization name, and any profile details you choose to provide.
  • Billing and Subscription Information: When you purchase a subscription or Lifetime Access, payment processing is handled by our payment processor (currently Stripe). We receive limited billing information from Stripe (such as the last four digits of your card, card type, and billing address), but we do not store your full credit card number.
  • Saved Lists and Workspace Content: We store data about the plans and providers you save, the lists you create, notes you add, tags, and other configuration or preference information within your workspace.
  • Support and Communications: If you contact us by email or through in-app support, we collect the information you choose to share (such as your name, contact details, and the content of your message).

1.2 Information Collected Automatically

  • Usage Data: We collect information about how you use the Service, such as pages or screens viewed, features used, searches performed, clicks, approximate time spent, and actions taken (for example, saving a plan to a list).
  • Device and Log Information: We may collect standard technical data such as your IP address, browser type and version, operating system, device identifiers, referring URLs, date/time stamps, and error logs when you access the Service.
  • Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to keep you signed in, remember your preferences, and understand how the Service is used. For more details, see Section 9 (Cookies).

1.3 Information from Public and Third-Party Sources

ERISA Scout relies heavily on data from public filings and other public or business databases. We may collect or derive information from:

  • Public Filings: Public Form 5500 filings and related data made available by the U.S. Department of Labor and other government sources.
  • Business Directories and Public Websites: Public business contact details for organizations, plans, providers, or advisors, including names, business addresses, websites, and general contact information.

This information is typically business-related rather than personal. However, in some cases it may include information that can be linked to an individual in a business context (for example, a plan contact's business email address or name listed on a filing or website).

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Operate the Service: Including creating and managing user accounts, authenticating users, providing access to dashboards and analytics, and processing payments.
  • To Maintain and Improve the Service: Including monitoring usage, troubleshooting, debugging, and optimizing the Service's performance, features, and user experience.
  • To Communicate with You: Including sending account-related emails (such as onboarding messages, billing notices, password resets, and service updates) and responding to your support requests.
  • To Personalize Your Experience: Including remembering your settings, saved lists, and preferences to make the Service more relevant to you.
  • To Protect the Service and Prevent Abuse: Including detecting and preventing fraud, abuse, security incidents, and other harmful or illegal activities.
  • To Comply with Legal Obligations: Including keeping appropriate records, responding to lawful requests, and fulfilling tax, accounting, and regulatory requirements.
  • With Your Consent: For any other purpose we describe to you and for which you give permission (for example, certain marketing emails where consent is required).

3. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or another region with similar laws, we rely on the following legal bases to process your personal information:

  • Contractual Necessity: To provide the Service and perform our contract with you (for example, when you create an account, use the Service, or purchase a subscription).
  • Legitimate Interests: To operate, secure, and improve our Service; to understand how it is used; and to support our business operations, in a way that does not override your rights.
  • Consent: Where required by law, for example for certain cookies or marketing communications. You may withdraw your consent at any time.
  • Legal Obligations: To comply with laws, court orders, or other legal processes.

4. How We Share Your Information

We do not sell your personal information. We may share information about you in the following limited circumstances:

  • Service Providers and Subprocessors: We work with third-party companies that help us deliver and support the Service. These may include:
    • Authentication and User Management (for example, Clerk or similar providers)
    • Payment Processing (currently Stripe)
    • Hosting, Infrastructure, and Analytics (for example, Vercel and similar providers)
    • Support and Communication Tools (for example, email providers or helpdesk tools)
    These service providers may access your information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.
  • Business Transfers: If we are involved in a merger, acquisition, financing, or sale of all or a portion of our business, your information may be transferred as part of that transaction, subject to continuing protection consistent with this Policy.
  • Legal and Safety Requirements: We may disclose information if we believe in good faith that doing so is necessary to comply with applicable law, respond to valid legal requests, protect the rights, property, or safety of us, our users, or the public, or enforce our Terms of Service.
  • With Your Consent: We may share your information for any other purpose disclosed to you and with your consent.

5. International Data Transfers

We are based in the United States, and the Service is primarily operated from the U.S. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the U.S. and other countries that may have data protection laws different from those in your region. Where required by law, we implement appropriate safeguards (such as standard contractual clauses) to protect such transfers.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service and fulfill the purposes described in this Policy. We may also retain certain information to:

  • Comply with legal, regulatory, or tax obligations
  • Resolve disputes and enforce our agreements
  • Maintain business records and audit trails

When we no longer need your personal information, we will delete or anonymize it, or, if that is not possible (for example, because the data is stored in backup archives), then we will securely store your information and isolate it from further processing until deletion is possible.

7. Data Security

We implement appropriate technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures may include encryption in transit, access controls, logging, and security monitoring.

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk. If we become aware of a data breach that affects your personal information, we will notify you where required by applicable law.

8. Your Rights and Choices

Depending on your location, you may have some or all of the following rights with respect to your personal information:

  • Access: Request confirmation that we process your personal information and receive a copy of it.
  • Correction: Request that we correct or update inaccurate or incomplete personal information.
  • Deletion: Request that we delete your personal information, subject to legal and contractual requirements.
  • Restriction: Request that we restrict certain processing of your personal information.
  • Portability: Request that we provide your personal information in a structured, commonly used, and machine-readable format, where technically feasible.
  • Objection: Object to certain processing carried out on the basis of our legitimate interests.
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise these rights, please contact us at support@erisascout.com. We may need to verify your identity before responding to your request. Some rights may be subject to limitations under applicable law.

9. GDPR (European and UK Users)

If you are located in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal information violates applicable law. Contact details for EEA data protection authorities are available from the European Data Protection Board (EDPB).

10. CCPA and Similar Laws (California and Certain U.S. States)

If you are a resident of California or another U.S. state with a similar privacy law, you may have additional rights, including:

  • Right to Know: The right to request information about the categories and specific pieces of personal information we have collected, used, disclosed, or "sold" (as that term is defined in applicable law).
  • Right to Delete: The right to request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: The right to request correction of inaccurate personal information.
  • Right to Opt-Out of "Sale" or "Sharing": The right to opt out of certain uses or disclosures of your personal information that may be considered a "sale" or "sharing" under applicable law.
  • Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.

We do not sell your personal information as that term is commonly understood. If this changes, we will update this Policy and provide a mechanism to exercise your right to opt out.

To submit a request under these laws, please contact us at support@erisascout.com. We may ask you to verify your identity and residency before fulfilling your request.

11. Cookies

We use cookies and similar technologies to operate and improve the Service. The types of cookies we may use include:

11.1 Necessary Cookies

These cookies are essential for the Service to function, such as those that keep you signed in, manage sessions, and maintain security. You cannot opt out of these cookies without affecting the core functionality of the Service.

11.2 Analytics Cookies

These cookies help us understand how visitors use the Service (for example, which pages are visited most often, how users navigate the app, and where errors occur). We may use privacy-focused analytics tools (such as Vercel Analytics or similar providers) that collect aggregated or pseudonymized data. Where required by law, we will obtain your consent before setting analytics cookies.

11.3 Managing Cookies

You can manage your cookie preferences through our cookie banner (if present) or by adjusting your browser settings to block or delete cookies. Please note that disabling certain cookies may impact the functionality and performance of the Service.

12. "Do Not Track"

Some browsers include a "Do Not Track" ("DNT") signal. There is currently no industry standard for responding to DNT signals, and we do not respond to them at this time. If standards for DNT are established in the future, we may update this Policy to reflect how we respond.

13. Children's Privacy

The Service is intended for business and professional users and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information. If you believe we may have collected information from a child, please contact us at support@erisascout.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email or in-app notification. Your continued use of the Service after any changes become effective signifies your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy, or if you would like to exercise your privacy rights, please contact us: