Your privacy is our concern.

Learn how HSA Bank, a division of Webster Bank, N.A. (“HSA Bank”) may collect, use and share information from or about you and how information may be collected and used for advertising purposes.

Last Updated: 07/11/2023

This Digital Privacy Statement (“Notice”) applies to this HSA Bank online or mobile site and any Webster Bank N.A. affiliate or subsidiary online interface that links to this Notice (individually, the “Site,” and collectively, the “Sites”). The term “HSA Bank” or “we” or “us” or “our” in this Notice refers to Webster Bank N.A., and its affiliates and subsidiaries. This Notice describes how these Sites may collect, use and share information from or about you and explains how information may be collected and used for advertising purposes.

Webster Bank N.A. provides other online interfaces not covered by this Notice. If you visit or access your accounts or apply for a position with us from one of these sites, please review the online privacy practices of that site to understand how your online information may be collected, used and shared.

For visitors to this Site, we may use and share any information that we collect on this site from or about you in accordance with the HSA Bank Privacy Policy. Please refer to this notice for additional information about our privacy practices and your rights and choices.

By using this website or our Mobile Applications (as defined below), or applying for a position with us you agree to the terms and conditions of this notice.


Collecting and using information

Information we collect may be one of two types: Personal Information and Other Information, including Aggregate Data and Anonymous Data (such terms being defined below).


Personal information we collect online

Personally identifiable information such as information provided primarily by you through forms, applications or other online fields including name, postal or email addresses, telephone, mobile numbers, account numbers, usernames and passwords (“Personal Information”). We may also collect social security numbers, driver’s license numbers and other personally identifiable information when you provide such information while using our online services and where we believe it is reasonably required for ordinary business, including in connection with an application for employment or other recruiting purposes.


How we use personal information

HSA Bank shares data with third party service providers to facilitate the processing of your transactions, maintain your account(s), provide support services for your products and services that you apply for or receive from us, respond to court orders and legal investigations, or report to credit bureaus. Data is also shared with third party service providers, acting as our agents, for marketing products and services to you.

Although you may not choose to opt out of having your data shared with our vendors for joint marketing you may choose to opt out of receiving marketing information by calling 1-800-357-6246.


Other information we collect online

Any information other than Personal Information that does not reveal your specific identity or does not directly relate to an individual, such as browser information, information collected through cookies, pixel tags and other technologies, demographic information, other information provided by you such as your date of birth or household income, as well as Aggregated Data and Anonymous Data (“Other Information”). Data that we may create or compile from various sources, including but not limited to accounts and transactions (“Aggregated Data” or “Anonymous Data”). This information, which does not identify individuals or individual account holders, may be used for our business purposes, which may include offering products or services, research, marketing or analyzing market trends, and other purposes consistent with applicable laws.


How we collect and use other information

We and our third-party service providers may collect and use Other Information in a variety of ways, including:

  • Through your browser or device: Certain information is collected by most browsers and/or through your device, such as your IP address, device type, operating system version and internet browser type and version. We use this information to ensure Sites function properly, for fraud detection and prevention, and security purposes.
  • Using cookies: Cookies are pieces of information that we store directly on the device you are using. Cookies we use do not contain or capture unencrypted Personal Information. Cookies allow us to collect information such as browser type, time spent on the Site, pages visited, language preferences, and your relationship with us. This site uses Google Analytics and other aggregated analytics tools to track performance and to track visitor sessions, visitors across multiple sessions, and referral sources to our sites. At no time is personally identifiable information passed to Google Analytics. (To understand how Google collects and processes information gathered from this site visit Note that Google Analytics stores its data within the United States of America and is subject to United States laws. We use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize/tailor your experience while engaging with us, and to recognize your device to allow your use of our online products and services. We collect statistical information about the usage of the Site in order to continually improve the design and functionality, to monitor responses to our advertisements and content, to understand how account holders and visitors use the Site and to assist us with resolving questions regarding the Site. We may also utilize cookies for advertising purposes. Please see the Advertising section below for more information. You can refuse to accept these cookies and most devices and browsers offer their own privacy settings for cookies. You will need to manage your cookie settings for each device and browser you use.
  • We may use the following types of cookies:
    • Functional Cookies: These cookies are used for operations of our website, including some of our new account opening applications, and are required to log-in to your digital banking account.
    • Performance Cookies: These cookies allow us to track how visitors are interacting with our digital experiences so that we can improve and personalize your journey.
    • Targeting/Marketing: These cookies are used to track the performance of marketing campaigns and to identify relevant audiences for campaigns or promotions.


How to control cookies:

You have the ability to control how cookies are placed on your computer or mobile device by changing your internet software browser settings. Disabling or deleting browser cookies may impact your experience on our website or digital banking platform. For example, disabling cookies will disable the ability to log-in to your digital banking account.

The following are a few examples of how to manage cookies on your browser:


Mozilla Firefox:

Internet Explorer:

However, if you do not accept these cookies, you may experience some inconvenience in your use of the Site and some online products and services. For example, we will not be able to recognize your device and you will need to answer a challenge question each time you log on. You also may not receive tailored advertising or other offers from us that may be relevant to your interests and needs.

Other technologies including pixel tags, web beacons, and clear GIFs: These may be used in connection with some Site pages, downloadable mobile applications and HTML-formatted email messages to measure the effectiveness of our communications, the success of our marketing campaigns, to compile statistics about usage and response rates, to personalize/tailor your experience while engaging with us online and offline, for fraud detection and prevention, for security purposes, for advertising, and to assist us in resolving account holders’ questions regarding use of our Site. Please see our Advertising section below for more information regarding our use of other technologies.

IP Address: Your IP Address is a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the internet and is done automatically by many web sites. We use IP Addresses for purposes such as calculating Site usage levels, helping diagnose server problems, to personalize/tailor your experience while engaging with us online and offline, for compliance and security purposes, for advertising, and administering the Site. Please see the Advertising section below for more information.

Mobile Applications: HSA Bank’s Mobile Applications for client accounts (“Mobile Applications”) allows you to access your account balances and perform certain functional transactions. This Notice applies to any Personal Information or Other Information that we may collect through the Mobile Applications. Some mobile devices come with a non-permanent advertising identifier or ID which gives companies the ability to serve targeted ads to a specific mobile device. In many cases you can turn off mobile device ad tracking or you can reset the advertising identifiers at any time within your mobile device privacy settings. In addition, if you have enabled location services on your mobile device, we may collect geolocation data from your device or contact information. You may also choose to turn off location tracking on your mobile device. By turning off ad tracking or location tracking on your mobile device, you may still see the same number of ads as before, but they may be less relevant because they may not be based on your interest.

Third party widgets – We may allow certain widgets (e.g., social share buttons) on our Sites that enable users to easily share information on another platform, such as a social media platform. The third parties that own these widgets may have access to information about your browsing on pages of our Sites where these widgets are placed. You may wish to review information at the third-party site, such as social media platforms where you have an account, to determine how these third parties collect and treat such information. Also, see Linking to other sites and Social media sites.


Online advertising

HSA Bank may advertise online (e.g., pages within our Sites and Mobile Application through bank managed social media presences, and on other sites and mobile apps not affiliated with Webster Bank N.A.) and offline (e.g. through call centers, and direct marketing). In order to understand how advertising performs, we may collect certain information on our Sites and other sites and mobile apps through our advertising service providers. We may use cookies from third-party partners such as Google and Facebook for marketing purposes that allow us to display promotional material to you on other sites you visit across the internet. We may also share IP addresses, and other technologies. The collected information may include the number of page visits, pages viewed on our Sites, search engine referrals, browsing activities over time and across other sites following your visit to one of our Sites or apps, and responses to advertisements and promotions on the Sites and on sites and apps where we advertise.

HSA Bank may use information described in this Notice to help advertise our products and services in a variety of ways. We use such information to:

Present tailored ads to you, including to:

  • Develop banner ads and splash ads that appear as you sign on or off of your online accounts on our Sites, within mobile banking and other mobility applications;
  • Develop E-mail, postal mail, and telemarketing;
  • Advertise on other sites and mobile apps not affiliated with HSA Bank;
  • Analyze the effectiveness of our ads; and
  • Determine whether you might be interested in new products or services


How we tailor ads

Relationship based advertising

In order to help make our advertising informative and useful, we may use information about your relationship with us (such as types of accounts or transactional information ) to help determine which advertisements or offers to present to you.


Online Behavioral Advertising – Interest-based Advertising

We or our advertising service providers may use certain information about your activities on our Sites and other websites, such as pages visited and search key words entered to help determine which of our advertisements or offers may be of interest to you. We limit access and collection of information for specific purposes by advertising service providers. We may use this online information for online and offline advertising.


Advertising on third party sites and mobile apps

HSA Bank may contract with advertising companies to advertise our products and services on sites and mobile apps not affiliated with us. These companies use non-personally-identifiable information (e.g., click stream information, browser type, time and date, subject of advertisements clicked or scrolled over, hardware/software information, cookie and session ID) and personally identifiable information (e.g., static IP address) during your visits to this and other websites in order to provide advertisements about goods and services likely to be of greater interest to you or advertising-related services, such as ad delivery, reporting, attribution, analytics, and market research. These parties typically use a cookie, web beacon or other similar tracking technologies to collect this information. Third Party sites and mobile apps are not subject to HSA Bank Privacy Notices. Please visit the individual sites and mobile apps for additional information on their data and privacy practices and opt out policies.


Facebook (Social media)

We may participate in’s Custom Audience or LinkedIn’s Audience programs, which enables us to display personalized ads to persons on our email list when they visit Facebook or LinkedIn, respectively. We provide personal information, such as your email address and phone number, to the social media provider to enable it to determine if you are a registered account holder. You may opt-out of participation in this program by contacting us as noted below. You may also opt-out of receiving these ads from the social media network(s) directly.


Advertising choices

You may set your choices for advertising in the following ways:

Online Behavioral Advertising: If you prefer that we not use information based on online Site behavior to provide online and offline tailored content and advertising, you may opt out of online behavioral advertising.

Opting out also means that the online content and advertising you receive on our non-servicing sites (i.e. before sign-in) will be untailored and may not be based on your online behavior or your relationship.

Please note that if you opt out of this advertising, you may still receive untailored advertising from HSA Bank. When accessing online account servicing areas (i.e. after sign-in), such as Online Banking, you may receive tailored content and advertising based on your account relationships. See Important Reminder section below.

You may also opt out of receiving behavioral ads from many sites through the Network Advertising Initiative’s Opt-Out Tool or other tools provided by the publishing platform. Please note that if you opt out, you may still receive untailored online advertising from HSA Bank. Opting out from a specific third-party site means that the ads you receive will not be tailored based on your choices or behavior.

Bank managed Direct Marketing: If you prefer we not deliver you marketing offers in email, postal mail or through telemarketing, you may manage your direct marketing choices by telephone at 1-800-357-6246.


Important Reminder:

In order for online behavioral advertising opt outs from our Sites and on other sites to work on your device, your browser must be set to accept cookies. If you delete cookies, buy a new device, access our Site or other sites from a different device, login under a different screen name, or change web browsers, you will need to opt-out again. If your browser has scripting disabled, you do not need to opt out, as online behavioral advertising technology does not work when scripting is disabled. Please check your browser’s security settings to validate whether scripting is active or disabled.


Linking to other sites

We may provide links to third party sites, such as service providers or merchants. Our Privacy Notice does not apply to third party sites. If you follow links to sites not affiliated or controlled by HSA Bank, you should review their privacy and security policies and other terms and conditions, as they may be different from those of our Sites. HSA Bank does not guarantee and is not responsible for the content, privacy or security of these sites, including the accuracy, completeness, or reliability of their information.


Social media sites

HSA Bank may provide experiences on social media platforms including, but not limited to, Facebook®, Twitter®, YouTube® and LinkedIn® that enable online sharing and collaboration among users who have registered to use them. Any content you post on official HSA Bank managed social media pages, such as pictures, information, opinions, or any Personal Information that you make available to other participants on these social platforms, is subject to the Terms of Use and Privacy Policies of those respective platforms. Please refer to them to better understand your rights and obligations regarding such content. In addition, please note that when visiting any official HSA Bank social media pages, you are also subject to any of HSA Bank’s Privacy Notices and Webster’s Social Media User Terms. Whenever you visit a third-party website, you should review its privacy notice.


Aggregated Information and Digital Analytics

We collect information about your digital browsing experience through third-party analytics services for threat-monitoring and digital performance measurement. This information is not personally identifiable and is used in-aggregate to provide enhanced digital experiences. This information may include, but is not limited to the type of device being used, type of browser being used and type of operating system. We may use this aggregate and anonymous data for various business purposes, where permissible by law and regulations.



To protect Personal Information from unauthorized access and use, we use security measures that comply with applicable federal and state laws. We will use reasonable organizational, physical, technical and administrative measures to protect personal information within our organization. These measures may include device safeguards and secured files and facilities security to ensure information remains confidential and secure. HSA Bank maintains customer authentication procedures to protect your personal information and accounts from identity theft.


Using other aggregation websites

Other companies offer aggregation websites and services that allow you to consolidate your financial account information from different sources (such as your accounts with us or with other financial institutions) so that you can view all your account information at one online location. To do this, an aggregation provider may request access to Personal Information, such as financial information, usernames and passwords. You should use caution and ensure that the aggregator company has appropriate policies and practices to protect the privacy and security of any information you provide or to which they are gaining access. We are not responsible for the use or disclosure of any Personal Information accessed by any company or person to whom you provide any HSA Bank Site username and password.


If you provide any Site username, password or other information about your accounts with us to an aggregation website, we will consider that you have authorized all transactions or actions initiated by an aggregation website using access information you provide whether or not you were aware of a specific transaction or action. If you decide to revoke the authority you have given to an aggregation website, we strongly recommend that you change your password for the Site to ensure that the aggregation website cannot continue to access your account.


Making sure information is accurate

Keeping your account information accurate and up to date is very important. If your account information is incomplete, inaccurate or not current, please use the Contact Us option on our Site, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a customer representative or account representative.


Protecting children’s privacy online

The Site is not intended for use by individuals under the age of thirteen (13). We request that these individuals do not provide Personal Information through the Site. We do not knowingly collect information from children under 13 without parental consent. Visit the Federal Trade Commission website for more information about the Children’s Online Privacy Protection Act (COPPA).


Updates to this Digital Privacy Statement

This Digital Privacy Statement is subject to change. Please review it periodically. If we make changes to this Digital Privacy Statement, we will revise the “Last Updated” date at the top of this Notice. Any changes to this Notice will become effective when we post the revised Notice on the Site. Your use of the Site following these changes means that you accept the revised Notice.