Derek
June 11, 2026
Learn how PillowPays protects your financial data across health, auto, and home policies. Explore types, costs, and smart strategies to trim out-of-pocket risk.
Written by Mark Lopez
You're handing a financial service your name, payment information, insurance claim details, and proof of deductible payments. That's sensitive data. Before you share it, you deserve to know how PillowPays protects your financial and personal data and what standards apply to a service like this.
Data security in fintech isn't optional. According to the Federal Trade Commission's updated Safeguards Rule (under the Gramm-Leach-Bliley Act), financial services companies are required to maintain written security programs, conduct risk assessments, implement access controls, and have incident response plans. And a 2024 Federal Reserve survey found 37% of Americans couldn't cover a $400 emergency with cash. When people are already financially vulnerable, protecting their data isn't just good practice. It's an ethical obligation.
This guide explains what data a deductible reimbursement service like PillowPays collects, why it collects it, what good data protection looks like in this space, and how to protect yourself as a member. The full PillowPays privacy policy is available at pillowpays.com/legal.
What Type of Information Will Be Collected About You By the Deductible Reimbursement Services?
What is the Need for This Information?
Data Security in Fintech Companies
Types of Information That Are Not Required by PillowPays Members
Rights of Members According to the Law
3 Ways to Prevent Yourself From Excessive Information Sharing With Fintech Companies
How Can PillowPays Help You?
Points to Remember
FAQ
References
To process your membership and reimburse your deductible, PillowPays requires certain information to help you along. Let’s take a look at what information is required and why.
Your name and contact information (email, phone number)
Your payment method (credit card or bank account for monthly billing)
Your membership plan selection (Basic or Premium Shield)
Insurance company claim number
Letter of settlement/ Explanation of Benefits (from your insurance provider)
Proof of payment of deductible (bank statement, receipt, or credit card statement)
Repairs and contractor costs
This is the minimum data set required to verify your claim and process your reimbursement. For a full guide on what documents are needed, see What Is Deductible Reimbursement? A Guide to Financial Safety.
All data collected by the reimbursement service must be necessary for a good reason. Otherwise, the collection of certain data indicates that something suspicious is going on.
Member's name and contact details: for identification purposes and communication about your account and claims.
The payment method: to pay your monthly membership, and also in case of sending your reimbursement
The claim number: to ensure that a legitimate claim has been submitted through the primary insurance.
The settlement letter: for proof of claim processing and the exact deductible amount.
The proof of payment: to prove that you actually made the payments.
"Limited legitimate financial services require minimal data to offer their service," says Linda Park, CFP® with Horizon Wealth Advisors. "When the service requests you to share your SSN or your complete medical records or even your banking credentials, this is a definite sign of potential fraud. For a deductible reimbursement service, you will only need your claim documentation and payment information."
No matter which choice you make when choosing between PillowPays and any other finance app, below are some practices that you should see in place in terms of good data protection in 2026.
Use of industry-standard encryption, such as TLS/SSL for transmission and AES-256 for storage, ensures that if data is intercepted or stolen due to a server hack, it will be inaccessible to anyone other than its owner. Check whether your website address uses HTTPS, and whether the company uses encryption anywhere in its privacy policy.
Multi-factor authentication is an additional security feature used to protect a user’s information and account. It includes, but is not limited to, a code being sent to your phone number, a biometric scan, or the use of an authenticator app. MFA should be required by any company that handles clients’ sensitive data.
A well-designed service collects only the data it needs to function. It doesn't ask for your Social Security number to process a deductible reimbursement. It doesn't request access to your entire bank account. The less data a service stores, the less there is to steal.
The privacy policy should explain what data is collected, why it's collected, who it's shared with (if anyone), and how long it's retained. PillowPays publishes its privacy policy at pillowpays.com/legal. Read it before signing up.
In the United States, entities offering any form of financial services must comply with various regulatory requirements, including the Gramm-Leach-Bliley Act (GLBA), the FTC Safeguard Rule, and state-level consumer privacy laws.
Knowing what is not supposed to be gathered is just as essential as knowing what needs to be gathered. In the case of a quality deductible reimbursement, this is what PillowPays may never ask for:
Your social security number
Your login credentials for accessing your financial details
Your full health record
Your login credentials to your health insurance provider
Your driver’s license number
If a financial service requests your personal financial details (such as your bank account login details), cease all further contact immediately, as that isn't how a legitimate organisation will pay.
For more on how the claims process works without sharing sensitive account credentials, see Best Auto Insurers for Deductible Reimbursement.
Depending on where you live, you may have certain rights regarding your personal information. Below are some of the rights you will have under American Law in 2026.
If you engage in financial services, any company operating in that area may be compelled to give details about the personal information being collected from its clients. This is provided for by various state privacy laws, including the CCPA/CPRA, Virginia, and Colorado, amongst others.
Several states give you the right to request that your personal information be deleted by companies, except in certain situations. If you cancel your PillowPays membership, review the privacy policy at pillowpays.com/legal for details on data retention and deletion.
There is an opt-out right under GLBA and many other state statutes for some forms of data sharing with third parties. Refer to the privacy policy for more information about sharing with affiliates or other business associates by PillowPays.
"It is one of the best things a consumer could do to read the privacy policy before joining, but not when there's an issue," remarks Robert Delgado, Independent Insurance Agent and NAIFA member. "It's just as essential to know what they do with your data as it is to know what they do with your money."
The first step to help you protect your information is to create a unique password for PillowPays only. In other words, you need to generate a password that includes more than 12 characters. You can consider activating multi-factor authentication as well.
You should never use email or any texting service to transfer your claim documents. The only channel you can trust is PillowPays' website or app. This option will guarantee the secure transmission of your data. For more on homeowners-specific claims, see Best Homeowners Insurance for Deductible Reimbursement.
Check your bank or credit card statement every month to confirm that only the expected PillowPays charge appears. If you see an unfamiliar charge, contact PillowPays support immediately at support@pillowpays.com or (302) 600-2256. Early detection is the most effective defence against unauthorised billing. For more strategies, visit the PillowPays blog.
How PillowPays Can Help PillowPays publishes its full privacy policy and terms of service at pillowpays.com/legal. Two plans are available: Basic Protection at $10/month (up to $500/year for home and auto) and Premium Shield at $30/month (up to $2,000/year across home, auto, renters, and commercial property). 24/7 support is available by email (support@pillowpays.com), phone ((302) 600-2256), or live chat. If you have questions about data handling or privacy, contact the support team directly. |
The data that PillowPays utilises to process your membership and reimbursement claim requests includes your personal account information, payment details, and supporting documentation.
Data management best practices include the following steps: encrypting data in transit and at rest, implementing multi-factor authentication, minimising data use, having a privacy policy, and complying with regulations.
It's imperative to note that no reputable fintech service should ask you for your SSN, banking login credentials, full medical records, or insurance website passwords.
Data rights include access to your data, the right to have your data erased, and the right to refuse to share your personal data. Rights may vary from one state to another.
Be safe! Ensure you have MFA enabled, use strong passwords, upload only through proper channels, and monitor your billing each month.
PillowPays collects personal information needed for your enrolment and claim processing, namely: name, contact information, payment options, and claim documents (claim number, settlement letter, and deductible payment receipt). You can find more information on our privacy policy available at pillowpays.com/legal.
Since PillowPays is not associated with your health insurance company, your health insurance company will not know that you are enrolled in the PillowPays program. To learn more about how we collect personal information, please visit pillowpays.com/legal.
According to the federal requirements, such as the FTC Safeguards Rule, financial services organisations must safeguard payment information. Payment information is encrypted and stored using secure payment processing methods, without ever exposing the full card number. You can find the exact details of how PillowPays protects payment information in its privacy policy.
Under most state privacy legislation, you have the right to ask PillowPays to delete any data held on you under some exceptions. Send your data request directly to PillowPays at support@pillowpays.com or by phone at (302) 600-2256. See the privacy policy on pillowpays.com/legal for more info.
Immediately change the account password and notify PillowPays either by calling +1(302) 600-2256 or by sending a message to support@pillowpays.com. Check the invoice for suspicious activities. If the individual suspects identity theft, he/she must file a claim at IdentityTheft.gov and place a fraud alert with all three major credit bureaus.
This article provides information only for general guidance; it should not be treated as legal, cybersecurity, or financial consultancy. There is no mention of data security company policies in the above article. For more information about PillowPays data security and privacy policy, refer to pillowpays.com/legal.
Federal Reserve Board. (2025). Economic Well-Being of U.S. Households in
Federal Trade Commission. (2026). Safeguards Rule (Gramm-Leach-Bliley Act).
Kaiser Family Foundation (KFF). (2025). Employer Health Benefits Survey.
Insurance Information Institute (III). (2025). Understanding Your Insurance Deductibles.
About the Author Mark Lopez Mark Lopez is an insurtech entrepreneur, angel investor, and Co-Founder of Pillow Pays, a subscription-based life insurance platform. With a background spanning RBC Ventures, Mastercard Fintech, and the founding of RedFlagDeals.com, Derek brings deep expertise in subscription financial products, embedded insurance, and consumer deductible protection strategy. He holds a Bachelor of Commerce from Queen's University and has been recognized as a Top 40 Under 40 leader in the Canadian technology and finance space. LinkedIn: linkedin.com/in/derekszeto |