FMSLio

Privacy Policy

Last updated: May 20, 2026

1. Introduction

FMSLio ("we", "us") provides software for California Self-Determination Program Financial Management Services providers. This Privacy Policy explains what information we collect, how we use it, and the rights you have over it.

2. Information we collect

FMSLio is used by FMS providers to manage participant, worker, vendor, and Authorized Representative information. Categories of data we process include:

  • Account data — names, email addresses, phone numbers, organization details, and authentication credentials of the people who use FMSLio.
  • Protected Health Information (PHI) — when an FMS organization uses FMSLio to handle PHI under HIPAA, FMSLio acts as a Business Associate. We encrypt PHI at rest and in transit and restrict access via tenant-scoped row-level security. See our HIPAA Notice for details.
  • Operational data — timesheets, invoices, service authorizations, audit logs, and other records generated by FMS operations.
  • Usage data — log information such as IP address, browser type, pages viewed, and timestamps, used to operate and secure the service.

3. How we use information

We use information to provide and improve the service, respond to support requests, fulfill our contractual obligations under HIPAA Business Associate Agreements, secure the platform against fraud and abuse, and comply with legal obligations.

4. Sharing and disclosure

We share information only as needed to operate the service. Specifically:

  • Subprocessors — Amazon Web Services (US-West-2) for hosting + encrypted storage; Stripe for subscription billing; the carrier handling our outbound transactional email. Each carries its own data-protection obligations under contract, and our list is available on request to contact@fmslio.com.
  • Your FMS organization — the customer that owns your account data may access it through the normal product interfaces (e.g., admin reading staff timesheets, vendor reading their invoices).
  • Lawful legal process — subpoenas, court orders, or other legally binding requests, with notice to the customer where allowed by law.

We do not sell personal information. We do not share personal information with third parties for advertising purposes.

5. Analytics & cookies

This marketing website uses Google Analytics 4 (GA4) to understand which pages are useful to visitors. GA4 sets a first-party cookie that records anonymized usage data (page views, browser type, country-level location) but does not identify you personally. We do not use advertising cookies and we do not sell or share analytics data with third parties for advertising purposes.

On your first visit, you'll see a cookie banner with Accept and Reject buttons. Analytics only loads if you accept. Your choice is stored in your browser's local storage. To change it later, clear your site data for fmslio.com and reload the page.

The product application itself (the platform FMS providers log in to) does not use marketing analytics — only this public marketing site does.

6. Data security

FMSLio applies industry-standard security controls: encryption in transit (TLS) and at rest, row-level security across tenant organizations, audit logging of privileged access, and least-privilege access controls for internal staff.

7. Your rights (California residents)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you may have rights to access, delete, correct, or limit the use of personal information about you. To exercise these rights, contact us at contact@fmslio.com. We will respond as required by applicable law.

8. Children's privacy

FMSLio is not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to this policy

We may update this policy from time to time. When we do, we'll update the Effective Date above and notify active customers via in-product notice or email.

10. Contact

Privacy questions: contact@fmslio.com.