Security & Compliance

The only thing more valuable than your money is your personal information. We work diligently and proactively to restrict any unauthorized access to your data. Here are some of the ways Lively keeps your information safe and secure.

Your Data is Secure

HIPAA Compliance

Lively is HIPAA compliant. We are required by law to keep your sensitive personal health information safe. This is not something we take lightly.

AES 256 Disk Encryption

Your data is encrypted at rest using the industrial strength AES-256 encryption standard. Your personal information is out of reach from unauthorized access.

Secure Data Handling, Transfer, and Storage

All sensitive information is encrypted while in transit and at rest using industry standard protocols and algorithms like TLS 1.2+ and AES-256. Passwords are run through cryptographically-sound one-way hash functions prior to being stored in our database.

Two-Factor Authentication (2FA)

To further protect your account, we provide access to two-factor authentication to help ensure only you have access to your personal information.

Data Security Architecture

All Lively web services are hosted within Amazon Web Services (AWS). Our system was architected so that our web application service resides in private subnets which are directly not accessible from the internet. All services have least-access and least-privilege principles applied to limit access to Lively staff and other services which Lively utilizes.

keymaster of gozer 2.0

Your Money is Safe

Bank Partner Choice Financial
Lively’s bank partner is Choice Financial, one of America’s 50 fastest-growing banks. They care about their customers as much as we do about ours. Your funds are sitting with Choice, not Lively.

Active Anti-Fraud Monitoring
Our team actively monitors our systems and all HSA and FSA accounts to spot issues before they develop. We have also deployed advanced protection against automated threats. Trust is at the center of our company philosophy.

PCI Compliance
Lively is compliant with the Payment Card Industry Data Security Standard (PCI DSS Level 1). This means your sensitive payment card information is safely stored with us. We undergo annual audits and work hard to keep our systems compliant with the latest standards so you can spend confidently.

Investments with Industry Leaders
Your HSA investment accounts are in good hands. Devenir has been at the forefront of HSA investments since HSAs came to market in 2004. TD Ameritrade provides investing and trading services for 11 million client accounts that total more than $1 trillion in assets. Your TD Ameritrade invested funds carry SIPC insurance.

FDIC Insured Accounts
Because your HSA cash balance is sitting with one of Lively's financial institution partners, your money is backed by FDIC or NCUA insurance* (up to the maximum amount permitted by FDIC or NCUA regulations).
*When you decide to invest with TD Ameritrade or Devenir, those funds are no longer with Choice Financial and are therefore not insured by the FDIC, are not deposits guaranteed by Choice Federal or Lively, and are subject to investment risks, including possible loss of the principal invested.

Employer Compliance

Section 125

Your Section 125 cafeteria plan will determine if you can make pre-tax benefits contributions for things like an HSA or FSA. Our customer success team helps you review your benefits to make sure you are up to speed.

Excess Contributions

Automated over-contribution monitoring ensures account holders are always aware of annual maximums based on any number of different criteria. This way, there are no surprises come tax time.


Lively eliminates the burden of having to keep up with constant regulatory changes placed on your risk management, marketing, and customer support departments. We do the heavy lifting and make sure you are always up to speed.

Expert Support

Things might still come up. No matter if it's a yearly contribution update, the last month rule, or an executive order, we can help. Our proprietary technology allows us to react quickly and get you back on track with ease. And our team is here to guide you and your employees through any changes.

welcome screen of lively platform

What you can do

Even with everything Lively does, it’s still important for you to take an active role in your online security. Here are a few simple ways you can help keep potential criminals at bay.
  • Never share your Lively username or password. If someone is managing your account on your behalf, you can always add them as an Authorized User.
  • Never give out your account number, debit card number, Social Security Number, or other sensitive information to solicitors or callers that you have not contacted.
  • Always use unique passwords for each of your online accounts. If you have trouble remembering them all, consider using a well-reviewed password manager.
  • Avoid logging into your Lively or email account on public computers. Consider downloading our mobile app so you can always access your account from a trusted device, even on the go.
  • Take advantage of enhanced account security by enabling two-factor authentication (2FA) on your Lively account.
  • Make sure an email actually came from Lively before you click on any hyperlinks. Consider bookmarking our sign-in page and only logging into your account from there.
  • Keep your devices and browsers up to date so you are protected against the latest bugs and vulnerabilities.
  • Check your account activities regularly to detect any fraudulent transactions as soon as possible. If you suspect your debit card has been lost or stolen, you can cancel it and request a replacement from your Lively dashboard.
  • If you feel that you have become a victim of suspicious activity, report the information to us immediately at 888-576-4837.