Privacy — In Plain English

A simple explanation of how we handle your data. For the full legal policy, see our Privacy Policy.

What we store

Your email address (encrypted with AES-256)
Your uploaded bill image or PDF (encrypted, temporary)
Extracted billing data (procedure codes, amounts, provider info)
Analysis results and findings
Payment token (Stripe handles your card — we never see or store card numbers)

What we do NOT store

Your Social Security Number
Your date of birth
Clinical or medical notes
Insurance card details
Credit or debit card numbers (handled by Stripe, PCI-DSS Level 1)
Your patient name in structured form (processed transiently for analysis, not stored permanently)

What gets deleted and when

Bill images: auto-deleted if you do not create an account
Bill images with account, no case: deleted within 30 days
Case files after closure: deleted within 90 days
HIPAA authorization records: retained for 6 years (legal requirement)
Account data: deleted within 30 days of account closure (unless legally required)

What 'de-identified' means

We remove all 18 HIPAA-defined identifiers (names, dates, locations, SSN, etc.)
The resulting data cannot be traced back to you
We do not attempt to re-identify data, and downstream recipients are contractually prohibited from doing so
De-identified aggregate data may be used for benchmarking and research — this helps us improve accuracy for everyone

Do we sell your data?

No. Never. We do not sell personal information.
De-identified, aggregate benchmarking data (with all 18 identifiers removed) may be used for analytics and research
No advertising trackers or third-party analytics pixels on our site
Session cookies only — no tracking cookies

How to manage your data

Request access to your data at any time
Request deletion of your data at any time
Request correction of inaccurate information
Withdraw consent for non-essential processing
All requests processed within 30 days

Questions about your data? Contact us — select "HIPAA / Privacy Concern" as the subject.