Privacy Policy

Last Updated: February 13, 2026

This Privacy Policy describes how Medical Bill ("Medical Bill," "we," "us," or "our") collects, uses, discloses, and protects information about you when you use the Medical Bill mobile application, website, and related services (collectively, the "Service").

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service. This Privacy Policy is incorporated into our Terms of Service.

1. Who We Are & What We Do

Medical Bill is a consumer service that helps users:

  • Upload medical bills, insurance cards, and related documents;
  • Use AI-assisted tools to analyze those bills and identify potential billing and insurance errors; and
  • Generate and, with your authorization, submit appeals or disputes to insurers and providers on your behalf via fax, mail, or other channels.

To do this, we necessarily process sensitive information, including Protected Health Information ("PHI") under U.S. law. We take that responsibility seriously and implement safeguards described below.

2. Information We Collect

We collect information in three main ways: information you provide directly, information collected automatically, and information received from third parties.

2.1 Information You Provide Directly

Account & Contact Information

  • Name, email address, phone number, mailing address
  • Authentication information (e.g., Apple ID credentials via Sign in with Apple)

Medical Billing & Insurance Information (PHI)

  • Images/PDFs of medical bills, statements, and itemized charges
  • Images of insurance cards (front/back) and plan documents
  • Explanation of Benefits (EOBs)
  • Claim numbers, account numbers, and billing reference numbers
  • Dates of service, provider names, facility names, and locations
  • Diagnostic (ICD) codes, procedure (CPT/HCPCS) codes, and other medical billing codes
  • Information about amounts billed, paid, adjusted, and owed

Insurance Card Information

  • Member ID and group number
  • Plan name and insurance provider
  • Policyholder name
  • Coverage details and effective dates

Demographic & Identity Information

  • Date of birth
  • Patient's name (if different from subscriber)
  • Relationship to patient (self, spouse, child, etc.)

Appeal & Authorization Information

  • Authorized Representative forms (AOR)
  • HIPAA authorization forms
  • E-Sign consent
  • Any additional statements or explanations you provide in connection with a dispute

Payment & Subscription Information

  • Subscription plan and status
  • Transaction IDs (handled by Apple In-App Purchase; we do not collect credit card numbers)

Support & Communication

  • Messages and emails you send to us
  • Feedback, feature requests, or survey responses

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Device information: Device model, operating system version, app version, unique device identifiers
  • Log data: IP address, access times, pages/screens viewed, crash logs and error reports
  • Location information: Approximate location (city/region level) based on IP address to customize service availability and comply with regional healthcare regulations. We do NOT collect precise GPS location.
  • Usage analytics: How you interact with features, session duration, and app performance metrics

We collect this information using mobile SDKs including Firebase Analytics and Firebase Crashlytics.

2.3 Camera & Photo Library Access

We access your device camera and photo library only when you choose to scan or upload a medical bill or insurance card. Images captured or selected are used solely for document analysis and generating appeal letters. We do not access your camera or photos for any other purpose.

2.4 Information from Third Parties

We may receive information about you from:

  • Fax or mail APIs that handle inbound/outbound communications for your cases
  • Insurers or providers, when they send responses or records to us as your authorized representative
  • Apple App Store related to purchases and subscriptions

3. How We Use Your Information

3.1 To Provide and Operate the Service

  • Create and manage your account
  • Process and analyze uploaded bills, insurance cards, and EOBs using AI
  • Extract billing data, insurance information, and provider contact details
  • Identify potential billing/insurance errors and estimate potential savings
  • Generate appeal, grievance, or dispute documents ("Packets")
  • Look up publicly available contact information (fax numbers, addresses) for healthcare providers and insurers
  • With your authorization, submit those Packets to insurers or providers and track responses
  • Provide customer support and respond to your requests

3.2 To Communicate with You

  • Send service-related notifications (e.g., claim status updates, appeal decisions)
  • Send security alerts (suspicious login, changes to your account)
  • Respond to support inquiries

3.3 To Maintain Security and Prevent Abuse

  • Detect and prevent fraud or misuse of the Service
  • Protect the security and integrity of our systems and users' data
  • Enforce our Terms of Service

3.4 To Improve and Develop the Service

  • Analyze usage patterns to understand how users interact with features
  • Debug, troubleshoot, and optimize performance
  • Improve AI accuracy (using de-identified and/or aggregated data whenever possible)

3.5 To Comply with Legal Obligations

  • Maintain records required under HIPAA and other laws
  • Respond to lawful requests from regulators or law enforcement
  • Satisfy tax, accounting, audit, and corporate compliance requirements

We do not sell your PHI or personal information.

4. Legal Bases

Where applicable (e.g., under CCPA/CPRA or similar laws), we may rely on:

  • Your consent (e.g., for certain authorizations and electronic signatures)
  • Performance of a contract (providing the Service you requested)
  • Legitimate interests (improving and securing the Service, preventing fraud)
  • Compliance with legal obligations (HIPAA, breach notification, etc.)

5. How We Share Your Information

5.1 Insurers, Providers, and Billing Entities (With Your Authorization)

When you authorize us to act as your representative, we may share PHI and related information with health insurance companies, hospitals, clinics, physicians, and billing companies. We share only what is reasonably necessary to pursue your appeal, dispute, or request.

5.2 Service Providers & Subprocessors

We use trusted third parties to help us operate the Service. These providers are contractually required to protect your information. Where PHI is involved, we enter into Business Associate Agreements (BAAs) as required by HIPAA. See Sections 6 and 7 for details on specific service providers.

5.3 Business Transfers

If Medical Bill is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to confidentiality obligations and applicable law.

5.4 Legal and Safety

We may disclose information if we believe in good faith that disclosure is reasonably necessary to comply with applicable laws, respond to valid government requests, protect rights, property, or safety, or investigate and mitigate fraudulent or malicious activity.

6. Third-Party AI Services (OpenAI)

To provide our bill auditing and insurance verification services, we use OpenAI's API to analyze your medical documents.

6.1 What Data is Sent to OpenAI

When you upload a medical bill or insurance card, the following data is sent to OpenAI for processing:

  • Medical bill images or PDF files you upload
  • Insurance card images (front and back)
  • Extracted and analyzed information including:
    • Bill details: charges, procedure/diagnosis codes, dates of service, provider names, facility information
    • Insurance details: member ID, group number, plan name, policyholder name, coverage information
    • Provider contact information: publicly available fax numbers, addresses, and phone numbers

6.2 Purpose of Data Sharing

We send this data to OpenAI to:

  • Analyze medical bills for potential billing errors, overcharges, and compliance issues
  • Extract insurance information from your insurance card
  • Generate personalized appeal letters on your behalf
  • Look up publicly available contact information for healthcare providers and insurers

6.3 How OpenAI Handles Your Data

  • OpenAI processes data under a HIPAA-compliant Business Associate Agreement (BAA)
  • OpenAI does NOT use your data to train or improve their AI models
  • Data is encrypted in transit (TLS) and at rest
  • OpenAI retains API inputs for up to 30 days for abuse and misuse monitoring, then automatically deletes them

For more information, see OpenAI's Privacy Policy and Enterprise Privacy.

6.4 Your Consent

Before uploading any documents, you will be asked to consent to this data sharing. You may decline, but this will prevent us from analyzing your bills.

7. Other Third-Party Services

We use the following additional third-party services to operate the app:

Service Data Collected Purpose
Apple Sign In Apple ID, email address, name (if shared) Account authentication
Apple In-App Purchase Transaction ID, subscription status Payment processing and subscription management
Firebase Analytics Device info, app usage patterns, session data App improvement and understanding user behavior
Firebase Crashlytics Crash reports, device model, OS version, stack traces Bug fixing and app stability
Fax/Mail APIs Appeal documents, recipient fax numbers/addresses Sending appeals to insurers and providers

Each of these service providers is contractually obligated to protect your data and use it only for the purposes described.

8. Cookies, SDKs, and Tracking Technologies

We and our service providers may use cookies, mobile SDKs, and similar technologies to remember your preferences, keep you logged in, measure app usage and performance, and diagnose technical issues.

On mobile, you can often control certain tracking permissions through your device settings (Settings > Privacy). Some features may not function properly without certain SDKs enabled.

9. Data Retention

We retain your information for as long as reasonably necessary to:

  • Provide the Service and manage your account
  • Maintain accurate records of appeals and communications carried out on your behalf
  • Comply with legal, regulatory, and contractual obligations (including HIPAA record-retention rules)
  • Resolve disputes and enforce our agreements

When information is no longer needed, we may delete it or anonymize it so it can no longer reasonably identify you. If you request deletion of your account, we will delete or de-identify your information subject to our legal compliance obligations.

10. Data Security

We implement a combination of administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption of data in transit using TLS 1.3
  • Encryption of data at rest using AES-256
  • Role-based access controls and least-privilege principles
  • Audit logs for administrative access to PHI
  • Employee training on privacy and security practices

Despite our efforts, no system can be completely secure. We cannot guarantee absolute security of information transmitted to or stored by the Service.

If we discover a breach of unsecured PHI, we will notify affected individuals and relevant authorities as required by HIPAA and other applicable laws.

11. Your Choices & Rights

11.1 Account-Level Controls

Within the app, you may update profile details, upload or remove documents, adjust notification preferences, cancel your subscription, and request account deletion.

11.2 HIPAA-Related Rights

To the extent Medical Bill holds PHI directly for you as a consumer, you may:

  • Request access to your PHI processed by the Service
  • Request corrections of inaccurate PHI we maintain
  • Request an accounting of certain disclosures of your PHI

We may require verification of your identity before responding.

11.3 Rights Under State Privacy Laws (e.g., CCPA/CPRA)

If you are a resident of a state with a comprehensive privacy law (such as California), you may have additional rights including the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right to non-discrimination for exercising your privacy rights.

To submit a request, contact us at support@medicalbill.pro.

We do not sell your personal information.

12. Children's Privacy

The Service is not intended for children under 13 and we do not knowingly collect personal information directly from children under 13. Parents or legal guardians may submit information about a child as part of a medical bill, but the account holder must be an adult.

If you believe we have collected information directly from a child under 13, please contact us at support@medicalbill.pro.

13. International Users

Medical Bill is intended for use by individuals located in the United States in connection with U.S. healthcare bills and insurance. If you access the Service from outside the U.S., you understand that your information may be processed and stored in the United States.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top. Your continued use of the Service after any changes become effective constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, you may contact us at:

Email: support@medicalbill.pro