BillDecoder LogoBillDecoder

Privacy Policy

Effective Date: December 16, 2025

Your Privacy is Our Priority

At BillDecoder, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information, including Protected Health Information (PHI), in compliance with HIPAA and other applicable privacy laws.

1. Information We Collect

Personal Information

We collect personal information that you provide directly to us, including:

  • Name, email address, and phone number
  • Billing and payment information
  • Account credentials (username and password)
  • Communication preferences

Protected Health Information (PHI)

When you use our medical bill analysis services, we may collect PHI, including:

  • Medical bills, invoices, and statements
  • Explanation of Benefits (EOB) documents
  • Insurance policy information
  • Healthcare provider names and billing codes
  • Dates of service and treatment descriptions
  • Any other health information contained in documents you upload

Note: PHI is subject to special protections under HIPAA. Please review our HIPAA Notice of Privacy Practices for detailed information about how we handle your PHI.

Automatically Collected Information

We automatically collect certain information when you visit our website:

  • IP address and device information
  • Browser type and operating system
  • Pages visited and time spent on our site
  • Referring website and search terms
  • Cookies and similar tracking technologies

2. How We Use Your Information

Service Delivery

We use your information to:

  • Provide, maintain, and improve our medical bill analysis services
  • Analyze medical bills to help identify potential billing issues
  • Generate educational appeal letter templates
  • Process payments and manage your subscription
  • Provide customer support and respond to your inquiries

Communication

We may use your contact information to:

  • Send you account-related notifications and updates
  • Respond to your questions and support requests
  • Send marketing communications (with your consent, where required)
  • Notify you of changes to our services or policies

Service Improvement and Research

We may use de-identified or aggregated data to:

  • Improve our AI algorithms and analysis accuracy
  • Conduct research on healthcare billing trends
  • Develop new features and services
  • Generate statistical reports and analytics

Important: We only use de-identified data (with all personal identifiers removed) for AI training and research purposes. Your PHI is never used for these purposes without proper de-identification.

Legal Compliance

We may use your information to:

  • Comply with applicable laws, regulations, and legal processes
  • Enforce our Terms of Service and other agreements
  • Protect our rights, property, and safety
  • Prevent fraud and abuse

3. Data Security and HIPAA Compliance

We implement comprehensive security measures to protect your personal information and PHI:

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Access Controls

Strict role-based access controls limit PHI access to authorized personnel only.

Audit Logging

Comprehensive audit logs track all access to and modifications of PHI.

Regular Assessments

Periodic security assessments and penetration testing ensure ongoing protection.

Employee Training

All employees undergo annual HIPAA compliance and security awareness training.

Business Associates

All third-party vendors sign Business Associate Agreements (BAAs) to ensure HIPAA compliance.

For more details about our HIPAA compliance practices, please review our HIPAA Notice of Privacy Practices.

4. Sharing of Information

We Never Sell Your Data

BillDecoder does not and will never sell, rent, or trade your personal information or PHI to third parties for their marketing purposes.

We may share your information only in the following limited circumstances:

Service Providers (Business Associates)

We may share your information with trusted third-party service providers who assist us in operating our services, including:

  • Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud)
  • Payment processors (e.g., Stripe)
  • Email and communication platforms
  • Customer support tools
  • Analytics and monitoring services

All service providers that handle PHI are required to sign Business Associate Agreements (BAAs) and comply with HIPAA regulations.

Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal process (subpoenas, court orders, search warrants)
  • Government or regulatory requests
  • Legal obligations under HIPAA or other healthcare laws
  • Efforts to prevent fraud, abuse, or illegal activity

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and ensure the new entity continues to protect your information in accordance with this Privacy Policy and HIPAA requirements.

With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

5. Your Privacy Rights

You have important rights regarding your personal information and PHI:

Right to Access

You have the right to access and receive a copy of your personal information and PHI that we maintain.

Right to Correct

You have the right to request correction of inaccurate or incomplete personal information.

Right to Delete

You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., records we are required to retain for compliance purposes).

Right to Restrict Processing

You have the right to request restrictions on how we use or disclose your PHI.

Right to Data Portability

You have the right to receive your personal information in a structured, commonly used format and to transmit it to another service provider.

Right to Opt-Out of Marketing

You have the right to opt out of receiving marketing communications from us at any time by clicking "unsubscribe" in our emails or contacting us directly.

Right to Breach Notification

You have the right to be notified promptly in the event of a breach of your unsecured PHI.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

6. Data Retention

We retain your personal information and PHI for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations (e.g., HIPAA requires us to retain certain records for at least 6 years)
  • Resolve disputes and enforce our agreements
  • Fulfill the purposes described in this Privacy Policy

When we no longer need your information, we securely delete or de-identify it in accordance with our data retention policies and applicable laws.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website. You can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of our service.

We use the following types of cookies:

  • Essential Cookies: Required for the website to function properly
  • Analytics Cookies: Help us understand how visitors use our website
  • Preference Cookies: Remember your settings and preferences

8. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will promptly delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your information remains protected in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page with an updated effective date
  • Sending you an email notification (if you have provided an email address)

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

BillDecoder Privacy Officer

Email: [email protected]

Address: 2810 N Church St #488173, Wilmington, Delaware 19802

For HIPAA-related inquiries, please review our HIPAA Notice of Privacy Practices or contact our Privacy Officer.