Legal

Privacy Policy

Last updated: May 19, 2026

The Short Version

  • We don't store your medical bills. They're sent to our AI provider for analysis and then discarded.
  • Our AI provider (Google Gemini, paid tier) is contractually prohibited from using your inputs to train models.
  • Your full report is returned encrypted to your browser. We release the decryption key only after your payment is confirmed, and we don't keep a readable copy on our servers.
  • All traffic is encrypted in transit (TLS).
  • We do not sell or share your personal information as those terms are defined under the California Consumer Privacy Act. We have no advertising partners and no behavioral-advertising integrations.
  • If you are in Washington state, see our Consumer Health Data Privacy Policy for additional rights under the My Health My Data Act.

1. What We Collect

Bill files you upload. Forwarded to Google Gemini (paid API tier) over a TLS-encrypted connection for analysis. We process your bill in memory only — we don't write it to disk, to a database, or to long-term storage, and we don't forward it anywhere else.

Analysis results. The structured AI output (summary, itemized charges, dispute letter form templates, and so on) is returned to your browser. The free preliminary audit (summary and totals) is in plaintext; the full report is encrypted with a per-analysis key derived from a server-side secret. We release that key only after confirming your payment (or that you hold an active subscription). We do not persist a readable copy of your report on our servers.

Subscription access state. If you purchase a Family Plan or Pro Plan, we keep a numeric remaining-uses counter in our Upstash Redis store, keyed to your Stripe customer ID. The counter resets each billing cycle and is cleared when the subscription is canceled. This counter contains no bill or report content — just a number.

Subscription consent records. When you start a subscription, we record the date, IP address (hashed), user-agent (hashed), the version of the disclosure shown to you, the consent text you agreed to, and the plan and price. Required by California Business & Professions Code §17600 et seq. Retained for 3 years or 1 year after termination, whichever is longer.

Email-a-letter (subscribers only). If you click “Email this letter” on your results, the letter text passes through our server once (to our email provider, Resend, and on to the recipient inbox you specify). We do not save a copy of the letter on our servers. Logs record only the fact that a send happened, plus error class names if one fails — never the letter contents.

Full-report email with PDF (after Single Bill payment). When you complete a Single Bill purchase, we automatically email a copy of your full report to the email address you used at Stripe checkout, with a branded PDF version attached. The PDF is generated in memory on our server during the email send (no separate storage), passes through Resend along with the rest of the email, and is discarded as soon as the send completes. We do not retain the report or the PDF. You can also click “Email me my report” on the results screen to send it to a different address — same flow, same posture.

Payment data. Payments are handled by Stripe. We do not receive or store your card number. We receive a confirmation that a session was paid, plus a reference ID tied to your analysis.

Basic usage data. Standard web-server logs (IP, user agent, timestamps, route paths) and cookieless aggregate analytics via Vercel Web Analytics — no persistent visitor identifier, no cross-site tracking, no advertising use. We do not log bill contents, AI prompts, or AI responses.

2. How We Use It

  • To deliver the analysis and dispute-letter form templates back to you.
  • To process your payment and unlock the full report.
  • To detect and prevent abuse or fraud.
  • To maintain compliance records (subscription consent, opt-outs, deletion requests).
  • To improve the product (in aggregate, never using bill contents).

We do not use your information for advertising, profiling for behavioral advertising, training AI models, building data products, or any purpose beyond the requested service.

3. Sensitive Personal Information

The contents of medical bills you upload are “sensitive personal information” under the California Consumer Privacy Act because they concern your health. We collect this information for the sole purpose of providing the audit service you requested. We do not use it for any other purpose, do not sell or share it, and do not retain it after analysis. California consumers have the right to limit our use of sensitive personal information; because our use is already limited to the requested service, no further limitation is needed for our processing.

4. Third-Party Processors

  • Google LLC (Gemini paid tier). AI analysis. Input is not used to train models per Google's paid-tier terms. Brief retention for abuse monitoring per Google's service terms.
  • Stripe, Inc. Payment processing and subscription billing. Governed by Stripe's privacy policy.
  • Vercel, Inc. Hosting and edge network for this website. Also provides Vercel Web Analytics (cookieless): receives event timestamp, URL and dynamic route path, referrer, filtered query parameters, country/region (no city, no IP), device type, OS, and browser. Visitor identifiers are short-lived hashes discarded after 24 hours. No cross-site tracking; no advertising use.
  • Cloudflare, Inc. Bot protection (Turnstile) and edge network. Turnstile may run an invisible challenge in your browser to verify you are human; it collects environmental data points and behavioral signals to make that determination, but does not receive your bill contents. The data it collects and how it is handled are described in Cloudflare’s Turnstile Privacy Addendum and Privacy Policy.
  • Upstash, Inc. Managed Redis. Stores rate-limit counters, subscription remaining-uses counters (keyed to Stripe customer ID), and subscription-consent records. No bill or report contents.
  • Resend, Inc. Transactional email (welcome, renewal notice, email-this-letter, full-report email with PDF attachment). Recipient address, message contents, and any attached PDF pass through Resend; we do not retain copies on our servers.
  • Functional Software, Inc. (Sentry). Error monitoring. Receives error class names and stack traces; we explicitly scrub bill content, AI prompts, and AI responses before transmission. Session replay is not enabled.

5. Cookies and Tracking

We use a small number of first-party cookies needed for subscription authentication and bot protection. We do not use advertising or tracking pixels and do not embed third-party advertising networks. Full inventory at our Cookie Policy. We honor the Global Privacy Control (GPC) signal: when your browser sends Sec-GPC: 1, we will not set non-essential cookies and will treat the request as an opt-out of any future cross-context sharing if applicable.

6. HIPAA

MediBill Saver operates as a direct-to-consumer self-help software tool. When you upload your own bill as an individual, you are not acting as a HIPAA-covered entity, and the upload is not a HIPAA-regulated disclosure from your perspective. We are not a HIPAA covered entity, business associate, or subcontractor within the meaning of 45 CFR §160.103, and we do not enter into business associate agreements. The Service is not intended for use by, and shall not be used by, any covered entity or business associate to perform a function on behalf of such entity. Our security practices (TLS-encrypted transit, no server-side storage of bill contents, no-training contractual terms with our AI provider) reflect our internal standards regardless of HIPAA applicability.

7. Health Breach Notification

If we discover unauthorized acquisition or disclosure of your data, we will notify you without unreasonable delay and within the timeframes required by the FTC Health Breach Notification Rule (16 CFR Part 318), the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD), the California breach notification statute (Civ. Code §1798.82), the Washington Data Breach Notification Law (RCW 19.255), and any other applicable state laws.

8. Your Rights

Your analyses live in your browser's local storage — you can delete them at any time by clearing site data for this domain. Your Stripe customer record and payment history are retained per our payment processor's requirements. Subscription remaining-uses counters are cleared when the subscription is canceled or ends.

Depending on where you live, you may have additional rights under California CCPA/CPRA, Washington MHMDA, Nevada SB 370, Connecticut SB 3, or similar laws — including the right to know what we have on file, the right to delete, the right to correct, and the right to opt out of certain processing. Washington residents should also see our Consumer Health Data Privacy Policy.

To exercise any right, email privacy@medibillsaver.com. We will respond within 45 days. We may require reasonable verification of your identity (such as a match against the email on file with your purchase) before processing the request.

9. Geographic Scope

The Service is offered to consumers physically located in the United States. We do not target users in the European Economic Area, the United Kingdom, or other jurisdictions outside the United States, and pricing is shown in U.S. dollars only.

10. Children

The Service is not intended for users under 18. Do not upload bills on behalf of minors without parental consent, and do not use the Service if you are under 18. We do not knowingly collect personal information from children under 13.

11. Changes

We may update this policy. Material changes will be reflected on this page with a new "Last updated" date.

12. Contact

Privacy questions, data subject requests, or breach reports:

privacy@medibillsaver.com
LootCastPuff LLC
980 Broadway, #550
Thornwood, NY 10594