Privacy Policy
Effective July 2, 2026
This policy explains what ClaimGotDenied (“we”) collects when you use app.claimgotdenied.com, how we protect it, and the choices you have. Because you upload health insurance documents, we treat everything in them as sensitive. Questions: support@claimgotdenied.com.
What we collect
- Contact: the email address you provide, and (only if you request expert help) the name and phone number you give us.
- Your documents: the denial letter / Explanation of Benefits (and optional Summary of Benefits) you upload, which may include your name, date of birth, member and claim numbers, and information about your medical care.
- Extracted case details: the denial reason, service or drug involved, plan type, amounts, and deadline we read from your documents.
- Attribution & abuse prevention: the marketing source (UTM) you arrived from, and a one-way hashed version of your IP address used only to limit abuse. We do not store your raw IP address.
- Payment: processed by Stripe. We receive a confirmation and transaction reference only. We never see or store your card number.
How we protect health information
- Uploaded documents are encrypted with AES-256 before they are stored, with the key held separately from the database.
- Identifiers extracted from your documents (name, date of birth, member ID, claim and policy numbers) are stored only in encrypted form and are replaced with placeholders in our systems. When we generate your appeal letter with our AI provider, only the pseudonymized case details are sent. Your identifiers are re-inserted into the final PDF on our own servers.
- Uploads, generated documents, and extracted health data are automatically deleted 30 days after your case is created.
- You can delete them immediately at any time with the “Delete my data” button on your case page. This works right away, no email required.
We are a self-help document tool that works for you directly; we are not your health plan or healthcare provider, and we are not a HIPAA covered entity. We apply the safeguards above because your documents deserve them regardless.
How we use it
To produce your free denial analysis and, if you purchase, your appeal letter and evidence checklist; to email those documents to you; to operate your dashboard; to prevent abuse of the free analysis; and (only if you explicitly request expert help and give consent) to share your contact details and the general nature of your denial (never your uploaded documents) with a patient advocate or attorney.
Service providers
We share data only with the providers needed to run the service:
- Anthropic (Claude AI):reads your uploaded document to extract and classify your denial, and generates your appeal letter from pseudonymized case details. Anthropic does not use data submitted through its API to train its models.
- Supabase:database and private, access-controlled file storage.
- Stripe:payment processing.
- Resend:delivers your email.
- Vercel:application hosting.
We do not sell your personal information or share it for advertising.
How long we keep it
Uploaded files, generated documents, and encrypted health identifiers are automatically deleted 30 days after your case is created, and immediately if you use the delete button. We retain the bare case record (your email, case status, and payment reference) to enforce free-analysis limits and keep basic business records.
Your choices
You can delete your documents and health data yourself at any time from your case page. You may also request access to, correction of, or deletion of your personal information by emailing support@claimgotdenied.com. California residents have the right to know, delete, and not be discriminated against for exercising these rights; we do not sell personal information.
Cookies
The app uses an essential sign-in session cookie so you can stay logged in to your dashboard. It does not set advertising or cross-site tracking cookies.
Security
Data is transmitted over encrypted connections, medical uploads are encrypted at the application level before storage, and files live in private storage with access controls. No method of transmission or storage is completely secure, but we take strong measures to protect your information.
Children
This service is not directed to anyone under 18, and we do not knowingly collect their data.
Changes
We may update this policy; the effective date above will change when we do. Material changes will be reflected here.
Contact
ClaimGotDenied · support@claimgotdenied.com