Privacy & Security

Our Commitment to Your Privacy

At FairHealthCheck, we understand that your medical information is sensitive and personal. We are committed to protecting your privacy and ensuring the security of your data.

This Privacy & Security Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using FairHealthCheck, you agree to the collection and use of information in accordance with this policy.

This Service is intended for users in the United States and is operated in accordance with applicable U.S. laws and regulations.

Last Updated: January 2025

Information We Collect

Personal Information

When you create an account or use our services, we may collect:

• Account Information: Name, email address, phone number, and date of birth
• Medical Bill Data: Uploaded medical bills, CPT/HCPCS codes, charges, and related information
• Usage Data: Information about how you interact with our website and services
• Device Information: IP address, browser type, device identifiers, and operating system

Automatically Collected Information

We automatically collect certain information when you visit our website, including:

• Log data (pages visited, time spent, click patterns)
• Cookies and similar tracking technologies
• Error reports and performance data

How We Use Your Information

We use the information we collect to:

• Provide Our Services: Process your medical bills, compare charges, and generate analysis reports
• Improve Our Platform: Enhance functionality, fix bugs, and develop new features
• Communicate With You: Send service updates, respond to inquiries, and provide customer support
• Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
• Comply With Legal Obligations: Meet regulatory requirements and respond to legal requests

We limit the collection and use of personal and health-related information to what is necessary to provide the Service and to fulfill the purposes described in this policy.

Data Security

We implement industry-standard security measures to protect your information:

While we use industry-standard safeguards, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Data Sharing and Disclosure

We may share your information as described below (including with service providers that help us operate the service).

We only share personal and health-related information when necessary to operate the Service, when required by law, or when you explicitly authorize such sharing.

• Cloud hosting & infrastructure providers (continuous): We may continuously process and store data with cloud hosting providers (e.g., AWS or similar providers) to run our website and services.
• Database & storage providers (continuous): We may continuously store user account data and billing data in secure database/storage services (e.g., Snowflake or similar providers).
• Payment processing providers (continuous while you pay): If you make a payment, we may share payment details with our payment processor (e.g., Stripe) to process the transaction and manage billing.
• Analytics & advertising providers (continuous/measurement): We may use measurement and conversion tools (e.g., Google Tag Manager / Google Ads conversion measurement) to understand how visitors use the service and to measure performance of marketing campaigns. We do not sell your medical bill data for marketing purposes.
• Security, logging & monitoring providers (continuous): We may share limited operational telemetry (e.g., error logs and security events) with vendors that help us monitor and protect the service.
• Legal requirements: When required by law, court order, or government regulation.
• Protection of rights: To protect our rights, property, or safety, or that of our users.
• Business transfers: In connection with a merger, acquisition, or sale of assets (with notice to users).
• With your consent: When you explicitly authorize us to share your information.

We do not share your medical bill data with:

• Advertising networks for the purpose of selling medical bill data.
• Data brokers for medical-data aggregation.
• Hospitals or providers for billing disputes unless you explicitly request an action that requires that sharing.

Service providers are contractually required to implement appropriate technical and organizational safeguards, limit use of data to specified purposes, and protect personal and health-related information in accordance with applicable laws and industry standards.

Your Rights and Choices

You have the following rights regarding your personal information:

To exercise these rights, please contact us at support@fairhealthcheck.com or through your account settings.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for the website to function properly (authentication, security)
• Analytics Cookies: Help us understand how visitors use our website (anonymized data)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website.

Medicare (Blue Button API) Data

If you choose to connect your Medicare account, we use the Blue Button API to securely retrieve Medicare claim-related information needed to compare against your uploaded bill and to generate Medicare insights and a negotiation letter.

• What we access: Medicare claims/Explanation of Benefits (EOB) data necessary for comparison.
• How we access: Via OAuth using your active opt-in (see the Medicare connection consent step in the app).
• How we use it: To build the on-page comparison and to include a Medicare comparison section in your downloadable letter.
• Persistent vs. one-time collection: We do not continuously retrieve Medicare data in the background. We retrieve claim data when you request a comparison. While your connection is active, we may refresh OAuth authorization tokens to keep the connection functional.
• No continuous monitoring: We do not monitor your Medicare account continuously or access Medicare data without your action or authorization.
• Sharing: We do not sell Medicare data or use Medicare data for advertising or marketing purposes. We only share Medicare data with service providers who help us operate the service (e.g., hosting, logging, payment processing) and only as necessary.
• De-identified data & re-identification risk: Where we use de-identified or aggregated analytics, we still treat the underlying information as sensitive and apply safeguards. However, small residual risk of re-identification may exist, especially if datasets are combined.

Data Retention and Deletion

We retain your uploaded bill information and any Medicare data we retrieve for as long as needed to provide the service features you use, to maintain security and integrity, and to comply with legal obligations.

• Account data: Stored while your account is active; retained for backups and safety checks according to our security policies.
• Medicare connection artifacts: OAuth tokens and related connection records may be stored securely to keep connections functional (token refresh depends on the OAuth provider rules).
• Your request: If you request deletion, we will take reasonable steps to delete or de-identify data, except where retention is required by law or for security/audit purposes. Backups may retain deleted data for a limited period (e.g., up to 30 days) while deletions propagate. Security and audit logs may be retained for a limited period (e.g., up to 90 days) for incident response and compliance.

Revoking Access to Retrieve Your Data

If you disconnect Medicare from your account (or request account deletion), we will stop requesting new Medicare data. We will also revoke use of any stored Medicare tokens where possible.

You can disconnect Medicare at any time from your Account page by clicking Disconnect Medicare.

• Stop future retrieval: We stop using your Medicare authorization to retrieve new EOB/claim data.
• Previously retrieved data: Medicare data previously retrieved may be retained only as needed to support existing bills, comparisons, and negotiation artifacts you already generated, and for security/legal/audit purposes.
• Secure deletion timelines: Deleted records may remain in backups temporarily (e.g., up to 30 days), and limited security/audit logs may be retained for incident response (e.g., up to 90 days).

Changes to this Policy

We may update this Privacy & Security Policy from time to time. If we make material changes, we will notify users by:

• Email: to the email address associated with your account.
• In-app notice: a banner when you visit the service.
• Website notice: posting the updated policy on this page with an updated “Last Updated” date.

You can respond to policy changes by reviewing your privacy settings and, if you no longer want Medicare data to be used, disconnect Medicare by requesting account deletion or contacting support so we can stop using the Blue Button authorization for you.

Dormant or Closed Accounts

If an account becomes dormant or is closed, we may retain certain records for a reasonable period to support security, fraud prevention, and legal obligations. After that period, we will delete or de-identify data where legally permitted.

Security Incidents and Breach Notifications

We use industry-standard safeguards to protect personal and health-related information. If we suffer a security incident involving personal health information, we will notify affected users as required by applicable law (including the FTC’s Health Breach Notification Rule where applicable), and we will provide steps you can take to protect yourself.

Company Sale or Transfer

If our company is sold, merged, or otherwise transferred, your information may be transferred as part of that transaction. If we expect that your data practices will change materially, we will provide notice and describe the choices available to you.