Privacy Policy
Last updated: April 17, 2026
The short version: We collect only what we need to scan your bill. We don't store your bills permanently. We never sell your data. Ever.
Our Privacy Philosophy
We know your medical bills contain sensitive information. That's why we designed Bill Bodyguard to collect as little data as possible and keep nothing longer than necessary. This policy explains exactly what we collect, why, and what happens to it.
What Data We Collect
| Data Type | Purpose | Retention |
|---|---|---|
| Uploaded bill images/PDFs | AI analysis for overcharges | Deleted after analysis |
| Optional patient info you enter | Personalize dispute letters | Deleted after analysis |
| Payment information | Process Dispute Pack purchases | Handled entirely by Stripe |
| Usage analytics | Improve the service | Anonymized, aggregated |
| Device/browser info | Technical functionality | Session-based |
How We Use Your Data
Your data is used for one purpose: analyzing your bill for potential overcharges. Specifically:
- Your uploaded bill is sent to our AI system for analysis
- The AI identifies potential issues like upcoding, unbundling, facility fees, supply markups, and duplicate charges
- If you purchase a Dispute Pack, we generate customized letters based on the findings
- After your session is complete, your bill data is deleted
Data Retention: Bills Are Not Stored
This is important, so we'll be direct: Bill Bodyguard does not permanently store your medical bills. Uploaded bills are processed in real-time and deleted after analysis is complete. We don't keep copies. We don't build a database of your health information.
If you purchase a Dispute Pack, the generated documents are delivered to you immediately. We do not retain copies of dispute letters after delivery.
Third-Party Services
Anthropic (Claude AI)
We use Claude, built by Anthropic, to power our bill analysis. When you upload a bill, the content is sent to Anthropic's API for processing. Anthropic's use of this data is governed by their data policies. Anthropic does not use API inputs to train their models.
Stripe (Payments)
Payment processing is handled entirely by Stripe. We never see or store your full credit card number. Stripe is PCI DSS Level 1 certified, the highest level of payment security. See Stripe's Privacy Policy.
Analytics
We use minimal, privacy-respecting analytics to understand how people use Bill Bodyguard so we can improve it. This data is anonymized and aggregated. We do not track you across other websites.
We Never Sell Your Data
Bill Bodyguard will never sell, rent, or trade your personal information or health data to anyone. Period. This isn't just a policy — it's a core principle of who we are.
Cookies
We use minimal cookies strictly for:
- Essential functionality: Session management and security
- Analytics: Anonymous usage data to improve the service
We do not use advertising cookies or tracking pixels. We do not participate in ad networks.
Data Security
We take the security of your information seriously:
- Encryption in transit: All data is encrypted using TLS/SSL during transmission
- Secure API communication: Connections to Anthropic and Stripe use encrypted channels
- No permanent storage: The best way to protect data is to not keep it
- Access controls: Strict internal access policies for any systems that handle data
- Regular security reviews: We continuously evaluate and improve our security practices
Children's Privacy
Bill Bodyguard is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has used our Service, please contact us and we will take steps to delete any associated data.
A Note About HIPAA
Bill Bodyguard is not a covered entity under HIPAA (the Health Insurance Portability and Accountability Act). We are not a healthcare provider, health plan, or healthcare clearinghouse.
That said, we recognize that medical bills contain sensitive health information, and we treat that data with the seriousness it deserves. Our practices — minimal collection, no permanent storage, encryption, and no data sales — reflect our commitment to protecting your health data even beyond what may be legally required of us.
Your Rights
All Users
You have the right to:
- Know what data we've collected about you
- Request deletion of any data we may hold
- Opt out of analytics cookies
- Contact us with privacy concerns
California Residents (CCPA)
If you're a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know, delete, and opt out of the sale of personal information. Since we never sell personal information, the right to opt-out is already satisfied. To exercise other rights, contact us at Prasanthi@PrasanthiBallada.com.
EU/EEA Residents (GDPR)
If you're located in the European Union or European Economic Area, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and objection. Because medical bills can contain special-category health data, our legal basis for processing is your explicit consent when you choose to upload a bill (GDPR Article 9(2)(a)). You can withdraw consent at any time by closing the session — since we do not retain bill content after analysis, withdrawal is effectively immediate. Contact Prasanthi@PrasanthiBallada.com to exercise your rights.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date and, for material changes, make reasonable efforts to notify users through the Service.
Contact Us
Questions about your privacy? We're here to help.
Bill Bodyguard
Austin, TX
Prasanthi@PrasanthiBallada.com
billbodyguard.com