Legal
Privacy Policy
Effective date: May 10, 2026 · Contact: claimsage@polsia.app
Your health data matters. ClaimSage processes sensitive insurance documents. This policy explains exactly what we collect, how we use it, and how we protect it. We do not sell your personal information or health data to anyone.
1. Information We Collect
ClaimSage collects only what is necessary to deliver the service. This includes:
- Documents you upload — EOB images, insurance documents, and text you paste into our tools. These may contain Protected Health Information (PHI) such as patient names, provider names, diagnosis codes, procedure codes, and billing amounts.
- Email address — if you provide your email to access gated features (denial explanations, appeal letters, detailed benefit breakdowns). Stored in our
leads table.
- Usage data — anonymized tool usage events (which tool was used, timestamps). No personally identifiable information is stored in usage analytics.
- Technical data — standard server logs including IP address, browser type, and request timestamps. These are retained for security and debugging purposes only.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Delivering the service — processing your documents through AI models to extract claim data, generate summaries, draft appeal letters, explain benefits, and estimate costs.
- Improving accuracy — aggregated, de-identified usage patterns help us improve our AI models and user experience. Individual documents are never used for model training.
- Communication — if you provide your email, we may send a one-time welcome message. We do not send marketing emails without your explicit consent.
- Security and abuse prevention — monitoring for unauthorized access, misuse, or attacks on the platform.
3. Health Information & HIPAA Awareness
ClaimSage is an educational tool, not a covered entity or business associate under HIPAA. However, we recognize that users upload sensitive health insurance documents and we treat that data with care:
- Documents are processed, not stored permanently. Uploaded images are processed by our AI pipeline to extract text and generate analysis. The structured results (provider, amounts, denial codes, summary) are stored in our database so you can view them. Original uploaded images are stored in encrypted cloud storage.
- We do not share your health data. Your EOB data, appeal letters, and insurance information are never sold, shared with advertisers, or provided to third parties for marketing purposes.
- AI processing — documents are processed through AI models hosted by our infrastructure partners (Anthropic, OpenAI). These providers process data according to their enterprise data policies and do not use your inputs for model training.
- Encryption — data is encrypted in transit (TLS/HTTPS) and at rest in our database and storage systems.
4. Data Storage & Retention
- EOB analyses — stored in our database for your reference. Includes extracted claim data and AI-generated summaries.
- Appeal letters — stored in our database linked to the EOB analysis that generated them.
- Uploaded images — stored in encrypted cloud storage (Cloudflare R2).
- Email addresses — retained until you request deletion.
- Usage events — anonymized analytics retained indefinitely for aggregate reporting.
- Server logs — retained for up to 30 days, then automatically purged.
You may request deletion of your data at any time by contacting claimsage@polsia.app.
5. Data Sharing & Third Parties
We share data only with the following categories of service providers, and only as necessary to deliver the service:
- AI processing — Anthropic and OpenAI process document text to generate analyses and summaries. They operate under enterprise data agreements.
- Cloud infrastructure — Neon (database hosting), Cloudflare R2 (file storage), and Render (application hosting) store and serve your data under their respective security policies.
- Email delivery — Postmark delivers transactional emails (e.g., welcome messages) on our behalf.
We do not:
- Sell your personal information or health data
- Share data with advertisers or data brokers
- Use your documents for AI model training
- Provide your information to insurance companies or employers
6. Cookies & Tracking
ClaimSage uses minimal tracking:
- Analytics — we may use a lightweight analytics beacon to understand overall site traffic. This does not track individual users across the web.
- No third-party ad trackers — we do not use Google Analytics, Facebook Pixel, or similar advertising-focused trackers.
- Essential cookies only — any cookies used are strictly functional (session management, not tracking).
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Deletion — request that we delete your personal data, including EOB analyses, appeal letters, and email address
- Correction — request correction of inaccurate personal data
- Portability — request your data in a structured, machine-readable format
- Objection — object to certain processing of your personal data
To exercise any of these rights, contact us at claimsage@polsia.app. We will respond within 30 days.
8. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information we collect and how it is used
- The right to request deletion of your personal information
- The right to opt out of the sale of your personal information — we do not sell personal information
- The right to non-discrimination for exercising your privacy rights
9. Children's Privacy
ClaimSage is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at claimsage@polsia.app and we will promptly delete it.
10. Security Measures
We implement industry-standard security measures to protect your data:
- All data transmitted between your browser and our servers is encrypted via TLS/HTTPS
- Database credentials and API keys are stored as encrypted environment variables, never in source code
- Cloud storage (Cloudflare R2) provides encryption at rest
- Database access is restricted to authenticated application connections only
- We conduct regular security reviews of our codebase and infrastructure
No system is 100% secure. If you discover a security vulnerability, please report it to claimsage@polsia.app.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. If we make material changes, we will make reasonable efforts to notify you (for example, by displaying a notice on the platform).
Your continued use of ClaimSage after any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy, your data, or want to exercise any of your rights, contact us:
Email: claimsage@polsia.app