1. Our Commitment
BillHero LLC is deeply committed to protecting the privacy of health information. While BillHero is not a covered entity under HIPAA — we are a consumer software tool, not a healthcare provider, health plan, or clearinghouse — we voluntarily adopt and exceed HIPAA-aligned privacy standards.
2. Ephemeral Processing Model
When you upload a medical document:
- Your document is transmitted over encrypted TLS 1.3
- Processed in server memory by our AI pipeline
- A report is generated
- The document and all extracted text are permanently deleted
- Only de-identified metadata and your encrypted report are retained
3. What We Never Store
- Text content of uploaded EOBs, bills, or medical records
- Diagnosis codes (ICD-10) linked to individuals
- Clinical notes or physician documentation
- Any document identifying a specific individual's health conditions
4. Technical Safeguards
- TLS 1.3 encryption for all data in transit
- AES-256-GCM encryption for all stored reports
- Access controls — BillHero staff cannot access your encrypted reports
- All access is logged and audited
5. Business Associate Agreements
BillHero has executed BAAs with: Vercel Inc., Supabase Inc., Anthropic PBC, and Clerk Inc.
6. Your Rights
- Access your encrypted reports through your dashboard
- Delete your reports and account at any time
- Export your reports before deletion
Contact legal@billhero.ai to exercise these rights.
7. Important Limitations
BillHero is not legal advice, medical advice, a guarantee of appeal success, or a substitute for a licensed professional. For complex situations involving significant amounts or legal disputes, consult a licensed healthcare attorney or patient advocate.
8. Contact
BillHero LLC
Email: legal@billhero.ai
Website: https://billhero.ai