Privacy Policy

Effective Date: April 12, 2026

1. Introduction

BillHero LLC ("BillHero," "we," "us," or "our") operates the BillHero platform at billhero.ai. This Privacy Policy explains how we collect, use, store, and protect your information.

2. Ephemeral Processing of Health Documents

BillHero processes uploaded medical documents on an ephemeral basis only:

  • Documents are analyzed in server memory and immediately discarded after your report is generated
  • We do not store the text content of your uploaded medical documents
  • We do not retain diagnosis codes, procedure details, or other Protected Health Information (PHI)
  • Generated reports are encrypted using AES-256-GCM and accessible only by you

3. Information We Collect

Account: Email address and authentication credentials (managed by Clerk).

Insurance Plans: Plan name, insurer, year, type, and Summary of Benefits text (no PHI).

De-identified Metadata: Provider name, service date, dollar amounts, appeal status. No diagnosis codes or clinical details.

Payment: Processed by Stripe. We store only your Stripe customer ID and subscription status.

Usage Data: IP addresses, browser type, feature usage. Not linked to health information.

4. How We Use Your Information

  • To provide and improve BillHero
  • To generate appeal letters and reports
  • To process payments and manage subscriptions
  • To send service communications
  • To comply with legal obligations

We do not sell your personal information. We do not allow advertisers to target you based on health information.

5. HIPAA-Aligned Practices

While BillHero is not a HIPAA covered entity, we voluntarily adopt HIPAA-aligned practices including ephemeral processing, AES-256-GCM encryption, Business Associate Agreements with all service providers, and strict access controls.

6. Service Providers

  • Clerk — authentication
  • Supabase — encrypted database storage
  • Anthropic — AI analysis (ephemeral, BAA in place)
  • Vercel — hosting (BAA in place)
  • Stripe — payment processing

7. Data Retention

  • Uploaded documents: Deleted immediately after processing
  • Encrypted reports: Retained for life of account
  • Account information: 30 days after account closure
  • Payment records: As required by law (typically 7 years)
  • Usage logs: 90 days

8. Your Rights

You may access, correct, delete, and export your data. Contact legal@billhero.ai to exercise these rights.

9. Contact

BillHero LLC
Email: legal@billhero.ai
Website: https://billhero.ai