Privacy Notice
Last updated: July 15, 2026. ClearClaim is a remote medical-bill advocacy service. This notice explains how we handle information you submit — especially bill documents that may contain protected health information (PHI).
What we collect
- Contact details (name, email, phone)
- Bill context (hospital, approximate balance, service timeframe, insurance status)
- Optional income band for charity-care screening
- Uploaded bills, EOBs, and related images/PDFs
- Payment metadata from Stripe (we do not store full card numbers)
How we use it
To prepare your claim map, screen charity-care options, generate dispute materials, and negotiate with providers/billing offices on your behalf. We do not sell your data.
Security practices
- Uploaded files are encrypted at rest when
FILE_ENCRYPTION_KEYis configured - Operator access to the case desk is password-gated
- Production deployments should use managed encrypted object storage (e.g. S3 + KMS) and restrict access
- Transmit only over HTTPS in production
Important: not a HIPAA certification claim
ClearClaim takes a HIPAA-aware approach to handling sensitive medical billing documents, but we do not claim to be “HIPAA certified” — there is no official government “HIPAA certification” for vendors. If we act as a business associate for a covered entity in a future B2B arrangement, we will execute a BAA and document controls accordingly. For consumer cases, you are typically sharing your own billing records with an advocacy service you hire.
Retention
We retain case files for as long as needed to deliver the service and meet legal/accounting obligations, then delete or securely archive them. You may request deletion of uploads after your case closes by emailing us.
Contact
Privacy questions: privacy@clearclaim.example