Skip to main content
MB
MedBillResolve

Privacy Policy

Last updated: March 1, 2026

1. Introduction

MedBillResolve ("we," "our," or "us") operates the MedBillResolve platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use the Service.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account.
  • Case Information: Details about your medical bill, healthcare provider, insurance status, billing amounts, dates of service, and dispute details that you provide through our guided intake process.
  • Documentation: Medical bills, explanation of benefits (EOB), itemized statements, insurance correspondence, communication records, and other files you upload to support your dispute.
  • Payment Information: Billing details processed through our payment provider, Stripe. We do not store your full credit card number on our servers.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, and interactions with the Service.
  • Device Information: Browser type, operating system, device identifiers, and screen resolution.
  • Log Data: IP address, access times, and referring URLs.

3. How We Use Your Information

  • Service Delivery: To generate your dispute packet, including dispute letters, itemized bill requests, insurance appeal letters, and action plans.
  • Account Management: To create and manage your account, save your progress, and deliver your generated documents.
  • Payment Processing: To process transactions and manage refund requests.
  • Communication: To send you account-related notifications, respond to inquiries, and provide customer support.
  • Improvement: To analyze usage patterns and improve the Service, including the quality of AI-generated documents.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure located in the United States. We implement the following security measures:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Stored data, including uploaded documentation and generated documents, is encrypted using AES-256 encryption.
  • Access Controls: Access to user data is restricted to authorized personnel on a need-to-know basis.
  • Regular Audits: We conduct regular security reviews and vulnerability assessments of our infrastructure.

While we implement commercially reasonable security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We use the following third-party services that may receive your data:

  • Stripe: Processes payments securely. Stripe receives your payment card information directly and is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
  • Amazon Web Services (AWS): Hosts our application infrastructure and data storage. See AWS Privacy Notice.
  • Anthropic: Powers the AI that generates your dispute documents. Case information is sent to Anthropic's API for document generation. Anthropic does not use API data to train its models. See Anthropic's Privacy Policy.

We do not sell your personal information to third parties. We do not share your data with third parties for their own marketing purposes.

6. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Service:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Service so we can improve it. These can be disabled through your browser settings.

We do not use advertising cookies or trackers. We do not serve targeted advertising.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Rights for All Users

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your account and associated data.
  • Data Portability: Request an export of your data in a machine-readable format.

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to delete personal information held by us and by extension our service providers.
  • The right to opt out of the sale or sharing of personal information. Note: we do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.
  • The right to correct inaccurate personal information.
  • The right to limit the use and disclosure of sensitive personal information.

To exercise any of these rights, contact us at privacy@medbillresolve.com. We will respond to verifiable requests within 45 days.

8. Data Retention

We retain your data as follows:

  • Account Information: Retained for as long as your account is active. Upon account deletion, we remove your data within 30 days.
  • Case Data and Documentation: Retained for 12 months after your last case activity to allow you to access your generated documents. After 12 months of inactivity, case data is automatically deleted.
  • Payment Records: Retained for 7 years as required for tax and accounting compliance.
  • Usage and Log Data: Retained for 90 days, then automatically purged.

You can request immediate deletion of your case data and documentation at any time through your account settings or by contacting us.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: