Privacy Policy — Fight Insurance Denials With Evidence

Last updated: March 22, 2026. This policy describes how ClearCost Appeals collects, uses, and protects your information.

1. Overview

ClearCost Appeals ("the Service," "we," "us," or "our") is an AI-powered tool that generates insurance denial appeal documents. Because the Service processes health-related information, we take data privacy seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have.

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect only the information necessary to generate your appeal documents and operate the Service. We do not collect information beyond what you directly provide.

2.1 Information You Provide

Category	Examples	Purpose
Patient information	Name, date of birth, member ID, group number	Required to generate personalized appeal documents that reference the correct patient and policy
Insurance information	Insurer name, claim number, denial date, plan type	Used to identify applicable appeal rules, deadlines, insurer-specific policies, and state regulations
Clinical information	Diagnosis codes, procedure codes, denial reason, clinical history, treating physician	Used to generate medically substantiated appeal arguments and retrieve relevant clinical evidence from PubMed
Denial letter content	Uploaded denial letter images or PDFs, or manually entered denial text	Parsed to extract denial details for appeal generation
Appeal outcomes	Outcome reports (approved, denied, partial), notes, savings amounts	Used to track appeal effectiveness, generate precedent statistics, and improve appeal strategies
Contact information	Email address (if provided for follow-up reminders)	Used solely to send appeal follow-up reminders and outcome tracking communications

2.2 Information Collected Automatically

The Service uses minimal cookies strictly for session management (maintaining your session state while using the application). We do not use advertising cookies, tracking pixels, analytics services, or any third-party tracking technologies.

3. How We Use Your Information

We use the information you provide for the following purposes and no others:

Document generation: To generate appeal letters, letters of medical necessity, external review requests, DOI complaints, and related documents tailored to your specific denial.
Clinical evidence retrieval: To query PubMed for peer-reviewed medical literature relevant to your diagnosis and treatment. These queries use clinical terms (diagnosis codes, procedure descriptions), not personally identifiable information.
Outcome tracking: To record appeal outcomes you voluntarily report, enabling us to track effectiveness by denial type, insurer, and strategy.
Service improvement: To improve the Service using anonymized, de-identified aggregate statistics. For example, we may analyze which appeal strategies have the highest success rates for particular denial types, without linking that analysis to any individual user.
Follow-up reminders: If you provide an email address, to send reminders to check on your appeal status and report outcomes.

        We do NOT sell your personal data or health information to any third party, for any reason, under any circumstances.
      

We do NOT use your health data for advertising, marketing, or profiling.

4. Third-Party Services

The Service relies on two third-party services to function. We do not share your data with any other third parties.

4.1 Anthropic (Claude API)

We use Anthropic's Claude language model to analyze denial details and generate appeal documents. When you use the Service, the information you provide (denial details, clinical history, etc.) is transmitted to Anthropic's API for processing. Anthropic's handling of this data is governed by Anthropic's Privacy Policy and their API terms of service. Under Anthropic's commercial API terms, data submitted through the API is not used to train Anthropic's models.

4.2 NCBI / PubMed

We query the National Center for Biotechnology Information (NCBI) PubMed database to retrieve peer-reviewed clinical evidence for your appeal. These queries are made using clinical terms (e.g., diagnosis descriptions, procedure names, medical conditions) and do not include personally identifiable information such as your name, date of birth, or insurance details. PubMed is a service of the National Library of Medicine at the National Institutes of Health.

5. Data Retention

Appeal data: Appeal details and generated documents are stored locally for outcome tracking and follow-up purposes. This data is retained until you request its deletion.
Outcome data: Appeal outcomes you report are retained indefinitely in anonymized, aggregate form to maintain the precedent database that benefits all users. Individual outcome records linked to your identity can be deleted on request.
Uploaded files: Denial letter images and PDFs you upload are stored temporarily for processing and are not retained after your session unless associated with a tracked appeal.
Session data: Session cookies expire when you close your browser.

6. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption of data in transit (HTTPS/TLS)
Restricted access to stored data
No unnecessary data collection or retention
Regular review of data handling practices

No method of electronic storage or transmission is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

7. Anonymization and Aggregate Data

We may create anonymized, de-identified, aggregate datasets from appeal data to analyze trends such as:

Appeal success rates by denial type and insurer
Effectiveness of different appeal strategies
Common denial patterns across insurers and states

This aggregate data cannot be used to identify any individual user or patient. De-identification is performed by removing all direct identifiers (names, dates of birth, member IDs, claim numbers, contact information) and applying statistical methods to prevent re-identification where sample sizes are small.

8. HIPAA Notice

ClearCost Appeals processes information that may constitute protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). We take reasonable steps to protect PHI in accordance with industry best practices.

        Important: ClearCost Appeals in its standard configuration is not a HIPAA-covered entity and does not execute Business Associate Agreements (BAAs) with individual users. If you require full HIPAA compliance with a signed BAA, the Service can be deployed via AWS Bedrock, which supports BAA execution with Anthropic's Claude models. Contact us for enterprise deployment options.
      

Regardless of HIPAA applicability, we apply the following principles to all health data:

Minimum necessary: We collect only the information required to generate your appeal documents.
Purpose limitation: We use health information only for the purposes described in this policy.
Access controls: Health data access is restricted to the systems and processes necessary for Service operation.
No secondary use: We do not use your health information for marketing, advertising, underwriting, or any purpose unrelated to appeal generation and Service improvement.

9. Your Rights

You have the following rights regarding your personal data:

Right to access: You may request a copy of all personal data we hold about you, including appeal details, generated documents, and outcome records.
Right to correction: You may request that we correct any inaccurate personal data we hold about you.
Right to deletion: You may request that we delete your personal data. Upon receiving a verified deletion request, we will delete your identifiable data within thirty (30) days. Anonymized aggregate data derived from your information (which cannot be linked back to you) will be retained.
Right to data portability: You may request your data in a structured, machine-readable format.
Right to withdraw consent: You may withdraw your consent to data processing at any time by discontinuing use of the Service and requesting deletion of your data.

To exercise any of these rights, contact us at the address provided in Section 13 below.

10. State-Specific Privacy Rights

10.1 California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:

Right to know: You have the right to know what personal information we collect, use, disclose, and sell. We have detailed this in Sections 2-4 above.
Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to opt out of sale: We do not sell personal information. There is no sale to opt out of.
Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
Sensitive personal information: Health information is classified as sensitive personal information under CPRA. We use it only for the purposes disclosed in this policy, which are necessary to provide the Service you requested.

10.2 Washington State (MHMDA)

The Washington My Health My Data Act (MHMDA) imposes additional requirements on entities that collect, share, or process health data of Washington residents. In compliance with MHMDA:

We obtain your consent before collecting health data (by your voluntary use of the Service).
We do not sell or offer to sell your health data.
We do not collect health data through geofencing near healthcare facilities.
You may exercise your rights to access and delete your health data as described in Section 9.

10.3 Other State Health Privacy Laws

Several other states have enacted or are enacting consumer health data privacy laws, including Connecticut, Nevada, and others. We endeavor to comply with all applicable state privacy laws. If you are a resident of a state with specific health data privacy protections, you may exercise your rights under those laws by contacting us at the address in Section 13.

11. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to delete such information.

The Service may be used by parents or guardians to generate appeal documents on behalf of minor dependents. In such cases, the parent or guardian is the user and is responsible for compliance with these Terms and this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service itself. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

13. Contact Information

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, please contact us at:

ClearCost Appeals
Email: privacy@clearcostappeals.com

We will respond to verified requests within thirty (30) days.

14. Cookie Policy

ClearCost Appeals uses cookies only for essential session management. Specifically:

Cookie	Purpose	Duration	Type
Session cookie	Maintains your session state while using the application (e.g., keeping your appeal data active during document generation)	Expires when browser is closed	Strictly necessary

We do not use:

Advertising or targeting cookies
Third-party analytics cookies (e.g., Google Analytics)
Social media tracking cookies
Any cookies that track you across websites

Because we use only strictly necessary cookies required for the Service to function, no cookie consent banner is required under most applicable regulations. You may configure your browser to block cookies, but this may prevent the Service from functioning properly.