Privacy Policy

• To extract text and line items from your uploaded bill
• To run automated billing checks against the line items on your bill
• To generate an analysis report and a personalized dispute letter draft
• To deliver your report and dispute letter via email
• To process your payment and support refund requests
• To monitor service reliability and fix errors
• To understand aggregate usage patterns and improve the product

We do not use your medical bill data to train AI models. That includes our own models and those of any service provider we work with. Every service we use that processes your data is contractually prohibited from using submitted content for model training or any purpose other than performing the service for us.

To deliver the Service, we engage a small number of service providers to handle specific operational functions. We do not publish the names of these providers on this page in order to limit the value of the disclosure to bad actors and competitors. We share only the minimum data necessary for each provider to perform its function. The categories are:

All service providers operate in the United States. A current list of named sub-processors is available to enterprise customers and regulators on written request to privacy@clarobill.com.

We do not sell your data to advertisers, data brokers, or any other third party. We do not share your data for advertising or marketing purposes.

• Uploaded bill files: retained for 90 days after upload, then automatically deleted
• Extracted line item data and reports: retained for 12 months, then deleted
• Account data: retained until you delete your account
• Payment records: retained for 7 years as required by financial regulations
• Anonymized analytics: retained indefinitely in aggregate, with no link to your identity

Clarobill is not a Covered Entity or Business Associate as defined by the Health Insurance Portability and Accountability Act (HIPAA). Medical bills you upload are not “protected health information” (PHI) under HIPAA in the context of this Service because Clarobill is not a healthcare provider, health plan, or healthcare clearinghouse.

However, because your bill may contain sensitive health information, we apply strong technical and organizational controls (encryption at rest and in transit, strict access controls, and data minimization) consistent with the spirit of HIPAA and industry best practices.

You have the right to:

• Access the data we hold about you
• Correct inaccurate data
• Delete your account and associated data (within 30 days of request)
• Export your data in a portable format
• Opt out of analytics by using a browser with tracking protection enabled

To exercise any of these rights, email privacy@clarobill.com. We will respond within 30 days.

We store a randomly generated analytics session identifier in your browser. This identifier is not linked to your account or personal information. We do not use third-party advertising cookies and we do not allow advertising networks to track you through our Service.

Your authentication session is stored in a secure, httpOnly cookie.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Uploaded files are stored in private storage with no public access. Access to production systems is restricted to authorized personnel via multi-factor authentication.

If you discover a security vulnerability, please report it responsibly to security@clarobill.com.

The Service is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has submitted data to Clarobill, contact us at privacy@clarobill.com and we will delete it promptly.

We will notify you of material changes to this policy by email at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Privacy questions or requests: privacy@clarobill.com