Privacy Policy

Effective date: April 16, 2026

1. Who We Are

Medical Bill Audit (“we,” “our,” or “the Service”) is operated by FairBilling.org and helps patients identify potential errors in medical bills, explanations of benefits (EOBs), and itemized statements. This policy explains what data we collect, how we use it, and the choices you have.

2. Our Privacy Default: Process, Don't Store

We are built around a process-first principle. When you upload a bill, we analyze it in memory and generate your report. By default, your documents and their contents are discarded once the report is ready. We do not build profiles of patients and we never sell your data.

Before any analysis runs, personal identifiers extracted from your documents — such as provider names, addresses, and free-text notes — are masked. Analysis is performed on that masked representation.

3. What We Collect

Information you provide

  • Documents you upload (medical bills, EOBs, itemized statements)
  • Email address, if you request a case restore link

Information we never collect

  • Your name, home address, or phone number
  • Social Security number, date of birth, or member ID
  • Any patient identifier from your documents

Information collected automatically

  • Standard server logs (IP address, browser type, pages visited) — retained briefly for security and discarded
  • Aggregate, non-content usage metrics (e.g., analysis completion rate, page counts) — no document content is included
  • Analytics events — to understand how the app is used at an aggregate level

4. Your Consent Choices

Beyond the default process-and-discard flow, we offer optional programs that require your explicit opt-in. None of these are required to use the Service.

Contribute & Track — FairBilling Hospital Score

If you opt in, we store a pseudonymous case record (a random case ID — never your name or member ID) that includes:

  • Provider name and NPI/TIN
  • Service dates, billing codes, and dollar amounts (billed/allowed/paid)
  • Error type labels (e.g., “possible upcoding,” “duplicate charge”)
  • Metro area (never exact zip code)

We use this data to build the FairBilling Hospital Score — aggregate provider billing accuracy insights that help other patients. You can withdraw your contribution at any time from your case page, which permanently removes your case's data from our analytics.

Communications

We use your email address only to send your report restore link or to respond to a message you submitted via our contact form.

5. How We Use Your Data

  • To analyze your bill — generate your audit report and identify potential errors
  • To benchmark pricing — compare your charges against Medicare rates and hospital standard charges
  • To build provider insights — aggregate contributed cases into the FairBilling Hospital Score (only with consent)
  • To improve the Service — fix bugs and measure overall performance
  • To communicate with you — send your report restore link, case updates, or responses to contact form submissions

We do not use your data for advertising, and we do not sell or share it with data brokers.

6. How We Share Your Data

We do not sell your data. We share it only in these limited circumstances:

  • Service providers — vendors that help us operate the Service (cloud storage, bill processing, error monitoring, and analytics) under data processing agreements that restrict their use of your data
  • Payment processor — our payment processor handles report unlock payments; we do not store card details
  • Legal requirements — if required by law, court order, or to protect the rights and safety of users
  • Aggregate, de-identified insights — provider billing patterns published as part of the FairBilling Hospital Score contain no patient information

7. Data Retention

  • Documents & report contents — discarded after report generation by default
  • Contributed case records — retained for 12–24 months for provider-pattern analytics, then deleted
  • Email address (if provided) — retained only while you have an active case; deleted on request
  • Consent logs — retained for legal compliance purposes

8. Your Rights & Controls

You can exercise these controls directly from your case page or by contacting us:

  • Delete this case — permanently removes your uploads, report, and any contributed data for that case
  • Withdraw contribution — removes your case's facts from the FairBilling Hospital Score analytics

If you are a California resident, you have additional rights under CCPA/CPRA, including the right to know, correct, delete, and opt out of the sale or sharing of your personal information. We do not sell or share personal information as defined under CCPA. To submit a request, contact us at privacy@fairbilling.org. We will respond within 30 days.

9. Security

We use industry-standard safeguards including encrypted storage, signed upload URLs, strict row-level database access controls, and audit logging of all data access. No method of transmission or storage is 100% secure, but we take our responsibility to protect your information seriously.

10. Children

The Service is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

11. Changes to This Policy

If we make material changes to how we collect or use your data, we will update the effective date above. Continued use of the Service after that date constitutes acceptance of the revised Policy.

12. Contact

Privacy questions or requests? Reach us through our contact page or email legal@fairbilling.org.