Privacy Policy

Last updated: March 2026

1. Overview

BillScan AI (“we”, “us”, “our”) is a service that helps individuals review medical bills for potential errors, overcharges, and billing discrepancies using artificial intelligence. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

2. Information We Collect

Account information: When you create an account, we collect your email address and a securely hashed password (managed by Supabase Auth).

Medical bill content: When you submit a bill for analysis, we receive the text or file contents you paste or upload. This data is used solely to generate your analysis and is stored in association with your account so you can view your results.

Payment information: Payments are processed by Stripe. We do not store your credit card number, expiration date, or CVV on our servers. We receive only a customer ID and confirmation of payment from Stripe.

3. How We Use Your Information

We use the information we collect to:

  • Provide and improve the BillScan AI service
  • Analyze medical bill text using AI and return results to you
  • Process payments and manage your account credits
  • Send transactional emails (e.g., login links, receipts)
  • Detect and prevent fraud or abuse

We do not sell your data. We do not use your medical bill content for advertising purposes.

4. AI Processing

Bill text submitted for analysis is sent to Anthropic's Claude API for AI processing. Anthropic's data handling is governed by their own privacy policy at anthropic.com/privacy. We recommend you remove or redact sensitive identifiers (Social Security numbers, insurance ID numbers, etc.) from bill text before submitting.

5. Data Storage and Security

Your account data and scan history are stored in Supabase, a secure cloud database provider. Data is encrypted in transit (TLS) and at rest. We use row-level security policies to ensure users can only access their own data.

6. Data Retention

We retain your account information and scan history for as long as your account is active. You may request deletion of your account and associated data by emailing us at the address below.

7. Third-Party Services

We use the following third-party services:

  • Supabase — authentication and database
  • Anthropic Claude API — AI bill analysis
  • Stripe — payment processing
  • Vercel — hosting and deployment

8. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at the email below. Depending on your location, you may also have rights under GDPR, CCPA, or other applicable privacy laws.

9. Children

BillScan AI is not directed at children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date.

11. Contact

If you have questions about this Privacy Policy, contact us at: cpoole@revasyn.com