MedicalBillReader.com is committed to protecting your privacy. This policy explains what information we collect when you use our AI-powered bill analysis tool, how we use it, and your rights under U.S. state and international privacy laws. We never store your uploaded medical bills — documents are deleted immediately after analysis and results exist only in your browser session.
Privacy Policy
Last updated: March 16, 2026
Effective Date: January 1, 2026 | Last Reviewed: March 2026
1. Who We Are
MedicalBillReader.com ("we," "us," "our") is operated by an experienced web professional. We provide an AI-powered tool that helps consumers understand their medical bills. This Privacy Policy describes how we collect, use, and protect your information when you use our website and services.
For privacy-related inquiries, contact us at: privacy@medicalbillreader.com
2. Categories of Personal Data We Collect
We collect the following categories of personal data:
- Uploaded Medical Bills — Images or PDFs you upload for analysis. These may contain sensitive personal and health information including patient names, dates of service, diagnoses, procedure codes (CPT, ICD-10, HCPCS), and billing amounts.
- Device & Browser Information — IP address, browser type, operating system, and device identifiers collected automatically via server logs and analytics.
- Usage Data — Pages visited, features used, timestamps, and interaction patterns.
- Cookies & Tracking Technologies — Data collected via cookies for analytics and advertising purposes (on marketing pages only).
3. How We Use Your Data
- To analyze your uploaded medical bills and provide plain-English explanations.
- To operate, maintain, and improve our website and services.
- To display relevant advertisements on marketing pages (not on analysis pages).
- To comply with legal obligations.
Lawful Basis (GDPR): We process data based on (a) your consent when you upload a medical bill, (b) our legitimate interest in operating and improving the service, and (c) legal compliance obligations.
4. Medical Bill Data — How We Handle Your Health Information
We treat all uploaded medical bills with the highest level of sensitivity. Medical bills may contain protected health information and are handled with HIPAA-adjacent care, even though MedicalBillReader.com is not a HIPAA-covered entity.
- Immediate Deletion: Uploaded medical bills are deleted immediately after analysis is complete. We do not retain your bill images or PDFs on our servers.
- No Logging of Bill Contents: The text, codes, charges, and other contents of your medical bills are never logged, stored in databases, or written to server logs.
- Anthropic API Disclosure: To analyze your bill, the uploaded image or PDF text is sent to Anthropic's Claude API for AI-powered processing. Anthropic processes this data according to their privacy policy. Anthropic does not use API inputs to train their models.
- No Advertising Use: Your medical bill data, health information, and analysis results are never shared with advertising systems, ad networks, or used for ad targeting.
- Browser-Session Only: Your bill preview and analysis results exist only in your browser session and are cleared when you close or refresh the page.
During the upload experience, we display a visible privacy notice informing you that your bill will be processed by AI and deleted immediately after analysis.
Important: Analysis results are estimates for informational purposes only. They do not constitute medical advice, financial advice, or a professional billing review.
5. Third Parties We Share Data With
- Anthropic (Claude API) — Uploaded bill images/text are sent to Anthropic for AI-powered analysis. Anthropic processes data under their API terms and does not use API inputs for model training.
- Google AdSense — On marketing pages only, Google may collect cookies and device information for ad serving. Medical bill data is never shared with Google.
- Google Analytics — We use Google Analytics to understand website usage patterns. Analytics data does not include medical bill contents.
- Vercel — Our hosting provider processes server requests. No medical bill data is persisted by Vercel beyond standard request processing.
6. Data Retention Periods
- Uploaded Medical Bills: Deleted immediately after analysis — zero retention.
- Analysis Results: Exist only in your browser session — not stored on our servers.
- Server Logs: Retained for up to 30 days for security and debugging, then automatically deleted. Logs do not contain medical bill contents.
- Analytics Data: Retained per Google Analytics default settings (up to 14 months).
- Cookie Data: Varies by cookie type; advertising cookies expire per Google's cookie policies.
7. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information. These rights are effective as of January 1, 2026.
Information We Collect
In the past 12 months we have collected the following categories of personal information:
- Identifiers: IP address, email address (if account created), browser type, device identifiers.
- Internet or network activity: Pages visited, tool usage patterns, time on site.
- Health and medical information: Medical bill documents submitted for analysis. This data is processed server-side and deleted immediately after analysis is complete. It is never stored, logged beyond the active session, or shared.
- Inferred data: Interests inferred from browsing behavior via advertising partners (marketing pages only — not analysis pages).
Sensitive Personal Information — Medical Bill Data
As of January 1, 2026, California law defines health and medical information as sensitive personal information requiring heightened protections. Medical bills you upload contain sensitive health information including patient names, diagnosis codes (ICD-10), procedure codes (CPT/HCPCS), provider information, and financial data.
Medical Bill Reader treats all uploaded bill data as sensitive personal information. Specifically:
- Bill documents are processed in memory and deleted immediately after analysis is returned to you
- We do not store, log, index, or retain bill content after your session ends
- Bill content is never used for advertising targeting, never sold, and never shared with third parties
- Advertising is served via non-personalized ads on analysis pages to prevent any health data from reaching advertising systems
Washington My Health My Data Act (WA MHMDA)
For Washington State residents, the My Health My Data Act provides additional protections for consumer health data. Medical bill information constitutes consumer health data under this law. We comply with WA MHMDA by: processing health data only to provide the requested service; not selling consumer health data; not sharing health data with third parties for advertising; and deleting health data immediately after processing. Washington residents have the right to access, delete, and withdraw consent for processing of their consumer health data by contacting us via the Contact page.
Maryland Online Data Privacy Act (MD MODPA)
For Maryland residents, the Maryland Online Data Privacy Act (effective October 2025) prohibits the sale of sensitive data including health information. We do not sell medical bill data or any health-related information. Maryland residents have the right to access, delete, correct, and opt out of the processing of their personal data by contacting us via the Contact page.
Data Minimization
We collect only the minimum personal information necessary to operate this service. Medical bill documents are processed in memory and deleted immediately after analysis. We do not retain document content beyond the active processing session.
How We Use Your Information
- To perform medical bill analysis using AI processing
- To display non-personalized advertising on marketing pages through Google AdSense
- To analyze aggregate site traffic via analytics (no health data included)
- To maintain site security and prevent fraud
We do not sell your personal information. We do not use health or medical bill content for advertising targeting under any circumstances.
Your Rights as a California Resident
- Right to Know: Request disclosure of personal information collected in the past 12 months.
- Right to Delete: Request deletion of personal information. Note: medical bill documents are deleted automatically upon processing completion.
- Right to Correct: Request correction of inaccurate personal information such as account details.
- Right to Opt-Out: Opt out of sharing personal information for advertising. We honor Global Privacy Control (GPC) signals automatically. We use non-personalized ads on analysis pages by default.
- Right to Limit Use of Sensitive Information: You have the right to limit our use of your sensitive personal information (including health data) to only what is necessary to provide the service you requested.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
Do Not Sell or Share My Personal Information
We do not sell personal information or health data. To opt out of sharing for advertising purposes on non-analysis pages, use a Global Privacy Control (GPC)-enabled browser, or contact us via the Contact page.
How to Submit a Request
Contact us via the Contact page. We will respond within 45 days. Identity verification may be required.
Data Retention
Account data is retained until account deletion. Analytics data is retained for 26 months. Medical bill documents are deleted immediately after processing. Server logs (without health content) are retained for 90 days.
8. Additional U.S. State Privacy Rights
Residents of the following states have privacy rights similar to California's CCPA/CPRA. To exercise your rights, contact us via the Contact page. We will respond within the timeframe required by your state's law.
| State | Law | Effective | Key Rights |
|---|---|---|---|
| Colorado | CPA | Jul 2023 | Access, delete, correct, opt-out, portability |
| Connecticut | CTDPA | Jul 2023 | Access, delete, correct, opt-out, portability |
| Virginia | VCDPA | Jan 2023 | Access, delete, correct, opt-out |
| Texas | TDPSA | Jul 2024 | Access, delete, correct, opt-out |
| Florida | FDBR | Jul 2024 | Access, delete, correct, opt-out |
| Montana | MTCPA | Oct 2024 | Access, delete, correct, opt-out |
| Oregon | OCPA | Jul 2024 | Access, delete, correct, opt-out, portability |
| Tennessee | TIPA | Jul 2025 | Access, delete, correct, opt-out |
| Minnesota | MNDPA | Jul 2025 | Access, delete, correct, opt-out, portability |
| Maryland | MODPA | Oct 2025 | Access, delete, correct, opt-out; bans sale of sensitive data |
| Indiana | IDCPA | Jan 2026 | Access, delete, correct, opt-out |
| Kentucky | KYCPA | Jan 2026 | Access, delete, correct, opt-out |
| Rhode Island | RIDPA | Jan 2026 | Access, delete, correct, opt-out |
We honor Global Privacy Control (GPC) signals from all states that require it. We do not sell personal information to third parties. We do not engage in targeted advertising using sensitive personal information.
9. Special Category Health Data (GDPR Article 9)
Under GDPR Article 9, medical and health-related data constitutes "special category" personal data requiring explicit consent and additional safeguards. When you upload a medical bill:
- We process health data solely based on your explicit consent given at the time of upload.
- Processing is limited to the specific purpose of bill analysis.
- Data is deleted immediately after processing — no retention.
- We implement appropriate technical and organizational safeguards.
10. HIPAA-Adjacent Sensitivity
While MedicalBillReader.com is not a HIPAA-covered entity or business associate, we recognize that medical bills contain the same types of sensitive health information protected under HIPAA. We voluntarily adopt HIPAA-adjacent security and privacy practices, including immediate data deletion, no logging of health data, and access controls on data processing systems.
11. Cookies & Tracking
We use cookies on marketing pages for analytics and advertising. We do not use advertising cookies or trackers on bill analysis pages. For EU/EEA/UK visitors, we obtain consent before setting non-essential cookies.
12. Children's Privacy
Our service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.
13. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be posted on this page with an updated "Last Updated" date. Your continued use of the service after changes constitutes acceptance.
Frequently Asked Questions About Your Privacy
How is my uploaded medical bill data handled?
Your uploaded medical bill is sent to our AI for analysis and deleted immediately after processing. It is never stored on our servers, logged, or shared with third parties. The analysis results exist only in your browser session and disappear when you close or refresh the page.
How can I request deletion of my personal data?
Medical bill documents are deleted automatically immediately after analysis, so there is nothing to delete. For other personal data such as analytics or account information, email privacy@medicalbillreader.com and we will respond within 45 days as required by applicable law.
14. Contact Us
For privacy inquiries, data requests, or questions about this policy:
Email: privacy@medicalbillreader.com