Privacy Policy

We collect the following types of information:

• Account information: Email address and password (or OAuth token) when you create an account.
• Medical bill data: Images, PDFs, or scans of medical bills you upload for analysis. This may include procedure codes, provider names, and billed amounts.
• Location data: ZIP code, used solely to look up local Medicare reimbursement rates.
• Payment information: Processed entirely by Stripe. We never store your credit card details.
• Usage data: Standard web logs including IP address, browser type, and pages visited.

• To perform medical bill analysis and generate negotiation scripts.
• To process payments via our third-party payment processor (Stripe).
• To send transactional emails (account confirmation, receipts).
• To respond to support inquiries.
• If you opt in: to send you educational content about medical billing and your rights as a patient.

We do not sell your personal information or medical bill data to any third party.

Your data is stored on secure servers provided by Supabase. Bill images are processed using Google Cloud Vision OCR and are not retained beyond what is needed to complete your analysis. Analysis results are encrypted at rest and accessible only to you.

We implement industry-standard security measures including TLS encryption in transit, row-level security on our database, and access controls that restrict employee access to user data.

We retain your account information and bill analysis results for as long as your account is active. You may request deletion of your data at any time by contacting us at support@hagglecare.com. Bill images uploaded for OCR processing are deleted immediately after the analysis is complete.

We use the following third-party services to operate HaggleCare:

• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Google Cloud Vision — OCR extraction of bill images.
• OpenAI — AI-powered bill analysis and script generation. Bill data sent to OpenAI is not used to train their models under our API agreement.
• Supabase — database and authentication hosting.

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Opt out of marketing communications at any time.

To exercise any of these rights, contact us at support@hagglecare.com.

HaggleCare is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of HaggleCare after any changes constitutes acceptance of the new policy.

If you have questions about this Privacy Policy, please contact us at support@hagglecare.com.