Privacy Policy

1. Overview

DenialFixer ("we," "us," "our") provides AI-powered medical claim denial management services for behavioral health practices. This Privacy Policy describes how we collect, use, store, and protect information when you use our website and services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, practice name, NPI number, phone number, and billing address. This information is used to provide our services and communicate with you.

Protected Health Information (PHI)

When you upload ERA/835 files or claim data, we process Protected Health Information including patient identifiers, diagnosis codes, procedure codes, dates of service, and claim amounts. PHI is handled in strict compliance with HIPAA regulations and our Business Associate Agreement (BAA).

Usage Data

We collect anonymized usage data including pages visited, features used, and browser type. This data does not contain PHI and is used to improve our service.

3. How We Use Your Information

• •Analyzing denied claims and generating appeal letters
• •Submitting appeals on your behalf via fax or electronic submission
• •Tracking appeal outcomes and matching payments to denied claims
• •Invoicing for successfully recovered revenue
• •Sending transactional emails (password resets, appeal status updates)
• •Improving our AI models and denial analysis accuracy (using de-identified data only)

4. Data Security

We implement comprehensive security measures to protect your data:

• •Encryption at rest: AES-256 encryption for all stored data, with field-level encryption for sensitive identifiers
• •Encryption in transit: TLS 1.3 for all data transmission
• •Access controls: Role-based access with practice-level data isolation
• •Audit logging: Every access to PHI is logged with user, timestamp, and action
• •Infrastructure: Hosted on AWS with HIPAA-eligible services (App Runner, Aurora PostgreSQL, S3)

5. HIPAA Compliance

We are a Business Associate under HIPAA. We execute a Business Associate Agreement (BAA) with every practice before processing any PHI. We implement administrative, technical, and physical safeguards as required by the HIPAA Security Rule. We apply the minimum necessary standard — we only access and process the PHI required to perform denial analysis and appeal generation.

6. AI Processing

We use AI (Anthropic Claude) to analyze denials and generate appeal letters. When processing claims through AI, we transmit only the minimum necessary claim data (denial codes, procedure codes, diagnosis codes, billed amounts). Patient names are not sent to AI models. Our AI provider (Anthropic) does not retain or train on data sent through their API.

7. Data Retention

We retain claim and appeal data for the duration of your account plus 7 years, as required for healthcare billing records. Upon account termination, we securely delete your data within 30 days unless retention is required by law. You may request earlier deletion of specific records by contacting us.

8. Data Sharing

We do not sell your data. We share information only with:

• •Insurance payers: When submitting appeals on your behalf (with your authorization)
• •Service providers: Cloud infrastructure (AWS), AI processing (Anthropic), email (Resend), fax (SRFax), payment processing (Stripe) — all bound by appropriate agreements
• •Legal requirements: When required by law, regulation, or valid legal process

9. Your Rights

You have the right to:

• •Access your data and request a copy of the information we hold
• •Correct inaccurate information in your account
• •Request deletion of your account and associated data
• •Receive an accounting of disclosures of your PHI
• •Opt out of non-essential communications

10. Cookies

We use essential cookies for authentication and session management. We use anonymous analytics to understand usage patterns. We do not use advertising cookies or sell cookie data to third parties.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

Questions about this Privacy Policy or data practices? Contact our privacy team: