Privacy Policy

• Account info: email address (from Google OAuth), name if provided.
• Documents you upload: medical bills, EOBs, denial letters, and any related correspondence.
• Case data: hospital and insurer names, amounts billed, errors identified, appeal letters drafted, outcomes you report.
• Usage: what pages you visit, when. Aggregated for product improvement.

• To run AI analysis on your bills (we send document text to Google Gemini for processing).
• To draft appeal letters on your behalf.
• To send notifications about case status and upcoming deadlines (via email through Resend).
• To send appeal faxes if you use that feature (via Telnyx).
• To process your $19/month subscription (via Stripe).
• To detect billing emails when you connect Gmail. We use Google's OAuth read-only scope and only read the sender, subject, and snippet of messages from biller domains on your watch list. We do not store full email bodies.
• To improve the product. We may use aggregated, de-identified data for analytics.

We share data with the third-party services required to run Reclaim:

• Supabase — our hosted database and file storage
• Google Gemini — AI bill analysis and letter drafting
• Stripe — payment processing
• Telnyx — fax delivery (only when you initiate a fax)
• Resend — transactional email delivery
• Vercel — application hosting

We do not sell your data, ever. We do not share it with advertisers, data brokers, or insurance carriers other than through the appeal letters you authorize us to send.

Medical billing data may include Protected Health Information (PHI). Reclaim is implementing HIPAA-compliant infrastructure and Business Associate Agreements (BAAs) with our subprocessors. During our beta period, this work is in progress. If you have strong HIPAA requirements, contact us before uploading sensitive documents.

We retain your case data for as long as your account is active, plus 7 years after closure (to align with typical medical billing records retention). You can request earlier deletion of specific cases or your entire account by emailing support.

• Access: download all your data from your settings page.
• Correction: edit any case or document at any time.
• Deletion: delete individual cases or your full account; request via email.
• Export: ask for a portable copy of your data.
• If you're a California or EU resident, you have additional rights under CCPA and GDPR. Email us to exercise them.

We use TLS in transit, encryption at rest, and row-level security so that only you can see your data. Authentication is via Google OAuth — we never see or store your Google password.

Privacy questions or requests? Email hello@kynth.studio.