Privacy Policy
Last updated: March 28, 2026
1. Information We Collect
When you use DenyBack, we collect the following categories of information:
- Personal information: your name, email address, and state of residence.
- Insurance information: insurer name, plan type, member ID, and group number.
- Denial details: denial reason, date of denial, procedure or service denied, diagnosis information, and any additional context you provide about why you believe the denial is incorrect.
- Payment information: processed securely by Stripe. We do not store your credit card number or full payment details on our servers.
2. How We Use Your Information
We use the information you provide exclusively for document generation purposes. Specifically, your information is used to:
- Generate your personalized appeal and escalation documents.
- Look up state-specific insurance regulations and commissioner contact information relevant to your case.
- Send you your documents via email if you choose that option.
- Provide customer support if you contact us.
We do not use your information for marketing, advertising, or any purpose unrelated to the Service.
3. Health Information
DenyBack is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). However, we recognize the sensitivity of health-related information and apply best practices for its protection. We limit access to your health information to the systems and processes strictly necessary for document generation. We do not share your health information with third parties except as described in Section 5.
4. Data Storage & Security
Your data is stored in a PostgreSQL database hosted by Supabase, with encryption at rest and in transit. We use industry-standard security measures including TLS encryption for all data transmission, encrypted database storage, access controls limiting data access to essential services, and regular security reviews. While no system is perfectly secure, we take reasonable measures to protect your information from unauthorized access, alteration, or destruction.
5. Third-Party Services
We use the following third-party services in the operation of DenyBack:
- Stripeprocesses your payment. Stripe receives your payment card information and billing details. Stripe's privacy policy governs their handling of your payment data.
- Resend delivers transactional emails (e.g., your generated documents). Resend receives your email address and the content of the email.
- Anthropic provides the AI that generates persuasive language for your appeal documents. Anthropic receives a summary of your denial details (denial reason, procedure, and diagnosis) to generate appeal language. Anthropic does not receive your name, email address, member ID, or other directly identifying information.
6. Data Retention & Deletion
Your case data is retained for as long as your case is active so you can access your documents from your dashboard. You may delete your case at any time from your dashboard, which will permanently remove all associated data from our systems. If you do not delete your case, we will retain it for up to 12 months after creation, after which it will be automatically deleted.
7. No Selling of Data
We do not sell, rent, lease, or trade your personal information or health-related data to any third party. Period. Your data is used solely to provide the Service you requested.
8. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@denyback.com.