Privacy Policy

1. Information We Collect

2. How We Store Your Information

3. How We Use Your Information

We use your information to:

• Provide personalized health information and advisory services
• Generate AI-powered responses to your health queries
• Send health notifications based on expected utility and your preferences
• Respect your configured maximum daily notification limit
• Improve our services through aggregated usage analysis
• Use de‑identified and aggregated information to understand the impact of our services and to share general statistics or case examples about our results (for example, that we helped save a certain amount on a type of bill), without naming you or disclosing details that could reasonably identify you
• Ensure platform security and prevent fraud
• Comply with legal obligations
• Provide customer support
• Provide bill‑savings and provider‑finder features. For self‑guided use, we avoid identity‑based queries and do not transmit your personal identity to providers/insurers; if you authorize us to contact them on your behalf, we may use and disclose the minimum necessary identifying information to perform that service

4. Data Retention and Deletion

5. Data Sharing and Third Parties

5A. LLM Processing & Safeguards

When we use third‑party AI APIs to generate responses:

• We minimize personal health information in prompts and mask identifiers when possible
• We configure providers not to use your data to train their models
• Providers may retain logs for a limited period for abuse monitoring per their policies; we do not control those retention windows
• We do not permit providers to contact you or use your information for marketing

5B. Feature‑Specific Privacy Disclosures (Provider Finder & Bill Savings)

• Self‑guided provider finder and bill review: we do not transmit your personal identity to insurers or providers, and we do not log in to insurer portals on your behalf
• If you ask us to contact providers or insurers on your behalf: we may disclose only the minimum necessary identifying information to carry out your request; we do not store or use your insurer portal credentials without your explicit consent
• Provider Finder uses generalized inputs such as specialty, location, plan category, and state; we avoid identity‑based queries for network or price lookups unless you explicitly authorize otherwise
• Bill‑savings suggestions are generated from the information you provide and publicly available or partner data; you choose what to share

5C. Research & De‑identified Sharing (PriceCheck)

With your per‑bill consent, we may support healthcare price‑transparency research by sharing a de‑identified version of a bill with academic partners such as Rice University's Baker Institute PriceCheck.

• Participation is optional and off by default; we ask for consent in‑context (after we present results for that bill). Declining will not affect your CareRoute experience
• What we share: line items (e.g., CPT/HCPCS), billed, allowed, patient‑responsibility, and payer adjudication fields; dates are generalized (e.g., month/year); internal IDs are hashed
• What we do not share: names, addresses, medical record numbers, claim IDs, exact dates of birth, phone numbers, email addresses
• De‑identification standard: we remove identifiers consistent with HIPAA de‑identification (45 CFR §164.514(b)(2)) and may apply additional safeguards such as date generalization and small‑cell suppression
• Withdrawals stop future sharing; previously shared de‑identified data may not be retractable from research datasets
• When research is conducted under an IRB protocol, we follow that protocol’s consent requirements (e.g., Rice/Baker Institute PriceCheck)

5D. Bill Defense (Bill Negotiation Service)

If you enroll in our Bill Defense service (where we help negotiate or reduce a specific bill on your behalf):

• We collect the information needed to work on your case, which may include your name, contact details, date of birth, address, relevant account or statement numbers, household size and approximate income range, and copies of bills, EOBs, and related correspondence.
• We use this information only to evaluate options for your bill (for example, discounts, financial assistance, payment plans, or coding reviews), negotiate with providers or their billing partners, and calculate any savings‑based fee owed to us.
• When contacting providers or insurers, we disclose only the minimum necessary identifying information and may share signed authorizations (such as a HIPAA authorization or representative letter) to document our authority to speak on your behalf.
• Bill Defense communication may occur through email as well as in‑app or via our website; we secure email using reputable providers (for example, Google Workspace), but you should be aware that standard email is not end‑to‑end encrypted.
• We retain Bill Defense materials and authorizations for the duration of your case and for a limited period thereafter (generally up to 24 months) for audit, dispute resolution, and regulatory requirements, after which we delete or de‑identify them unless longer retention is legally required. You may request earlier deletion where permitted by law and consistent with our contractual obligations.

6. Your Privacy Rights

You have the right to:

• Access your personal information through the app or by contacting us.
• Correct or update your health profiles, Bill Defense details, and account information.
• Request deletion of specific data (including Bill Defense documents where allowed) or your entire account.
• Export your health profile data where technically feasible.
• Request information about how we use your data, including in Bill Defense.

7. Data Security Measures

We implement comprehensive security measures:

• Encryption in transit (TLS) and at rest
• Secure authentication via Apple Sign-In and Google Authentication
• Regular security assessments and penetration testing
• Employee access controls and confidentiality agreements
• Incident response procedures
• Compliance with healthcare data protection standards
• Data minimization and role‑based access controls (pseudonymization where feasible)

8. Children's Privacy

CareRoute is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately. Parents or guardians who believe a child has provided information may contact privacy@careroute.ai to request deletion.

9. International Data Transfers

Your information may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy. Where required, we rely on Standard Contractual Clauses or comparable safeguards for transfers.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through the app or via email. Your continued use of CareRoute after changes indicates acceptance of the updated policy.

11. Contact Information

For privacy-related questions, concerns, or to exercise your rights, please contact us at:

• Email: privacy@careroute.ai

12. Regulatory Compliance

We strive to comply with applicable privacy laws and regulations, including GDPR, CCPA, and other regional privacy requirements. Specific rights may vary based on your location. We are generally not a HIPAA covered entity or business associate; if we enter into a Business Associate Agreement (BAA) with a partner, workflows under that BAA follow its terms.