1Who we are / what the App does
MedBill Auditor is a consumer tool to review your own medical bills for billing errors and overcharges. We are NOT a healthcare provider, health plan, or clearinghouse, and NOT a "covered entity" or "business associate" under HIPAA; HIPAA does not govern our relationship with you. We voluntarily apply strong, HIPAA-aligned security practices.
2Information we collect
Account information. Your email address, via Firebase Authentication by Google. Your credentials are handled by Firebase — they are not stored on our servers.
Bill information. We extract billing codes (e.g. CPT/HCPCS), charged amounts, provider name, and service month and year. The uploaded image may contain other printed information; it is processed solely to extract billing data and then deleted.
Purchase information. Processed by Apple or Google. We receive a purchase token via RevenueCat. We never receive or store card or bank details.
Device and diagnostic information. Device type and OS version, used for performance monitoring and crash reporting.
3How we use information
We use the information we collect to:
- Extract and analyze bills, and generate audit reports and dispute materials
- Maintain your account and bill history
- Process purchases
- Secure and improve the App
We do NOT sell your information or share it with advertising networks or data brokers.
4Bill images and AI processing
The uploaded image is sent to Google's Vertex AI (Gemini) solely to extract the billing data, and is DELETED from our servers immediately after processing — not retained, not used to train models on our behalf. Extracted billing data is retained in your account for your history.
5Data storage, security, and location
Our backend runs on Google Cloud Platform in the United States. We apply:
- Encryption in transit (TLS) and at rest (AES-256)
- Least-privilege access controls
- Audit logging of billing-data access
As a UK-based company, our processing through Google is governed by Google's Cloud Data Processing Addendum, including Standard Contractual Clauses covering international transfers.
6Data retention
- Bill images: deleted immediately after processing
- Extracted billing data and audit results: kept while your account is active
- Generated reports: kept for 90 days
- Account data: kept until you delete your account
- Access logs: retained for security and compliance
7Your choices and rights
You can view your stored data in-app and delete your account and all associated data at any time in Settings.
Depending on your location — including UK/EU GDPR and US state laws such as CCPA — you may have rights to access, correct, delete, port, object to, or restrict our processing of your personal data. To exercise these rights, contact privacy@medbillapp.com.
8Third-party services
The table below lists every third party we share data with and exactly what is shared.
| Service | Purpose | Data shared |
|---|---|---|
| Firebase Authentication (Google) | User login and account management | Email address |
| Google Cloud / Vertex AI (Gemini) | Hosting and bill-data extraction | Bill image (deleted after processing); extracted billing codes and amounts |
| RevenueCat | Purchase management | Purchase token only |
| Apple App Store / Google Play | App distribution and payment | Standard app-store data |
No health-related information is shared with advertisers or data brokers.
9Children
MedBill Auditor is not intended for users under 18. We do not knowingly collect personal information from children. If we become aware that we have done so, we will delete it promptly.
10International users
Our servers are located in the United States. If you use MedBill Auditor from outside the US, your data is transferred to and processed in the US under the safeguards described in Section 5.
11Changes to this policy
We may update this policy from time to time and will revise the "Last updated" date at the top. Material changes will be notified in-app before they take effect.
12Disclaimer
MedBill Auditor provides informational billing analysis only. It is not medical, legal, or financial advice, and is not a medical device. We do not diagnose, treat, or prevent any condition. Always consult appropriate professionals before acting on our analysis.
13Contact
Blackspire Molecular LTD
privacy@medbillapp.com