Privacy Policy
Effective: April 30, 2026
The short version. We collect what we need to draft your appeal letter and process payment. We delete your medical text within 1 hour of delivering the letter. We never sell your data and we don't run ads. Three trusted vendors process pieces of your order (Anthropic, Resend, Stripe). Specifics below.
1. What we collect
When you use the service we collect:
- Intake form data: drug, insurer, denial reason, denial-letter text, BMI, comorbidities, prior weight-loss attempts, prescribing physician name, your name, your member ID, your email
- Payment data: handled directly by Stripe; we receive only a Stripe customer ID and (where applicable) the last 4 digits of your card. We never see or store your full card number, CVC, or bank credentials.
- Technical data: IP address (briefly logged for abuse prevention) and basic browser metadata
2. What we do with it
We use your data only to fulfill your order:
- Pass the form data to Anthropic Claude to generate your letter, summary, and checklist
- Use Resend to email you the letter with PDF attachments
- Use Stripe to charge you and to issue a refund if you request one
We do not use your data to train AI models, build advertising profiles, or for any purpose other than fulfilling your order and meeting our legal recordkeeping obligations.
3. Retention — what we delete and when
| Data | Retention |
|---|---|
| Pasted denial-letter text | Deleted within 1 hour after delivery |
| Prior weight-loss attempts text | Deleted within 1 hour after delivery |
| Your name, email, drug, insurer | Retained for billing, refunds, and the 7-day follow-up email |
| Stripe customer ID and order metadata | Retained as required by financial recordkeeping (typically 7 years) |
| Technical/security logs | 30 days |
You can request earlier deletion at any time by emailing hello@priorauthappeal.com.
4. Subprocessors
We share strictly necessary data with these infrastructure vendors, who are bound by contract to protect it:
- Anthropic, PBC — AI inference infrastructure used as one component of our letter-generation system
- Resend, Inc. — transactional email delivery
- Stripe, Inc. — payment processing
Each vendor has its own privacy policy. We pass only the data each function needs — the payment processor never receives your medical information; the AI inference provider never receives your card number. The full letter-drafting workflow — including our curated database of insurer coverage criteria, prompt engineering, and quality checks — is operated by us; the AI vendor provides only one component of that pipeline.
5. We don't sell your data
We never sell your personal information. We never share it for advertising. We do not run ads on the site. We do not use behavioral tracking pixels.
6. Your rights
You can:
- Access the data we hold about you
- Delete the data we hold about you
- Export the data in machine-readable form
- Withdraw consent to processing (we can no longer provide the service after withdrawal)
- Opt out of the day-7 follow-up email at any time
To exercise any of these, email hello@priorauthappeal.com with the subject "Privacy Request." We respond within 7 days.
7. Cookies
We use the minimum cookies necessary for the site to function. We do not use tracking, advertising, or third-party analytics cookies.
8. Security
The site is served over HTTPS. Payment data is handled by Stripe under PCI-DSS Level 1 compliance. We do not store passwords because the service does not require accounts. Despite reasonable security measures, no method of transmission over the internet is 100% secure.
9. Children's privacy
The service is for adults aged 18 and over. We do not knowingly collect data about minors. If you believe a minor has submitted information, email us and we will delete it.
10. International users
The service is intended for patients in the United States. If you access it from outside the US, you do so on your own initiative and consent to your data being transferred to and processed in the US under US privacy law.
11. Changes
We may update this policy. The "Effective" date reflects the latest version. Material changes will be communicated by email to existing customers when reasonably practicable.
12. Contact
Privacy questions: hello@priorauthappeal.com