Privacy Policy

Last updated: February 11, 2026

BenefitGuard (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the BenefitGuard website, application, and services (the “Service”). Because our Service handles health insurance information, we take data protection extremely seriously.

1. Information We Collect

1.1 Information You Provide Directly

• Account information: Name, email address, and password when you create an account
• Profile information: Zip code, state of residence, and insurance company name (provided during onboarding to personalize your experience)
• Uploaded documents: Insurance documents you upload for analysis, such as Summary of Benefits and Coverage (SBC), Explanation of Benefits (EOB), medical bills, denial letters, and formularies. These documents may contain personal health information, insurance plan details, and financial information.
• Chat conversations: Questions you ask and the AI-generated responses, which are stored to maintain your conversation history
• Provider verification data: When you verify whether a healthcare provider is in your insurance network, that verification is stored to help other users with the same insurer

1.2 Information Collected Automatically

• Device and browser information: Browser type, operating system, device type, and screen resolution
• Usage data: Pages visited, features used, timestamps, and interaction patterns
• Error data: Application errors and performance metrics collected through our error monitoring service (Sentry) to improve reliability
• Session data: Authentication tokens and session identifiers required to keep you logged in

1.3 Information from Third-Party Sources

• Provider data: Healthcare provider information from Google Places API and the National Plan and Provider Enumeration System (NPPES), used to populate provider search results
• Network status data: In-network provider information from CMS Transparency in Coverage machine-readable files, used to display network status badges
• OAuth providers: If you sign in with Google or Apple, we receive your name and email address from those services (we never receive your passwords from these providers)

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Generate AI-powered responses to your insurance questions using your uploaded documents and our knowledge base as context
• Personalize your experience: Use your location and insurer to show relevant state laws, in-network providers, and insurer-specific information
• Process documents: Extract text from uploaded PDFs and images (including OCR for scanned documents), create searchable embeddings, and store them for retrieval during conversations
• Improve the Service: Analyze usage patterns, identify bugs through error monitoring, and understand which features are most valuable
• Communicate with you: Send account-related emails such as verification, password reset, and important service updates
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access through rate limiting and monitoring

3. Third-Party Services

We share data with the following third-party services, strictly to provide and improve the Service:

We do NOT sell, rent, or share your personal information with advertisers, data brokers, or any party not listed above. We do not use your data for advertising purposes.

3.1 OpenAI Data Processing

When you ask a question, relevant excerpts from your uploaded documents and our knowledge base are sent to OpenAI's API to generate a response. OpenAI's data usage policies apply to this processing. As of our last review, OpenAI does not use API data to train its models. We encourage you to review OpenAI's API data usage policies for the most current information.

4. Data Retention

• Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
• Uploaded documents: Stored as long as your account is active. You can delete individual documents at any time from the Documents page. All documents are deleted when you delete your account.
• Chat history: Stored as long as your account is active. You can delete individual conversations at any time. All conversations are deleted when you delete your account.
• Provider verification data: Retained indefinitely to benefit all users, but not linked to your identity after account deletion.
• Error logs: Retained for 90 days, then automatically purged.

5. Data Security

We implement multiple layers of security to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS enforced via HSTS)
• Encryption at rest: Database storage on Neon uses AES-256 encryption at rest
• Authentication: Passwords are hashed using bcrypt with salt rounds; session tokens are cryptographically signed
• Access control: Users can only access their own documents, conversations, and profile data
• Rate limiting: API endpoints are rate-limited to prevent abuse
• Security headers: Content Security Policy, HSTS, X-Frame-Options, and other headers protect against common web attacks

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

You have the right to:

• Access your data: View all information we hold about you through your account dashboard and settings
• Correct your data: Update your profile information at any time through account settings
• Delete your data: Delete individual documents, conversations, or your entire account. Account deletion removes all associated data within 30 days.
• Export your data: Request a copy of your data by contacting us at privacy@benefitguard.app
• Opt out of non-essential processing: You can use the Service without uploading documents (using only our knowledge base for general insurance questions)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). If you are a resident of the European Economic Area, you may have additional rights under GDPR. Contact us at privacy@benefitguard.app to exercise these rights.

7. Cookies and Tracking

BenefitGuard uses minimal cookies:

• Session cookie: Required for authentication — keeps you logged in. Expires when you close your browser or after the session timeout.
• Theme preference: Stores your light/dark mode choice. Stored locally, not transmitted to our servers.

We do NOT use advertising cookies, third-party tracking pixels, or analytics cookies that track you across other websites.

8. Children's Privacy

BenefitGuard is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately at privacy@benefitguard.app and we will promptly delete the information.

9. HIPAA Notice

BenefitGuard is designed with awareness of health information sensitivity, but we are not a HIPAA-covered entity (we are not a healthcare provider, health plan, or healthcare clearinghouse). While we implement strong security measures to protect your health-related information, the HIPAA Privacy and Security Rules do not directly apply to our Service. We encourage you to be thoughtful about what health information you share with any online service.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

• Privacy inquiries: privacy@benefitguard.app
• Data deletion requests: privacy@benefitguard.app
• General support: support@benefitguard.app