Privacy Policy

Recovered ("we," "us," or "our") operates the website and medical bill review service. This Privacy Policy explains how we collect, use, protect, and disclose information when you use our service.

We understand that you are trusting us with sensitive financial and medical information. We take that responsibility seriously.

1. Information We Collect

Information you provide directly:

• Name, email address, phone number, and state of residence
• Insurance status and insurance provider information
• Medical bills, itemized statements, and Explanations of Benefits (EOBs)
• Descriptions of your medical visit and treatment received
• Bill amounts and payment information
• Any additional information you share in communications with us

Information collected automatically:

• Browser type, device type, and operating system
• IP address and approximate geographic location
• Pages visited and time spent on our website
• Referring website or source

2. How We Use Your Information

We use the information we collect to:

• Review your medical bills for billing errors, overcharges, and coding mistakes
• Benchmark your charges against Medicare rates, FAIR Health data, and published hospital chargemasters
• Draft dispute letters and negotiate with hospitals and billing departments on your behalf
• Communicate with you about your bill review, findings, and negotiation progress
• Process payments for our contingency-based fee
• Improve our service, error detection methods, and internal processes
• Comply with legal obligations

3. How We Protect Your Information

We implement the following security measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
• Encryption at rest: Stored documents and personal information are encrypted using industry-standard encryption
• Access controls: Access to your medical bills and personal information is limited to authorised personnel directly involved in your bill review
• Document retention: Medical bills and supporting documents are deleted from our systems after your review and any associated negotiations are complete, unless you request that we retain them
• No unnecessary storage: We do not retain copies of your medical bills longer than necessary to complete the service you requested

4. Information Sharing and Disclosure

We do not sell your personal information. We do not sell, rent, trade, or otherwise share your personal or medical billing information with third parties for their marketing purposes. Ever.

We may share your information only in the following limited circumstances:

• With hospitals and billing departments: When negotiating on your behalf, we share relevant billing information with the hospital or provider billing department. This is necessary to perform the service you requested.
• With insurance companies: If filing an appeal or dispute on your behalf requires communication with your insurer, we may share relevant information with them.
• Service providers: We use third-party tools for form processing (Formspree), payment processing (Stripe), and website hosting (Netlify). These providers only receive the minimum information necessary to perform their function and are bound by their own privacy policies.
• Legal requirements: We may disclose information if required by law, court order, or government regulation.
• With your consent: We may share information with third parties if you give us explicit permission to do so.

5. Aggregated and De-Identified Data

We may use de-identified, aggregated data derived from bill reviews for research, analysis, and service improvement purposes. This data is stripped of all personally identifiable information and cannot be used to identify any individual patient. Examples include aggregate statistics on billing error rates by procedure type, geographic region, or hospital system.

We will never publish or share any information that could identify you, your medical conditions, or your specific billing details without your explicit written consent.

6. HIPAA Considerations

Recovered is not a "covered entity" or "business associate" as defined under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses — not to patient advocacy or bill review services.

However, we recognise that the information you share with us is sensitive. We voluntarily adopt data handling practices consistent with HIPAA's security principles, including encryption, access controls, minimum necessary use, and secure disposal of records. We treat your data as if HIPAA applied to us, because it is the right thing to do.

7. Your Rights

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct any inaccurate information
• Deletion: Request that we delete your personal information and all associated documents. We will comply within 30 days.
• Withdraw consent: Stop using our service at any time. If you withdraw during an active negotiation, we will cease all activity on your behalf.
• Data portability: Request your information in a commonly used electronic format

To exercise any of these rights, contact us at the email address listed below.

8. Cookies and Tracking

Our website uses minimal cookies necessary for basic site functionality. We do not use advertising cookies, tracking pixels, or retargeting technologies. We do not serve ads on our website or allow third-party advertisers to track our visitors.

We may use basic analytics (such as page views and traffic sources) to understand how visitors use our website. This data is aggregated and does not identify individual users.

9. Data Retention

We retain your personal information and documents only for as long as necessary to provide our service:

• Active cases: Your information is retained while your bill review and any negotiations are in progress
• Completed cases: After your case is resolved and payment (if applicable) is processed, we retain basic case records (name, email, outcome summary) for up to 12 months for our records, then delete them
• Medical bills and documents: Deleted within 30 days of case completion unless you request otherwise
• You can request immediate deletion at any time

10. Children's Privacy

Our service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy, your data, or our practices, contact us at:

Email: [email protected]