BillDecodeScan My Bill

Privacy Policy

Last updated: February 2026

BillDecode ("we," "us," or "our") operates the website located at billdecode.com (the "Service"). We are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data.

By using BillDecode, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

1. Our Core Privacy Commitment

BillDecode is designed with a privacy-first architecture. We want to be unambiguous about how we handle your sensitive billing data:

  • We NEVER store, log, or retain your bill images. Uploaded bill images are transmitted directly to the AI analysis service and are immediately discarded after processing. No copy of your bill image is saved on our servers, in our databases, or in any backup system.
  • We NEVER persist Protected Health Information (PHI). No medical billing details, diagnosis codes, procedure codes, patient names, or any other health-related information from your bills is stored in any BillDecode database or file system.
  • We do NOT require user accounts. You can use BillDecode without creating an account, providing a password, or giving us any personal information beyond what is necessary to process a payment.
  • We do NOT use tracking cookies. We only use essential functional cookies required for the Service to operate. We do not use cookies for advertising, analytics tracking, or user profiling.

2. Information We Collect

2.1 Information You Provide

  • Bill Images (Transient Only): When you upload a bill image for analysis, the image is sent to Anthropic's Claude AI for processing. The image is transmitted in real time, analyzed, and immediately discarded. We do not store, cache, or log the image or its contents at any point.
  • Email Address: If you provide an email address during payment (as collected by Stripe), we may retain it solely for the purpose of sending you your scan results and for transactional communication related to your purchase.

2.2 Payment Information

All payments are processed by Stripe, a PCI DSS Level 1 compliant payment processor. We never see, handle, or store your full credit card number, CVV, or other sensitive payment credentials. The only payment-related data we store is:

  • Stripe transaction IDs (for refund and support purposes)
  • Email addresses associated with payments (for transactional communication)
  • Scan scores and analysis metadata (e.g., whether an overcharge was detected, not the bill contents themselves)

2.3 Automatically Collected Information

When you visit our website, we may automatically collect limited technical information necessary for the Service to function:

  • IP address (for rate limiting and fraud prevention; not linked to bill data)
  • Browser type and device type (for rendering the Service correctly)
  • Referring URL (standard web server logs)

We do not use this information for tracking, profiling, or advertising purposes.

3. How We Use Your Information

We use the limited information we collect solely for the following purposes:

  • To provide the Service: Transmitting your bill image to the AI for analysis and returning results to you.
  • To process payments: Facilitating transactions through Stripe and maintaining records for refund and support requests.
  • To communicate with you: Sending scan results to your email and responding to support inquiries.
  • To prevent fraud and abuse: Using IP addresses and technical data to enforce rate limits and detect fraudulent transactions.
  • To improve the Service: Using aggregated, anonymized metadata (e.g., average scan scores, error rates) to improve accuracy and reliability. This data is never linked to individual users or bill contents.

4. Third-Party Services

4.1 Anthropic (Claude AI)

Bill images are transmitted to Anthropic's Claude AI for analysis. Anthropic processes the image in real time to generate your bill analysis. We use Anthropic's API in a configuration that does not retain or use your data for model training. Anthropic's handling of data is governed by their Privacy Policy and API Usage Policy.

4.2 Stripe

Payment processing is handled entirely by Stripe. Stripe is PCI DSS Level 1 certified, which is the highest level of certification in the payment card industry. Your payment card details are collected and processed directly by Stripe and are never transmitted to or stored on BillDecode's servers. For more information, see Stripe's Privacy Policy.

5. Data Retention

  • Bill images: Not retained. Images are processed in real time and immediately discarded. Zero retention period.
  • Bill contents and analysis results: Not persisted in our databases. Analysis results are delivered to you in your browser session and are not stored server-side.
  • Payment metadata: Stripe transaction IDs, email addresses, and scan metadata are retained for as long as necessary to provide customer support, process refunds, and comply with legal and financial record-keeping requirements (typically up to 7 years for tax and accounting purposes).
  • Server logs: Technical logs containing IP addresses and request metadata are retained for no more than 90 days and are used solely for security and debugging purposes.

6. Data Security

We take reasonable technical and organizational measures to protect the information we handle:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
  • Bill images are transmitted directly to Anthropic's API over encrypted connections and are never written to disk on our servers.
  • Payment processing is fully delegated to Stripe's PCI DSS-compliant infrastructure.
  • Access to payment metadata and server logs is restricted to authorized personnel only.

While no system can guarantee absolute security, our privacy-first design minimizes risk by simply not storing sensitive data in the first place.

7. Cookies

BillDecode uses only essential functional cookies that are strictly necessary for the Service to operate. These may include:

  • Session cookies to maintain state during the scan process
  • Security cookies for CSRF protection and fraud prevention

We do not use cookies for advertising, user tracking, analytics, or any purpose beyond the basic functionality of the Service. We do not use third-party tracking cookies.

8. Children's Privacy

BillDecode is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@billdecode.com and we will promptly take steps to delete such information.

9. Your Rights

Because BillDecode stores minimal personal data, many traditional data rights are satisfied by our architecture by default:

  • Right to access: You may request a copy of any personal data we hold about you (limited to payment metadata and email address).
  • Right to deletion: You may request that we delete your payment metadata and email address from our records, subject to legal record-keeping requirements.
  • Right to rectification: You may request that we correct any inaccurate personal data we hold about you.
  • Right to data portability: You may request your personal data in a structured, machine-readable format.

To exercise any of these rights, please contact us at support@billdecode.com. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). Specifically:

  • We do not sell your personal information to third parties.
  • We do not share your personal information for cross-context behavioral advertising.
  • You have the right to know what personal information we collect, request its deletion, and opt out of any sale (though we do not sell data).
  • We will not discriminate against you for exercising your CCPA rights.

11. International Users

BillDecode is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using the Service, you consent to the transfer of your information to the United States. Our minimal data collection practices are designed to align with the principles of international privacy frameworks, including the GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@billdecode.com