Privacy Policy

Effective Date: March 1, 2026  •  Last Updated: March 1, 2026
Operator: @BillerBrain™ at billerbrain.com

We know you are already cautious about HIPAA, data privacy, and every new tool that enters your workflow. That caution is appropriate. This policy is written to give you clear, honest answers about what we collect, what we never touch, and who else is involved in delivering this service. No buried clauses. No legalese designed to confuse. If something is unclear after reading this, write to us directly.

Section 1Who We Are

BillerBrain™ ("the Application," "the Service") is a web-based AI billing reference tool owned and operated by Conduit Catalyst LLC, a limited liability company organized under the laws of the State of Mississippi, United States ("we," "us," "our," "the Company").

The Service is delivered exclusively through the secure web application at app.billerbrain.com and marketed through billerbrain.com. All user activity, data processing, and account management occur within this web environment. No third-party messaging platform is required to use the Service.

For all privacy-related questions, see Section 14.

Section 2Data We Collect

We operate on a principle of minimal, purposeful data collection. The following is the complete description of every category of information we receive in connection with your use of the Service.

2.1 — Account and Authentication Data

To access the Application, you provide a work email address. We use this address to:

• Issue and validate your authentication session via a one-time magic link
• Enforce your plan-tier usage limits (Free, Starter, Pro, or Agency)
• Send transactional communications related to your account: billing confirmations, usage alerts, and material policy updates

No username, password, personal identification document, or payment information is collected at account creation. Your email address is the full extent of required identity data.

2.2 — Query Input Data

When you use the text lookup feature, you submit denial reason codes (CARC, RARC, Group Codes, or combinations thereof). These inputs are transmitted over an encrypted HTTPS connection, processed in real time to generate a structured response, and are not permanently stored in a content log linked to your identity. We maintain aggregate, anonymized usage counters per account per billing period for plan-tier enforcement only.

2.3 — Image Upload Data (ERA/EOB Photo Scanner)

When you use the ERA/EOB photo scanner, an image file is uploaded over encrypted HTTPS, processed in server memory to extract billing codes and adjustment amounts, returned to you as a structured analysis, and permanently discarded after the response is delivered. No image file persists on our servers following the completion of your request.

You are required to remove all patient-identifiable information before uploading. See Section 4 for your specific obligations and the steps required.

2.4 — Technical and Usage Data

Like all web applications, our servers receive certain technical information when you access the Sites: IP address (used for security and rate limiting only, not for profiling), browser type and version, operating system, referring URL, pages visited, date and time of access, and session identifiers. This data is used solely for operational purposes and is not shared with advertising networks.

2.5 — Analytics Data

We use Plausible Analytics, a privacy-first analytics platform that collects no personally identifiable information and places no tracking cookies. Plausible reports aggregated, anonymized metrics. No individual user is identified in this data. See Plausible's Data Policy.

2.6 — Contact and Support Data

If you contact us via email or our contact form, we collect your name, email address, and message content to respond to your inquiry. We retain support communications only as long as necessary to resolve your inquiry.

2.7 — Payment Data

All subscription billing is processed by Stripe, Inc. under their Privacy Policy and PCI-DSS Level 1 certification.

Section 3Data We Do Not Collect

• We do not collect patient names, dates of birth, SSNs, medical record numbers, health plan IDs, or any other Protected Health Information (PHI). The Application is engineered so PHI is never required and never accepted as input.
• We do not store your lookup history. We maintain usage counters, not content logs. The difference is significant: we know you made 47 lookups this month; we do not know what they were.
• We do not build behavioral profiles. We do not track which specific codes you research to create advertiser segments, inference profiles, or data products.
• We do not sell, rent, license, or share your personal data with advertisers, data brokers, or marketing firms for any commercial purpose.
• We do not use your data to train AI models. Your queries and uploads are used solely to generate your response.
• We do not place third-party advertising or social media tracking cookies. The Application contains no advertising network integrations.

Section 4HIPAA and Protected Health Information

4.1 — Why No BAA Is Required

Protected Health Information (PHI), defined under HIPAA at 45 CFR §160.103, is individually identifiable health information that can be linked to a specific patient. The data processed by BillerBrain™ — CARC/RARC codes, group codes, CPT/HCPCS procedure codes, and adjustment dollar amounts — is administrative billing data, not PHI. These codes cannot identify any individual patient. They are the same codes published by CMS in its public X12 database, referenced by every clearinghouse in the industry, and found in any printed coding manual. Consulting a reference tool about CARC 197 is no different in its HIPAA posture than looking it up in the Optum360 coding manual on your desk.

4.2 — Your Obligation to De-Identify Before Upload

Before uploading any image to the ERA/EOB scanner, you must remove all patient-identifiable information. This includes:

• Patient name, date of birth, Social Security number or equivalent
• Medical record number, health plan beneficiary number, or member ID
• Address, phone number, or email address of the patient
• Any other identifier classified as PHI under 45 CFR §160.103

The denial codes, claim adjustment amounts, and billing grid beneath the patient header are the only data you need — and the only data we process. Your phone's native photo editor can crop the patient header in under five seconds.

4.3 — Accidental PHI Submission

If you believe you have submitted PHI to the Application, contact us immediately at the address in Section 14. We will confirm whether any data was retained and take appropriate remedial action. Intentional PHI transmission violates our Terms of Service and may result in immediate account termination.

4.4 — Guidance for Compliance Officers

If your organization's compliance program requires formal assessment of vendor tools, the following facts are provided for your review: the Application processes only administrative code data; no clinical, demographic, or patient-identifying information is transmitted, stored, or processed on behalf of any covered entity; session data is discarded upon logout; the Application is analogous in its HIPAA posture to a coding reference manual — it provides guidance, and your licensed professionals apply judgment.

Section 5How the Application Works — Data Flow

1. Authentication — You enter your email. A one-time magic link is delivered to that address. Clicking it issues a secure session token stored in your browser. No password is created or stored on our servers.
2. Text Lookup — You enter a denial code. Your browser transmits it over HTTPS to our API. The API returns a structured JSON response. The input is not written to a persistent database.
3. Photo Scan — You select a de-identified image. Your browser uploads it over HTTPS. Our server processes the image in memory, extracts code data, generates the analysis, returns the response, and discards the image file. No image persists on our infrastructure after response delivery.
4. Logout — Your session token is invalidated. Any in-memory state is cleared.

At no point in this flow is a content log of your queries permanently associated with your identity in any database we operate.

Section 6Third-Party AI Processing

To deliver accurate, context-aware responses, the Application routes queries through third-party AI inference APIs. Currently, this includes services available via OpenRouter, which may connect to models operated by providers including Anthropic, Google, and DeepSeek. This means:

• Your text queries and uploaded image data may be transmitted to these AI providers' APIs for inference
• Each provider maintains its own data handling and privacy policies. We select providers with data minimization commitments for API traffic, but we cannot guarantee their internal policies
• Because PHI is never accepted as input, no patient-identifiable information is transmitted to these providers
• The code data transmitted is the same administrative data publicly available in the CMS X12 database

We will update this section if our AI provider stack changes in a way that materially affects this data flow.

Section 7Cookies and Browser Storage

7.1 — Essential Session Cookie

The Application uses a single first-party session cookie to maintain your authenticated state. This cookie is strictly necessary for the Application to function. It is not used for advertising, tracking, or cross-site profiling. It is invalidated on logout and expires after a period of inactivity.

7.2 — No Third-Party Tracking Cookies

We do not place advertising cookies, affiliate tracking pixels, social media cookies, or any other third-party tracking technology on any page we operate. You will find no Google Ads pixel, Meta Pixel, or equivalent on the Sites.

7.3 — Local Storage

The Application may use browser local storage to preserve UI preferences within a session. This data is stored only in your browser and is never transmitted to our servers.

Section 8Third-Party Service Providers

We work with a small, defined set of service providers to operate the Application. Each is bound to use data only as directed and to maintain appropriate security standards:

• Stripe, Inc. — Payment processing. PCI-DSS Level 1 certified. See Stripe's Privacy Policy.
• Plausible Analytics — Aggregated, anonymized analytics. No PII, no cookies. See Plausible's Data Policy.
• OpenRouter / AI Model Providers — API-level inference processing. No PHI transmitted. See Section 6.
• Cloud Infrastructure Provider — Hosting and compute for the Application. Data is processed and stored within the United States.

We do not share your data with any provider beyond what is strictly necessary to deliver the Service.

Section 9Data Retention Schedule

Section 10Your Privacy Rights

10.1 — Rights Available to All Users

You may exercise the following rights at any time by contacting us using the information in Section 14. We respond to all data rights requests within five (5) business days:

• Access — Request a summary of personal data we hold associated with your account
• Correction — Request correction of inaccurate account data
• Deletion — Request deletion of your account and all associated data. Validated requests are completed within 30 days with written confirmation
• Portability — Request a copy of your account data in a structured, machine-readable format
• Opt-out — Opt out of non-transactional communications at any time via the unsubscribe link in any email we send, or by contacting us directly

10.2 — California Residents (CCPA / CPRA)

California residents have additional rights under the CCPA and CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law. To exercise any California rights, contact us as described in Section 14.

10.3 — EEA and UK Users (GDPR / UK GDPR)

BillerBrain™ is designed for medical billing professionals in the United States. If you access the Service from the European Economic Area or the United Kingdom, your personal data is processed in the United States. If GDPR or UK GDPR applies to your use of the Service, contact us and we will work with you to honor your data subject rights and identify an appropriate legal basis for any continuing processing.

Section 11Security

We implement industry-standard security controls appropriate to the sensitivity and volume of data we process:

• TLS 1.2+ encryption for all data in transit
• Encryption at rest for persistent data stores containing account information
• Magic-link authentication with session expiration — no static passwords to be compromised
• Role-based access controls limiting employee access to production systems on a need-to-know basis
• In-memory processing of query and image data with no persistent content logging
• Regular security review of infrastructure, dependencies, and third-party integrations

No security program is absolute. In the event of a breach that affects your personal data, we will notify you and, where legally required, the appropriate regulatory authorities, in accordance with applicable law. To report a security vulnerability, contact us at the address in Section 14.

Section 12Children's Privacy

The Application is designed exclusively for adult professionals in the medical billing and healthcare administration industry. We do not knowingly collect personal information from individuals under the age of 18. If you have reason to believe a minor has registered for the Service, contact us immediately at the address in Section 14 and we will delete the account and any associated data promptly.

Section 13Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, the Application, or applicable law. When we do:

• The revised policy will be posted at billerbrain.com/privacy with a new Last Updated date
• For material changes affecting your privacy rights, we will provide at least 14 days' advance notice via email to the address on your account
• Your continued use of the Service after the effective date of any update constitutes acceptance of the revised policy
• If you do not agree to a material change, you may close your account by contacting us before the effective date

Section 14Contact Us

For any privacy-related questions, data rights requests, security reports, or general inquiries about this policy:

We respond to all privacy inquiries within one (1) business day. We are real people, not an automated ticketing queue. If something in this policy concerns you, write to us and we will answer plainly.