Privacy Policy | MedErase

MedErase Inc. ("MedErase," "we," "us," or "our") operates the website located at www.mederase.com and provides medical bill negotiation and advocacy services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. Please read this policy carefully. By using our Services, you agree to the practices described in this Privacy Policy.

For information about how we handle Protected Health Information under HIPAA, please also review our Notice of Privacy Practices. California residents should also review our California Privacy Rights Notice.

1. Information We Collect

Information You Provide to Us

We collect information you provide directly when you use our Services, including when you:

Contact us or request a consultation: Name, email address, phone number, mailing address, and any information you choose to include in your message or intake form.

Engage us for Services: Medical billing records, Explanation of Benefits documents, insurance policy information, income and household information (for charity care screening), Social Security Number (where required for billing purposes), and any other documents you provide in connection with your medical bill case.

Create an account: If you create an account on our platform, we collect your username, password (stored in encrypted form), and any profile information you provide.

Communicate with us: Records of your communications with us, including emails, phone call notes, and support requests.

Information We Collect Automatically

When you visit our website, we automatically collect certain technical information, including:

IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and device identifiers. This information is collected through cookies, web beacons, and similar tracking technologies. See Section 7 (Cookies) for more information.

Information from Third Parties

We may receive information about you from third parties, including hospitals and healthcare providers (when they respond to our inquiries on your behalf), insurance companies (during the appeals and claims process), and payment processors (confirmation of payment transactions).

2. How We Use Your Information

We use the information we collect for the following purposes:

To provide our Services: Processing your case, communicating with healthcare providers and insurers on your behalf, preparing dispute letters and appeal submissions, screening for financial assistance eligibility, and negotiating medical bill reductions.

To communicate with you: Sending case updates, responding to your inquiries, providing information about your case status, and notifying you of material changes to our Services or this Privacy Policy.

To improve our Services: Analyzing usage patterns to improve our website and services, developing new features, and conducting internal research and analytics.

To process payments: Billing for Services rendered, processing transactions through our payment processor, and maintaining financial records.

To comply with legal obligations: Meeting our legal and regulatory obligations, responding to lawful requests from government authorities, and enforcing our Terms of Service.

For marketing communications: With your consent, sending information about our services, resources, and patient education materials. You may opt out at any time.

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

With healthcare providers and insurers, on your behalf: As necessary and as authorized by you to conduct negotiations, file disputes, submit appeals, and complete other case-related activities.

With service providers: We share information with third-party vendors who assist us in operating our business, including cloud storage providers, payment processors, email service providers, and analytics providers. These vendors are contractually obligated to use your information only to perform services for us and to protect it appropriately.

For legal compliance and protection: We may disclose information if required by law, court order, or regulatory authority, or when we believe disclosure is necessary to protect the rights, property, or safety of MedErase, our clients, or others.

In connection with a business transaction: If MedErase is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change and any choices you may have.

With your consent: For any other purpose, with your explicit consent.

4. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. Specifically:

Client case files are retained for a minimum of seven (7) years following case closure, consistent with professional record-keeping standards and to allow for any subsequent review or dispute.

Medical records and billing documents provided to us are retained during the active case period and for three (3) years following case closure, unless a longer period is required by law.

Website analytics data is retained for up to twenty-six (26) months.

Marketing communication preferences and opt-out records are retained indefinitely to honor your choices.

You may request deletion of your information as described in Section 8 (Your Rights), subject to our retention obligations.

5. Data Security

We implement technical, administrative, and physical security measures designed to protect your information against unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption of data in transit using TLS (Transport Layer Security) and encryption of sensitive data at rest. Access controls limiting access to personal information to authorized personnel who need it to perform their job functions. Regular security assessments and monitoring. Vendor security agreements with all third-party service providers who handle personal information.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you in accordance with applicable law.

6. Protected Health Information

To the extent we receive or create Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA) in connection with providing Services to you, we handle such information as a Business Associate under HIPAA. Our handling of PHI is governed by our Notice of Privacy Practices and applicable Business Associate Agreements. In the event of any conflict between this Privacy Policy and our Notice of Privacy Practices with respect to PHI, the Notice of Privacy Practices shall control.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyze site usage.

Essential cookies are required for the website to function and cannot be disabled. They enable core functionality such as security, network management, and accessibility.

Analytics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use Google Analytics for this purpose. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Marketing cookies are used to track visitors across websites to display relevant advertisements. We use Meta Pixel and Google Ads conversion tracking. You can manage your advertising preferences through the Digital Advertising Alliance opt-out tool.

Most web browsers allow you to manage cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

8. Your Privacy Rights

Subject to applicable law, you have the following rights with respect to your personal information:

Access: You may request a copy of the personal information we hold about you.

Correction: You may request correction of inaccurate or incomplete information.

Deletion: You may request deletion of your personal information, subject to our legal retention obligations and the necessity of retaining information to complete our Services.

Portability: You may request that we provide your personal information in a portable, machine-readable format.

Opt-out of marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@mederase.com.

To exercise any of these rights, please contact us at privacy@mederase.com or by mail at the address below. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). See our California Privacy Rights Notice for details.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verifiable parental consent, we will take steps to delete that information. If you believe we have inadvertently collected information from a child under 18, please contact us at privacy@mederase.com.

10. Third-Party Links

Our website may contain links to third-party websites and resources, including government agencies, healthcare organizations, and advocacy resources. These links are provided for informational purposes only. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date and, where required by law, by providing notice through email or other direct communication. Your continued use of our Services following the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

MedErase Inc.
3333 Michelson Drive, Irvine, CA 92612
Email: privacy@mederase.com
Phone: +1 (877) 512-0293