Your bills stay on your phone. When we analyze a bill, the image is sent encrypted to our AI service, which doesn't train on it and deletes it within 30 days. We don't have user accounts, cloud storage, or any persistent copy of your data. We don't sell, share, or monetize your data. Period.
1. What Information We Collect
Information you provide directly
| Data Type | When | Where Stored |
|---|---|---|
| Bill images (photos or screenshots of medical bills) | When you scan a bill | On your device only |
| Analysis results (findings, line items, dispute letters) | After AI analysis completes | On your device only |
| User-entered savings amounts | When you manually log savings | On your device only |
Information collected automatically
| Data Type | Purpose | Duration |
|---|---|---|
| Crash logs & diagnostics (via Sentry) | App stability & bug fixing | 90 days |
| Anonymous usage analytics (via TelemetryDeck — screens visited, features used, no bill content, no personal identifiers) | Improving the app experience | 12 months |
Information we do NOT collect
- Names, email addresses, phone numbers, or any account information
- Insurance plan details or member IDs
- Social Security numbers or financial account numbers
- Location data, contacts, or other device data unrelated to the App
2. How We Use Your Information
Bill images are used for one purpose: AI-powered analysis to identify potential billing errors. Specifically:
- Bill analysis: Your bill image is transmitted to our AI service provider for processing and returned as structured findings.
- Dispute letter generation: Analysis results are used on-device to populate dispute letter templates.
- App improvements: Anonymous, aggregated usage patterns (never bill content) help us improve features.
We do not use your bill images, analysis results, or any personal data for advertising, marketing, profiling, or sale to third parties.
3. AI Processing & Third-Party Services
Before any data is transmitted, the app presents a consent screen identifying that your bill images will be sent to Anthropic (Claude AI) for analysis. You must tap "Allow & Continue" before any data leaves your device. If you tap "Don't Allow," no data is transmitted and AI analysis features will not function. You can change your consent decision at any time in Settings → AI Data Sharing.
Once you have given permission, your bill image is sent over an encrypted (TLS 1.2+) connection to Anthropic's Claude API for analysis. Here is exactly what happens:
- In transit: Bill images are encrypted using TLS 1.2 or higher during transmission.
- At the provider: Anthropic's commercial API does not use inputs or outputs for model training. This is their standard commercial API policy.
- Retention: Anthropic retains API inputs for up to 30 days for safety and abuse monitoring, after which they are automatically deleted.
- No persistent storage: We do not maintain any cloud servers or databases that store your bill images or analysis results.
For current information about Anthropic's data handling practices, see Anthropic's Usage Policy.
4. Data Storage & Security
On-device storage
All bill images, analysis results, dispute letters, and savings data are stored exclusively on your device using the operating system's local storage mechanisms. This data is protected by your device's security (passcode, biometric lock, device encryption).
What happens when you uninstall
Uninstalling Billscope permanently deletes all locally stored data, including bill images, analysis history, and dispute letters. Because we do not maintain cloud backups, this deletion is irreversible.
Security measures
- API key stored in device secure enclave (Expo SecureStore)
- All network transmissions use TLS 1.2+ encryption
- No cloud databases or server-side storage
- No user authentication tokens or session data
5. Who We Share Data With
We share data with a small number of services, each for a specific purpose:
| Provider | Data Shared | Purpose | Retention |
|---|---|---|---|
| Anthropic (Claude API) | Bill images during analysis | AI-powered bill analysis | Up to 30 days, then auto-deleted |
| Apple (RevenueCat/App Store) | Purchase receipts | Subscription management | Per Apple's privacy policy |
| Sentry | Crash logs, device type, OS version, app version | Crash reporting — so we can fix bugs | 90 days |
| TelemetryDeck | Anonymous usage signals (screens viewed, features used — no personal identifiers, no IP addresses) | Understand how people use the app | Per TelemetryDeck's privacy policy |
Anthropic's commercial API terms provide data protection equivalent to or exceeding our own practices: they do not use your inputs for model training, they encrypt data in transit and at rest, and they automatically delete API inputs after their retention period. For Anthropic's current data handling commitments, see Anthropic's Usage Policy.
We do not sell, rent, or share your data with advertisers, data brokers, or any other third parties. Our analytics are fully anonymous — TelemetryDeck cannot identify individual users, and Sentry only receives data when the app crashes. For Sentry's data handling practices, see Sentry's Privacy Policy. For TelemetryDeck's privacy practices, see TelemetryDeck's Privacy Policy.
6. HIPAA, PHI & Healthcare Data
Billscope is a consumer educational tool. We are not a HIPAA-covered entity (we are not a healthcare provider, health plan, or healthcare clearinghouse) and we are not a business associate of any covered entity.
What this means for you:
- Medical bills may contain Protected Health Information (PHI) such as names, dates of service, diagnoses, and procedure codes.
- By scanning a bill, you are voluntarily sharing this information with our AI service for analysis. This is your choice.
- While we are not legally required to comply with HIPAA, we follow HIPAA-aligned best practices in our data handling: data minimization, encryption in transit, no persistent storage, and limited retention at our AI provider.
- Our AI provider (Anthropic) does not use your data for training and retains it only for safety monitoring.
If you require HIPAA-covered billing review services, please consult a certified medical billing advocate or your healthcare provider's patient advocate.
FTC Health Breach Notification Rule
As a consumer health tool, Billscope is subject to the FTC Health Breach Notification Rule. In the unlikely event of a data breach involving your health information, we will notify affected users and the FTC in accordance with applicable requirements.
7. Your Rights
Because your data is stored on your device, you have direct control over it:
- Access: All your data is on your device and visible within the App.
- Deletion: Delete individual bills within the App, or uninstall to delete everything.
- Portability: Dispute letters can be exported as PDFs at any time.
- Opt-out: You can disable anonymous analytics in Settings.
8. State-Specific Provisions
California (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act. We do not sell personal information, we do not share personal information for cross-context behavioral advertising, and we do not use sensitive personal information for purposes beyond what is needed to provide the service. California residents may exercise their rights by contacting us at [email protected].
Washington (My Health My Data Act)
Washington residents have rights under the My Health My Data Act regarding consumer health data. We collect health data (medical bill contents) only with your consent (granted at first scan), use it only for bill analysis, do not sell it, and delete it when you uninstall the app. Washington residents may exercise their rights by contacting us at the address below.
Other States
We comply with applicable privacy laws in all U.S. states. If your state provides additional privacy rights, contact us and we will honor them.
9. Children's Privacy
Billscope is not intended for use by children under 18. We do not knowingly collect information from children. If you believe a child has used Billscope, contact us and we will assist with any concerns.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through an in-app notice. The "Last Updated" date at the top of this page will always reflect the most recent version.
11. Contact Us
For privacy questions, data requests, or concerns:
Email: [email protected]
General inquiries: