Legal

Privacy
Policy

How we collect, use, disclose, and protect your information.

Effective Date: March 5, 2026 | Last Updated: March 5, 2026

Claimalytics, LLC ("Claimalytics," "we," "our," or "us") is a Florida limited liability company that provides AI-powered analytics and intelligence tools for pharmacy benefit management through our platform, including our hosted SaaS application, Bring Your Own Cloud ("BYOC") deployments, and related services (collectively, the "Service").

This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use our Service, visit our website at claimalytics.com (the "Site"), or otherwise interact with us. By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and other registration details when you create an account or request a demo.
  • Payment Information: Billing address and payment method details processed through our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.
  • Customer Data: Documents, formularies, clinical policies, claims data, and other materials you upload to or generate within the Service ("Customer Data").
  • Communications: Information you provide when you contact us for support, submit feedback, or correspond with us.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, queries submitted, session duration, timestamps, and interaction patterns within the Service.
  • Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Log Data: Server logs, error reports, and diagnostic information.
  • Cookies and Similar Technologies: See Section 6 (Cookies and Tracking Technologies) below.

1.3 Information from Third Parties

  • Authentication Providers: If you sign in through a single sign-on (SSO) provider, we receive profile information as authorized by your identity provider.
  • Business Partners: We may receive information about you from channel partners or referral sources in connection with evaluating or onboarding your organization.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Service, including processing your queries through our AI agent system, generating analytics, and delivering search results with citations.
  • Account Management: To create and manage your account, authenticate your identity, and process payments.
  • Communication: To respond to your inquiries, send transactional notifications, and provide customer support.
  • Security and Compliance: To detect, prevent, and address fraud, abuse, security incidents, and technical issues; and to comply with applicable laws, regulations, and legal processes.
  • Analytics and Improvement: To analyze usage patterns, diagnose problems, and improve the functionality, performance, and reliability of the Service.
  • Marketing (with consent): To send you information about new features, product updates, or promotional materials where you have opted in or where permitted by law.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf, such as cloud hosting (Microsoft Azure), authentication (Clerk), payment processing (Stripe), and analytics. These providers are contractually obligated to protect your information and use it only for the services they provide to us.
  • BYOC Deployments: For customers using our Bring Your Own Cloud deployment model, Customer Data resides entirely within your own Azure tenant. Claimalytics does not have access to or control over Customer Data in BYOC environments except as necessary to deliver the Service and as specified in your service agreement.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with any merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

4. Protected Health Information (PHI)

Claimalytics may process, store, or transmit Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA") on behalf of our customers. In such cases:

  • Claimalytics acts as a Business Associate under HIPAA.
  • PHI is handled in accordance with an executed Business Associate Agreement ("BAA") between Claimalytics and the applicable Covered Entity or Business Associate customer.
  • We implement administrative, physical, and technical safeguards consistent with the HIPAA Security Rule to protect the confidentiality, integrity, and availability of PHI.
  • In BYOC deployments, PHI remains within the customer's own Azure tenant and is subject to the customer's own security controls in addition to Claimalytics' application-level protections.
  • In our hosted SaaS environment, PHI is encrypted at rest and in transit, and access is limited to authorized personnel through role-based access controls.

Where there is a conflict between this Privacy Policy and the terms of an executed BAA, the BAA shall control with respect to PHI.

5. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and multi-factor authentication for administrative access.
  • Regular security assessments and monitoring.
  • Azure-managed infrastructure with SOC 2 Type II compliance.
  • Clerk-managed authentication with enterprise-grade identity security.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

  • Essential Cookies: Required for authentication, session management, and core functionality.
  • Analytics Cookies: Used to understand usage patterns and improve the Service. You may opt out of non-essential analytics cookies through your browser settings or our cookie preferences interface.

We do not use advertising or third-party tracking cookies. We do not sell data collected through cookies to third parties.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods are detailed in our Terms of Service. In general:

  • Active Customer Data is retained for ninety (90) days from last access or use, after which it is moved to archived storage.
  • Archived data is retained for the duration of your service agreement plus a reasonable wind-down period.
  • Account information is retained for the duration of the account relationship and for a period thereafter as required by law or legitimate business purposes.
  • Upon termination of your account, you may request deletion of your Customer Data. We will process such requests within thirty (30) days, subject to legal retention obligations.

For BYOC deployments, data retention is managed within your own Azure tenant and subject to your own retention policies. Claimalytics does not independently retain copies of Customer Data from BYOC environments.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request a portable copy of your data in a structured, commonly used format.
  • Opt-Out: Opt out of marketing communications at any time by using the unsubscribe link in our emails or contacting us directly.
  • Restrict Processing: Request that we limit how we use your information in certain circumstances.

To exercise any of these rights, contact us at privacy@claimalytics.com. We will respond to verified requests within thirty (30) days or as required by applicable law.

9. State-Specific Privacy Rights

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under the CCPA/CPRA. To submit a request, contact privacy@claimalytics.com.

9.2 Other U.S. State Privacy Laws

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, and others) may have similar rights. We honor valid, verified requests consistent with applicable state law.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete that information promptly.

11. International Data Transfers

The Service is hosted in the United States using Microsoft Azure infrastructure. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer. For BYOC customers, data residency is determined by the Azure region you select for your deployment.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Site with a revised "Last Updated" date and, where appropriate, by email or in-app notification. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Claimalytics, LLC
Email: privacy@claimalytics.com
Website: https://claimalytics.com