AppealAI

Privacy Policy

Last updated: April 4, 2026

AppealAI is a productivity tool for medical billers and healthcare providers. We take data privacy seriously. This page explains exactly what we collect, what we do not store, and how your information is handled.

Our HIPAA Position

AppealAI is a productivity tool that generates draft appeal letters to assist medical billing professionals. We are not a covered entity or business associate under HIPAA. However, we take data privacy seriously and automatically strip identifying information from documents before any AI processing occurs.

Automatic PII Redaction

Before your denial letter text is sent to our AI for processing, we automatically detect and remove common personal identifiers. This redaction happens server-side, before any data leaves our infrastructure to third-party AI services.

Information we strip:

  • Social Security Numbers (SSNs)
  • Dates of birth
  • Phone numbers
  • Email addresses
  • Patient names (when labeled)
  • Member IDs, Policy numbers, Group numbers, Subscriber IDs
  • Street addresses (when labeled)

We intentionally do not remove denial codes (CO-XX, PR-XX, OA-XX, RARC), CPT/HCPCS procedure codes, ICD-10 diagnosis codes, or claim dollar amounts — those are required to generate an accurate appeal.

How Data Is Processed

  1. Text extraction — Your uploaded file (PDF or image) is read server-side to extract the text content. The original file is never stored.
  2. PII stripped — Common identifying information is automatically removed from the extracted text before any further processing.
  3. Sent to AI— The redacted text is sent to Anthropic’s Claude API to generate your appeal letter.
  4. Saved (redacted only) — If you create an account, the redacted text and your generated appeal are saved to our database for your future access.

What We Collect

Email address

Collected when you choose to save your appeal or sign up for updates. Used to associate your saved appeals with your account and send product updates. Never sold or shared with third parties for marketing.

Redacted denial letter text

The text extracted from your document, after PII has been removed. Stored so we can display your past analyses.

Generated appeal letters

The AI-generated appeal letter associated with your session. Stored so you can access and track your appeals over time.

Structured denial data

Structured fields extracted by the AI: payer name, denial code, procedure code, diagnosis code, date of service, and billed amount. These are stored to power your appeal tracker.

What We Do NOT Store

  • Your original uploaded files (PDFs or images)
  • Unredacted PHI — SSNs, dates of birth, phone numbers, addresses
  • Patient names or member IDs from your documents
  • Payment or credit card information (we have no paid tier currently)

Data Retention & Deletion

Appeals and account data are retained so you can access your history. You may request deletion of your data at any time by emailing getappealai@gmail.com with the subject line “Data Deletion Request.” We will delete your email address and all associated appeals within 30 days.

Third-Party Services

Anthropic (Claude AI)

Redacted denial letter text is sent to Anthropic’s API to generate appeal letters. Anthropic does not train on API inputs by default. See Anthropic’s Privacy Policy.

Vercel

AppealAI is hosted on Vercel. Server logs may include IP addresses and request metadata. See Vercel’s Privacy Policy.

Supabase

User accounts and saved appeals are stored in Supabase, a Postgres-based cloud database. Data is stored in the US. See Supabase’s Privacy Policy.

Disclaimer

AppealAI generates draft appeal letters for review by qualified medical billing professionals. Generated appeals are not legal advice, medical advice, or a guarantee of claim approval. Always verify the accuracy of any generated appeal — including regulatory citations, codes, and payer-specific requirements — before submission.

Contact

Questions about this policy or data deletion requests: getappealai@gmail.com