InvisaClaim LLC
PRIVACY POLICY
Effective Date: March 17, 2026
This Privacy Policy explains how InvisaClaim LLC (“InvisaClaim,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you access or use our website (www.invisaclaim.com), application (app.invisaclaim.com), and AI-powered healthcare revenue cycle services (collectively, the “Services”).
This Policy is part of and incorporated into our Terms of Use. It applies to all users of the Services. If you provide Protected Health Information (PHI), our separate Business Associate Agreement (BAA) governs that PHI and takes precedence over any conflicting provisions in this Policy.
BY USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY. If you do not agree, you must not use the Services.
1. Information We Collect
We collect the following categories of information:
Account and Contact Information Name, email address, phone number, organization details, billing information, and login credentials.
Your Data Claims data, denial records, appeal drafts, patient encounter information, billing codes, analytics inputs, and any other content you upload or generate through the Services.
Protected Health Information (PHI) Only if you have executed a BAA with us. Without a BAA, you are prohibited from uploading PHI.
Usage and Technical Data IP address, browser type, device information, operating system, usage logs, session data, and interaction metrics (automatically collected).
Automatically Collected Data Cookies, pixels, and similar tracking technologies (see Section 9).
We do not collect sensitive personal information (e.g., racial or ethnic origin, sexual orientation, or genetic data) except to the extent it appears in PHI you lawfully provide under a BAA.
2. How We Use Your Information
We use the information we collect to:
Provide, maintain, and improve the Services (including AI-powered denial analysis, appeal generation, and workflow automation).
Process and analyze Your Data to deliver AI outputs.
Train, refine, and enhance our AI models using aggregated and de-identified data only (never your identifiable PHI unless expressly permitted in your BAA).
Manage accounts, billing, and subscriptions.
Communicate with you (service updates, support, legal notices).
Detect, prevent, and respond to security incidents, fraud, or misuse.
Comply with legal obligations and enforce our Terms of Use.
We do not use your data for marketing purposes without your explicit consent.
3. How We Share or Disclose Information
We share information only in the following limited circumstances:
Service Providers and Subprocessors We engage third-party cloud storage, AI processing, and infrastructure vendors (such as AWS, Azure, Google Cloud, and other AI model providers). All such vendors are contractually bound by Business Associate Agreements (for PHI) or equivalent data protection agreements. They may access data solely to provide services to us and are prohibited from using it for their own purposes.
Legal Requirements We may disclose information if required by law, subpoena, court order, or government request (including HIPAA-permitted disclosures).
Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
Aggregated or De-Identified Data We may share anonymized, aggregated data for industry analytics or research. This data cannot reasonably identify you or any individual.
No Sale of Data We do not sell your personal information or PHI to any third parties.
4. AI-Specific Processing
Our Services rely on artificial intelligence. AI outputs are generated automatically and may contain inaccuracies, omissions, or hallucinations. We use your inputs solely to provide the Services and improve our models in aggregated/de-identified form. Human oversight is required on your end before any output is used for claims submission or patient-related decisions. We do not use customer PHI to train public models without explicit BAA authorization.
5. Data Retention and Deletion
Active Subscription: We retain Your Data for as long as your subscription is active and as needed to provide the Services.
After Termination or Cancellation: We retain Your Data for a maximum of thirty (30) days to allow you to export it.
Permanent Deletion: After 30 days, all data (including PHI) may be permanently and irreversibly deletedwithout further notice.
Backups: We maintain temporary backups for disaster recovery only; these are also subject to the 30-day deletion timeline.
We have no obligation to retain or return any data beyond this period. You are solely responsible for maintaining your own backups and exporting records before termination.
6. Security
We implement commercially reasonable administrative, technical, and physical safeguards (encryption at rest and in transit, access controls, audit logging, regular vulnerability scanning, and employee training) to protect your information. However, no system is completely secure. We do not guarantee that data will never be lost, accessed, or disclosed in an unauthorized manner. You must use strong, unique passwords and enable multi-factor authentication where available.
7. Your Rights and Choices
For Non-PHI Personal Information (e.g., account data): You may:
Access, correct, or delete your information (subject to legal retention obligations).
Opt out of certain processing (where applicable).
Request a copy of your data in portable format.
For PHI: All rights (access, amendment, accounting of disclosures, etc.) are governed exclusively by your BAA and applicable HIPAA rules. Contact your organization’s privacy officer or submit requests through the BAA process.
California Residents (CPRA/CCPA Rights): You have the right to know what personal information we collect, request deletion, opt out of “sales” (we do none), and correct inaccuracies. To exercise these rights, email legal@invisaclaim.com. We will verify your identity before responding (response within 45 days).
Other State Privacy Rights (Virginia, Colorado, Connecticut, Utah, etc.): Similar rights apply where required by law.
To exercise any rights, email legal@invisaclaim.com. We will respond within the time required by applicable law.
8. HIPAA and Protected Health Information
If you upload PHI, a valid BAA must be in place before any processing occurs. This Policy supplements—but does not replace—your BAA. We act only as a Business Associate and will:
Use and disclose PHI solely as permitted by the BAA and HIPAA.
Implement required safeguards.
Report breaches as required by law.
Return or destroy PHI upon termination (subject to the 30-day retention period above).
9. Cookies and Tracking Technologies
We use essential cookies (for authentication and functionality), analytics cookies (Google Analytics, etc.), and functional cookies. You can manage preferences through your browser settings or our cookie consent banner. We do not use tracking technologies that disclose PHI without a BAA.
10. Third-Party Links and Services
The Services may contain links to third-party sites. We are not responsible for their privacy practices. Review their policies before providing information.
11. Children’s Privacy
Our Services are not intended for anyone under 18. We do not knowingly collect data from children. If you believe we have, contact us immediately.
12. International Users
If you are outside the United States, your data is transferred to and processed in the U.S. By using the Services, you consent to this transfer. We implement appropriate safeguards for international transfers where required.
13. Changes to This Privacy Policy
We may update this Policy at any time. Material changes will be notified via email or in-Service notice. Continued use after the effective date constitutes acceptance. The “Effective Date” at the top reflects the latest version.
14. Contact Information
InvisaClaim LLC 1200 N Federal Hwy, Suite 300 Boca Raton, FL 33432 Email: legal@invisaclaim.com Website: www.invisaclaim.com
Last Updated: March 17, 2026