Privacy Policy

Effective: April 2026

BillCheck by Lonia AI takes your privacy seriously. Here is exactly what we collect, why, and what happens to it.

What We Collect

When you use BillCheck, we collect only what is needed to deliver your report:

Email address — for report delivery
Stripe payment ID — for linking your payment to your uploaded files
Uploaded medical bill and EOB documents — for analysis

That is it. No account creation, no passwords, no tracking cookies, no analytics profiles.

How Your Data Is Processed

Your documents are analyzed using AI (via OpenRouter API). Analysis results are reviewed by the BillCheck team before your report is sent. Documents are encrypted at rest and in transit. All files are stored in a private Supabase storage bucket accessible only via authenticated service role.

Third-Party Services

We use a small number of third-party services. Here is exactly what data each one receives:

Stripe

Payment processing. Stripe handles your email, payment amount, and card details entirely on their servers. Card information never touches ours.

Supabase

Encrypted file storage and job tracking. Stores your documents, email, and payment ID.

Resend

Transactional email delivery. Receives your email address and the report PDF for delivery.

OpenRouter / Claude

AI analysis of document content. Receives document text only — no PII is transmitted beyond what appears on the bill itself.

Data Retention

Uploaded files: automatically and permanently deleted 7 days after your report is sent. No file content is retained after deletion.

Job records (payment ID, email, date, issue count, report summary): retained indefinitely for liability protection and dispute support.

HIPAA Awareness

BillCheck is designed with HIPAA-aware data handling practices: data minimization, encrypted storage, access controls, automatic deletion, and audit trails. BillCheck is not a covered entity under HIPAA but voluntarily applies these safeguards because medical billing data deserves the same protection as medical records.

Your Rights

You may request deletion of your data at any time by emailing support@lonia.ai. We will confirm deletion within 5 business days.

GDPR: If you are in the EU, you have the right to access, correct, or delete your personal data. Contact support@lonia.ai.

Cookies

BillCheck does not use tracking cookies, analytics cookies, or advertising cookies. No client-side storage is used beyond what is necessary for site functionality.

Children's Privacy

BillCheck is not intended for use by anyone under 18. We do not knowingly collect data from minors.

Changes to This Policy

We will update this page if our practices change. The effective date at the top reflects the most recent revision.

Contact

Questions about privacy? Email support@lonia.ai.

← Back to BillCheck