Privacy Policy

1 Who We Are

WinMyAppeals is a protection membership operated from Canada. We provide informational self-advocacy tools and document preparation assistance to help people understand their health insurance and respond to denials. We are not a law firm and do not provide legal advice, and we are not an insurance company.

References to "we," "us," or "our" refer to WinMyAppeals. References to "you" or "Member" refer to any person who accesses or uses our Service.

2 Information We Collect

We collect only what we need to provide the membership:

Account Information

• Email address, used for login and to send you your reports and emails
• Membership tier and billing status
• Household member display names, if you add them on a Family plan

Documents and Plan Data You Provide

• The Summary of Benefits and Coverage and any denial letters you upload
• The structured plan details we extract from those documents, such as your deductible, prior authorization requirements, and exclusions
• The information you enter when preparing an appeal, and the appeal letters you generate

We store this so your reports and appeals can be generated quickly and so your appeal is ready the moment you need it. See Section 3.

Payment Information

Payments are processed by Stripe. We never see, receive, or store your card number or banking details. Stripe gives us only a customer reference ID and your subscription status. Stripe's practices are governed by their own Privacy Policy.

3 Your Health-Related Documents

To provide the membership, we store the plan and denial documents you upload, along with the plan details we extract from them. This is what lets us show you your Coverage Vulnerability Report, send your monthly Protection Report, and prepare an appeal in minutes instead of asking you to start from scratch each time.

These documents are encrypted, and access is restricted to your own account through database-level security rules. They are processed by our AI provider only to generate your reports and letters, and for no other purpose.

You stay in control. You can replace your plan document, and you can delete your account along with every document and record we hold, at any time, from your Account page. See Section 7.

4 How We Use Your Information

We use the information we collect only to:

• Create and maintain your account
• Read your plan and generate your Coverage Vulnerability Report
• Send your monthly Protection Report
• Prepare appeal letters when you need them
• Process and manage your subscription through Stripe
• Provide customer support and send important account or service updates

We do not use your information for targeted advertising, behavioral profiling, or any purpose beyond operating and improving the Service.

5 Third-Party Services

We use a small set of trusted providers to operate the Service:

• Supabase — our database, authentication, and encrypted document storage. Your account, plan data, and uploaded documents are stored here with access-controlled security rules.
• Stripe — our payment processor. Payment details are handled directly by Stripe and never shared with us.
• Anthropic (Claude) — the AI that reads your plan and prepares your reports and letters. Your documents are sent to Anthropic's API to produce these outputs. Anthropic does not use API inputs to train their models. See their Privacy Policy.
• Resend — our email provider, used to deliver your reports and account emails.
• Vercel — our hosting provider. They host the platform and may log standard server data such as IP addresses and request metadata for security and performance.

We do not share your personal information with any other third parties except as required by law.

6 We Do Not Sell Your Data

WinMyAppeals does not sell, rent, or trade your personal or health-related information to any third party, ever. This includes data brokers, advertisers, insurers, healthcare companies, and any other business. Your data is used only to provide you with the membership you paid for.

7 Data Retention and Deletion

We keep your documents, plan data, reports, and appeal history for as long as your account is active, so your protection keeps working. Payment records are retained by Stripe as required by financial regulations.

When you delete your account, we permanently remove your uploaded documents from storage and delete your plan data, reports, appeals, and account records from our database. You can do this yourself, in one click, from your Account page. This cannot be undone.

8 Security

We take reasonable and industry-standard measures to protect your information, including:

• Encryption of data in transit and of stored documents at rest
• Database-level row security so each member can only access their own data
• Private document storage that is never publicly accessible
• Authentication required to access your account, reports, and appeals

No system is perfectly secure. While we do our best to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at caleb@winmyappeals.com.

9 Your Rights

You have the following rights regarding your data:

• Access: View your plan details, reports, and appeal history any time by logging in.
• Deletion: Permanently delete your account and all associated documents and data from your Account page, in one click.
• Correction: Edit your plan details in your dashboard, or contact us at caleb@winmyappeals.com and we will correct it promptly.
• Portability: If you need a copy of the data we hold about you, contact us and we will provide it in a readable format within a reasonable timeframe.

To exercise any of these rights, use your Account page or email us at caleb@winmyappeals.com.

10 Canadian Privacy Law (PIPEDA)

WinMyAppeals is operated from Canada and aims to operate in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law.

Under PIPEDA, the personal information you provide is:

• Collected only with your knowledge and consent, given when you agree to these Terms and create an account
• Used only for the purposes described in this Privacy Policy
• Not disclosed to third parties without your consent, except as described in Section 5 or as required by law
• Protected by reasonable security safeguards
• Accessible to you upon request

If you are a Canadian user and have concerns about how your personal information is handled, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

11 Cookies

We use minimal cookies necessary to operate the Service, including session cookies that keep you logged into your account. We use the Meta Pixel to measure the performance of our ads. We do not use cookies to build advertising profiles of you beyond standard ad measurement.

You can disable cookies in your browser settings, but doing so may prevent you from logging in or using the Service.

12 Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Your continued use of WinMyAppeals after any changes constitutes your acceptance of the updated Policy.

If we make material changes to how we handle your personal information, we will notify you by email before those changes take effect.

13 Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact us: