GetBillBack.com.AI
🔒 Zero-Trace Architecture

Privacy Policy

Last updated April 09, 2026

🛡️

Our Core Privacy Commitment

Your uploaded medical documents are never stored. They are processed ephemerally in-memory and permanently deleted immediately after AI analysis (typically within seconds). We cannot recover them — because we never keep them.

This Privacy Notice for GetBillBack.com ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you visit our website at https://GetBillBack.com.

Questions or concerns? Contact us at support@getbillback.com.

Summary of Key Points

  • What personal information do we process? Only your email address, which you voluntarily provide to receive your audit results.
  • Do we process sensitive information? Yes — health data contained in uploaded bills, and financial data via Stripe. Medical documents are deleted immediately after processing; they are never stored.
  • Do we collect from third parties? No.
  • How do we process your information? To provide the AI audit service, communicate with you, and prevent fraud.
  • How do we keep your information safe? We use the Zero-Trace architecture: medical data is never written to disk. All transmissions are encrypted.

Table of Contents

  1. What Information Do We Collect?
  2. How Do We Process Your Information?
  3. When and With Whom Do We Share Your Personal Information?
  4. Do We Use Cookies and Other Tracking Technologies?
  5. Do We Offer Artificial Intelligence-Based Products?
  6. How Long Do We Keep Your Information?
  7. How Do We Keep Your Information Safe?
  8. Do We Collect Information From Minors?
  9. What Are Your Privacy Rights?
  10. Controls for Do-Not-Track Features
  11. Do United States Residents Have Specific Privacy Rights?
  12. Do We Make Updates to This Notice?
  13. How Can You Contact Us?
  14. How Can You Review, Update, or Delete Your Data?

1. What Information Do We Collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide when you use our Services. The personal information we collect may include:

  • Email addresses — collected when you submit your bill for analysis so we can deliver your audit results.

Sensitive Information

With your consent, we process the following categories of sensitive information:

  • Health data — contained in your uploaded medical bill. This data is processed in-memory only and permanently deleted immediately after analysis.
  • Financial data — handled exclusively by Stripe for payment processing. See Stripe's Privacy Policy.

Payment Data

We may collect data necessary to process your payment (e.g., payment instrument number and security code). All payment data is handled and stored by Stripe. We never store your card details on our servers.

Google API

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google does not use your data to train its AI models when accessed via API on a Pay-as-you-go plan.

2. How Do We Process Your Information?

We process your personal information for the following reasons:

  • To deliver services: To perform the AI forensic audit and generate your dispute letter.
  • To respond to inquiries: To provide support and resolve any issues with the service.
  • To send administrative information: Details about your orders, and changes to our terms and policies.
  • To fulfill and manage orders: To process payments and manage your purchases through Stripe.

3. When and With Whom Do We Share Your Personal Information?

We may share your data with the following categories of third-party service providers who perform work on our behalf:

  • AI Platforms — Google Cloud AI / Gemini API, used to perform the forensic analysis of your bill. Data is processed transiently and not retained by the provider for model training.
  • Cloud Computing Services — Cloudflare, used for bot protection (Turnstile). Only anonymized challenge data is shared.
  • Payment Processors — Stripe, used to process all payments. Subject to Stripe's own privacy policy.

We may also share information in connection with a business merger, sale, or acquisition.

4. Do We Use Cookies and Other Tracking Technologies?

We use only essential cookies necessary for the service to function:

  • Stripe: Uses cookies strictly necessary for payment processing and fraud prevention.
  • Cloudflare Turnstile: Uses cookies strictly necessary for bot protection.

We do not use marketing cookies, advertising trackers, or analytics pixels. For full details, see our Cookie Policy.

5. Do We Offer Artificial Intelligence-Based Products?

Yes. Our core service is powered by the Google Gemini API. When you upload a medical bill, it is transmitted (encrypted, over HTTPS) to the Gemini API for analysis. The resulting JSON audit report is returned to your browser. Neither we nor Google retain or store your medical document after processing.

You must not use our AI tools in any way that violates the terms or policies of any AI Service Provider.

6. How Long Do We Keep Your Information?

Medical Documents: Retained for 0 days. Uploaded documents are processed ephemerally in RAM and permanently and irrecoverably deleted immediately after the AI analysis completes (typically within seconds). We do not store, log, or back up any uploaded health information.

Email addresses are retained only as long as necessary to deliver your audit results and communicate with you about the service.

Transaction records are processed and retained by Stripe in accordance with applicable financial laws.

7. How Do We Keep Your Information Safe?

We have implemented appropriate technical and organizational security measures to protect your personal information:

  • Zero-Trace Architecture: Medical data is never written to permanent storage — it exists only in server RAM during the analysis window.
  • Encrypted Transit: All data transmissions use HTTPS/TLS encryption.
  • Bot Protection: Cloudflare Turnstile prevents automated abuse.

However, no electronic transmission over the Internet can be guaranteed 100% secure. You should only access our Services within a secure environment.

8. Do We Collect Information From Minors?

We do not knowingly collect, solicit data from, or market to children under 18 years of age. By using the Services, you represent that you are at least 18, or the parent or guardian of a minor consenting to their use. If you believe we have inadvertently collected data from a minor, please contact us at support@getbillback.com.

9. What Are Your Privacy Rights?

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal information.
  • Withdraw consent to our processing of your information at any time.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, contact us at support@getbillback.com. Note: because we do not store medical documents, there is nothing for us to retrieve or delete regarding your health data — it no longer exists on our systems.

10. Controls for Do-Not-Track Features

Most web browsers include a Do-Not-Track ("DNT") feature. Because we do not use behavioral tracking or advertising technologies, our service does not track you across the web regardless of your DNT setting. We do not currently respond programmatically to DNT signals, as no uniform standard has been finalized, but our practices already reflect the spirit of that preference.

11. Do United States Residents Have Specific Privacy Rights?

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific rights under applicable state privacy laws (CCPA/CPRA, CPA, CTDPA, etc.).

Categories of Personal Information We Collect

CategoryExamplesCollected
A. IdentifiersEmail address
B. Personal info (CA Records statute)Contact information
C. Protected classification characteristicsGender, age, demographics
D. Commercial informationTransaction / payment history (via Stripe)
E. Biometric informationFingerprints, voiceprints
F. Internet/network activityBrowsing history, ad interactions
G. Geolocation dataDevice location
H. Audio, electronic, sensory infoUploaded medical images/PDFs
I. Professional/employment infoJob titles, work history
J. Education informationStudent records
K. Inferences from personal infoPreference profiles
L. Sensitive personal informationHealth data (ephemeral only)

Retention Periods

  • Categories A, B, C, H (Medical data): 0 days — deleted ephemerally from memory immediately after AI analysis.
  • Category D (Transaction info): Medical documents — 0 days. Transaction records are retained by Stripe under financial regulations.
  • Category G (Geolocation via Cloudflare): Not retained by us; Cloudflare may retain aggregated, anonymized data per their policy.
  • Category L (Sensitive / Health data): 0 days.

Your Rights

  • Right to know whether your personal data is being processed
  • Right to access your personal data
  • Right to correct inaccuracies
  • Right to request deletion of your personal data
  • Right to non-discrimination for exercising your rights
  • Right to opt out of targeted advertising (we do not engage in this)

To exercise these rights, visit https://GetBillBack.com or email support@getbillback.com.

12. Do We Make Updates to This Notice?

Yes. We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this page. We encourage you to review this Notice periodically.

13. How Can You Contact Us?

If you have questions or comments about this notice, please contact us:

14. How Can You Review, Update, or Delete Your Data?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, correct inaccuracies, or delete your personal information. To submit such a request, please email us at support@getbillback.com or visit https://GetBillBack.com.

Please note: because medical documents are deleted immediately and irrecoverably after processing, we are unable to retrieve or restore your health data — by design.