Privacy Policy

Overturn Solutions LLC is a New Jersey limited liability company that provides AI-powered insurance denial appeal generation software for small medical practices. You can reach us at hello@hioverturn.com.

Information you give us directly:

• Account information when you sign up: name, email, practice name, role, specialty, monthly claim volume, billing address.
• Payment information: handled by Stripe. We never see or store your full credit card number.
• Communications: emails, support tickets, demo call recordings (with your consent).

Information you upload to use the service:

• Denial letters and Explanation of Benefits (EOB) documents.
• Patient chart notes and clinical documentation you choose to provide.
• Generated appeal letters.

This information may include Protected Health Information (PHI). PHI is treated under HIPAA rules and the BAA, not just under this policy.

Information we collect automatically:

• Log data: IP address, browser type, device type, pages visited, timestamps, referring URLs.
• Cookies and similar technologies: used for authentication, session management, and basic analytics. We do not use third-party advertising trackers.
• Usage data: features used, appeals generated, error reports.

We use the information we collect to:

• Provide the service (generate appeals, track deadlines, deliver results to you).
• Process payments and manage your account.
• Communicate with you about your account, support requests, and product updates.
• Improve the service through aggregated, de-identified analytics.
• Comply with legal obligations.

What we never do with your data:

• We never sell or rent your information to third parties.
• We never use PHI to train AI models. Period.
• We never share patient information with insurance carriers, advertisers, data brokers, or any party outside the BAA-covered service providers required to deliver the product.

Source documents (denial letters, chart notes, supporting clinical documentation): Deleted within 24 hours of appeal generation. We process this data, we do not archive it.

Generated appeal letters: Retained for the life of your account so you can re-download, audit, or resubmit. Deleted within 30 days of account termination unless you request earlier deletion.

Account and billing data: Retained for the life of your account plus 7 years after termination, as required by tax and business records law.

Usage logs: Retained for up to 12 months in identifiable form, then aggregated or deleted.

You can request deletion of your account and associated data at any time by emailing privacy@hioverturn.com. We'll confirm deletion within 30 days.

We share information only with the service providers required to operate Overturn:

• Anthropic, PBC (AI model provider): processes appeal generation requests under a Business Associate Agreement. Anthropic does not train models on customer data submitted via the API.
• Supabase, Inc. (database and authentication): stores account data and generated appeal letters under a BAA.
• Vercel, Inc. (hosting): serves the application. Configured to never persist PHI in logs.
• Stripe, Inc. (payment processing): handles billing only. Never receives PHI.
• Resend, Inc. (transactional email): sends account notifications. Never receives PHI in email content.

Each of these providers is bound by a written agreement that limits their use of your information to providing services on our behalf. We do not share information with any other third parties except as required by law or with your explicit consent.

• All data is encrypted in transit using TLS 1.3.
• All data is encrypted at rest using AES-256.
• Access to production systems is restricted, logged, and reviewed.
• We follow the HIPAA Security Rule and maintain reasonable administrative, physical, and technical safeguards.
• We perform regular security reviews and address vulnerabilities promptly.

No system is perfectly secure. If a breach affecting your information occurs, we will notify you and the relevant authorities as required by HIPAA and applicable state law.

Depending on where you live, you may have the right to:

• Access the personal information we have about you.
• Correct inaccurate information.
• Request deletion of your information.
• Object to or restrict certain processing.
• Receive a portable copy of your information.
• Opt out of marketing communications (you can also unsubscribe from any email).

To exercise any of these rights, email privacy@hioverturn.com. We'll respond within 30 days.

We use cookies for the following purposes only:

• Strictly necessary: authentication and session management.
• Functional: remembering your preferences (e.g. timezone).
• Analytics: anonymized usage statistics to improve the product.

We do not use advertising cookies, retargeting cookies, or third-party tracking pixels. You can disable non-essential cookies in your browser settings without breaking the service.

Overturn is a B2B service intended for healthcare professionals. We do not knowingly collect information from anyone under 18. If we learn that we have, we will delete it promptly.

Overturn is operated from the United States and intended for U.S. healthcare practices. If you access the service from outside the U.S., your information will be transferred to and processed in the United States.

We may update this Privacy Policy as the product or the law evolves. We'll post the updated version here with a new "Last updated" date. For material changes, we'll notify you by email.

Questions, requests, or concerns about this policy:

• Email: privacy@hioverturn.com
• General contact: hello@hioverturn.com
• Mail: Overturn Solutions LLC, [Your NJ Business Address]