Privacy Policy

NorthStar Medic ("we," "us," or "our") operates the website www.northstarmedic.com and provides AI-powered medical claim recovery services. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our services.

Account Information: When you create an account, we collect your name, email address, and password (stored in hashed form).

Payment Information: Payment processing is handled by Stripe. We do not store your credit card numbers. We receive transaction confirmations including amount, email, and subscription status.

Protected Health Information (PHI): If you upload medical claims data, we process this information solely for the purpose of generating appeal letters and recovering denied claims. PHI is handled in accordance with HIPAA regulations and our Business Associate Agreement (BAA).

Usage Data: We collect standard server logs including IP addresses, browser type, pages visited, and timestamps.

We use your information to:

• Provide and maintain our medical claim recovery services
• Process payments and manage subscriptions
• Generate AI-powered appeal letters for denied claims
• Communicate with you about your account and services
• Comply with legal obligations including HIPAA requirements
• Improve our services and user experience

We are committed to protecting Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). Before processing any PHI, we require a signed Business Associate Agreement (BAA). PHI is used solely for claim recovery purposes and is not sold, shared for marketing, or used for any purpose unrelated to your services.

We do not sell your personal information. We may share information with:

• Service Providers: Stripe (payments), OpenAI (AI processing under data processing agreements), database hosting providers
• Insurance Payers: Claim and appeal information is submitted to payers on your behalf as part of the recovery service
• Legal Requirements: When required by law, regulation, or legal process

We implement industry-standard security measures including:

• TLS encryption for all data in transit
• Secure password hashing (bcrypt)
• Role-based access controls
• Audit logging of system access
• Security headers (HSTS, CSP, X-Frame-Options)

We retain your account data for as long as your account is active. Claim data and appeal records are retained for the duration required to complete recovery services and comply with applicable record retention requirements. You may request deletion of your account and personal data by contacting us.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal data
• Opt out of marketing communications
• Receive a copy of your data in a portable format

To exercise these rights, contact us at privacy@northstarclaim.com.

We use essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of our services after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, contact us at:

NorthStar Medic
Email: privacy@northstarclaim.com