BillCheck

Consumer Health Data Privacy Policy

Effective: May 18, 2026 · For Washington residents and others covered by similar consumer health data laws

The short version. If you live in Washington (or another state with similar consumer health data laws), this policy explains how we handle the health data on your medical bills. The bills you upload are treated as "consumer health data" under Washington's My Health My Data Act. We process them only to give you the analysis you asked for, we don't store them after the analysis is complete, and we don't sell or share them. You can withdraw consent and request deletion at any time.

1. Why this separate policy exists

Washington's My Health My Data Act ("MHMDA") regulates the collection, use, sharing, and sale of "consumer health data." MHMDA requires affirmative consent before collection, a clear method for withdrawing consent, and specific consumer rights. This policy is a separate, prominently linked document that explains how Jackalope Software, LLC ("BillCheck," "we") handles consumer health data, in compliance with MHMDA and similar laws.

If you are a Washington resident — or live in another state with similar consumer health data laws — this policy applies to you in addition to our main Privacy Policy.

2. What we mean by "consumer health data"

"Consumer health data" means personal information that identifies your past, present, or future physical or mental health status. For BillCheck, this means:

The medical bill images and PDFs you submit for analysis.
Information printed on those bills, including diagnoses (ICD-10 codes), procedures (CPT codes), provider names, dates of service, and charges.
The structured analysis our AI returns based on those bills.

3. The consumer health data we collect

We collect only the consumer health data you choose to submit to us. We do not gather health data from any other source. Specifically:

The bill image or PDF you upload.
The AI-generated analysis we return to you (which we briefly hold in transit while delivering it to your app).

We do not collect health data from your photo library beyond the file you select, your device's health apps, your browser history, or any other source.

4. How we collect consumer health data

Consumer health data reaches us only when you affirmatively initiate a scan in the BillCheck app — by taking a photo of a bill, choosing a file from your device, and tapping the "Scan my bill" button. We do not collect any consumer health data passively, in the background, or without your active step to send it.

5. How we use consumer health data

We use your consumer health data only for the following purposes:

To process the bill you submitted and return the AI-generated analysis.
To respond to support requests you initiate that reference a specific scan.
To comply with valid legal process if required.

We do not use your consumer health data for advertising, marketing, profiling, model training, research, or any purpose other than the ones listed above.

6. Who we share consumer health data with

We share consumer health data only with the following service provider (subprocessor), and only as necessary to provide the Service:

Anthropic, PBC — to analyze the bill image and return a structured result. Anthropic acts as our processor under their commercial terms. Under those terms, Anthropic does not use your data to train AI models. Anthropic retains request data for up to 30 days for abuse monitoring, after which it is deleted, except for content flagged by their safety classifiers.

We do not sell consumer health data. We have not sold consumer health data in the past 12 months and we have no plans to sell consumer health data in the future. We will not sell your consumer health data without first obtaining your separate, valid authorization.

We do not share consumer health data for advertising, marketing, or any third-party purpose unrelated to providing the Service.

7. How long we keep consumer health data

We do not store your bill images. They are held in our server's memory during analysis and discarded immediately afterward. The AI-generated analysis is returned to your app and not retained by us. Our backend keeps standard request metadata (IP address, timestamps, response status) that does not contain consumer health data.

If we ever change this retention practice, we will update this policy and obtain new consent before applying the change.

8. Your rights under MHMDA and similar laws

You have the following rights regarding your consumer health data. We will respond to verifiable requests within 45 days (or as required by applicable law):

Right to confirm. You may ask us to confirm whether we are processing your consumer health data and to provide a list of categories shared with third parties.
Right to withdraw consent. You may withdraw your consent to our collection and sharing of your consumer health data at any time. Withdrawing consent is as easy as giving it — see Section 9.
Right to delete. You may request deletion of any consumer health data we hold about you. Because we do not store your bills in our normal operation, in most cases there is nothing to delete. If we hold any consumer health data — for example, in support correspondence you sent us — we will delete it and direct our processors to do the same.
Right to appeal. If we deny any of the requests above, you may appeal by replying to our decision. If we deny your appeal, you may contact the Washington Attorney General at atg.wa.gov.

9. How to withdraw consent or exercise your rights

You may withdraw consent or exercise any right under this policy by any of these methods. We treat all methods equally:

Uninstall the app. Once you uninstall BillCheck, you can no longer initiate scans, so no further consumer health data is collected.
Email: support@jackalopeventures.com with the subject line "Consumer Health Data Request." Please include the state you reside in and the specific right you are exercising.
Mail: Jackalope Software, LLC, Attn: Consumer Health Data, 5900 Balcones Drive STE 100, Austin, TX 78731

We will not require you to create an account to exercise any right. We may need to verify that the request is from you (or your authorized agent) before complying, to protect your data from unauthorized access.

10. Authorized agents

You may designate an authorized agent to make a request on your behalf. The agent must provide proof of authorization (such as a signed permission or power of attorney) and we may verify your identity directly.

11. Data security

We protect consumer health data using industry-standard security measures, including TLS encryption for data in transit and platform-level access controls. Because we do not retain bill images, the most significant data-loss risks do not apply. If we become aware of a security incident affecting your consumer health data, we will notify you and applicable authorities as required by law.

12. Changes to this policy

If we make material changes to this policy, we will update the "Effective" date at the top and provide notice in the app. For changes that broaden our collection, use, or sharing of consumer health data, we will obtain your renewed consent before applying the change to you.

13. Contact us

For questions about this policy or our handling of consumer health data:

Email: support@jackalopeventures.com
Mail: Jackalope Software, LLC, Attn: Consumer Health Data, 5900 Balcones Drive STE 100, Austin, TX 78731