Consumer Health Data Privacy Notice
Adults only (18+). Medigami is not directed to children under 18 and does not knowingly collect consumer health data from children under 13. If you believe a minor has submitted data, contact [email protected] and we will delete it under MHMDA § RCW 19.373.050 and COPPA 16 CFR § 312.5.
This notice describes how Medigami collects, uses, and shares consumer health data under Washington's My Health My Data Act (MHMDA, RCW 19.373), California's Confidentiality of Medical Information Act (CMIA), and Nevada SB370. It supplements — and is incorporated by reference into — our general Privacy Policy.
1. What counts as consumer health data
"Consumer health data" under these statutes covers personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. For Medigami specifically, this includes:
- Text or images of medical bills, Explanations of Benefits (EOBs), itemized hospital statements, denial letters, or similar documents a user submits to the bill scanner.
- Insurance membership information (insurer name, plan name, denial reason codes) in a user-submitted record.
- Appeal-outcome labels a user reports back through the outcome-reporting flow.
Medigami is a direct-to-consumer health-finance application and is not a HIPAA Covered Entity at current business scope.
2. What we collect + why
| Category | Purpose | Retention |
|---|---|---|
| Bill text / EOB text submitted to the scanner | Run error detection, return anomalies and a recovery estimate to the user | In-memory only during the scan; not persisted |
| Anomaly type + dollar estimate (de-identified) | Scan telemetry → Claim Denial Index aggregates | Indefinite, aggregated |
Appeal-outcome labels bound to a tracking_id | Model training and evaluation | Indefinite, pseudonymous |
| Account identity (email, password hash) | Authenticate the user | Lifetime of account + 30 days after deletion request |
Anonymous visitor cookie (hs_anon_id, random UUID) | Count distinct visitors for weekly-active-user metrics and 30-day cohort retention; stored hashed-with-salt server-side, not linkable to a person | 60 days on the cookie; hashed record kept indefinitely for cohort analysis |
Field-level PHI identifiers (patient name, date of birth, medical record number, member ID, phone, email inside bill text) are scrubbed server-side before any downstream LLM dispatch on the public SKU.
3. Who we share consumer health data with
Medigami does not sell consumer health data. We share it only with categories of sub-processors necessary to operate the service:
- Cloud infrastructure and AI inference (hosted LLM, OCR, transient image storage).
- Database hosting for user identity and recovery-case metadata.
- Content delivery and edge security.
- Transactional email.
- Payment processing for paid plans.
The current list of specific vendors within each category, with data categories and BAA coverage, is maintained at /.well-known/subprocessors and /.well-known/baa-posture.
4. Consumer rights
Under MHMDA, CMIA, and NV SB370, you have the following rights:
- Right to confirm + access. Request confirmation of what consumer health data we hold about you, and copies of that data in a portable format.
- Right to delete. Request deletion of your consumer health data. We honor deletion within 45 days. Certain de-identified aggregate records that cannot be re-identified (e.g. counts in the Claim Denial Index) are retained after deletion of identifying data.
- Right to withdraw consent. Revoke any previously-given consent to collect, share, or process your consumer health data. Withdrawal does not affect processing already completed before the withdrawal.
- Right to authorized-agent requests. Authorize another party (lawyer, family member) to submit any of the above requests on your behalf in writing.
- Right against geofence tracking. Medigami does not use geofencing around health-care facilities. We do not collect precise geolocation for any purpose.
- Right to non-discrimination. We will not deny goods, services, or price tiers because you exercised any of these rights.
5. How to exercise your rights
Email [email protected] with the subject line "Consumer Health Data Request" and include:
- Your name and the email address on the account (if any).
- The specific right you are exercising (access, delete, withdraw consent, etc.).
- For authorized-agent requests, a signed authorization.
We verify requests using the account email on file. We respond within 45 days and will extend once by an additional 45 days if complex; you will be notified of any extension with the reason.
6. Consent
Consent is collected at the point of use — bill scanning prompts for explicit consent before submitting a bill, and the appeal template flow requires the separate consent modal documented at /privacy before any letter is drafted. Consent records are themselves Ed25519-signed and retained as part of the attested response audit trail.
7. Security
Security controls include TLS 1.3 in transit, field-level encryption for PHI-adjacent storage, audit logging aligned with HIPAA Security Rule §164.312(b), rate limiting, PHI scrubbing, and staff access controls. Security contact: /.well-known/security.txt.
8. Changes to this notice
We update this notice when collection, use, or sharing of consumer health data changes. Material changes are announced at least 15 days before they take effect. The version effective on the date of first publication is 1.0 (2026-04-21).
9. Contact
Medigami is operated by Ripplarity Inc.
[email protected]
Security contact + disclosure policy:
/.well-known/security.txt