This Privacy Policy explains how BillShield (“App,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects information when you use the BillShield mobile application for iPhone and iPad and related services. BillShield is developed, published, and operated by an individual developer (the “Developer,” “Data Controller”). By downloading or using the App, you agree to this Privacy Policy. If you do not agree, do not use the App.
At a glance:
The Developer is the data controller for personal information processed through BillShield, except where listed third parties process data on our behalf as service providers (processors).
BillShield is an educational and organizational tool for U.S. consumers who want to understand medical bills, insurance Explanation of Benefits (EOBs), and related appeal steps. Features include, among others:
BillShield is not medical, legal, insurance, billing-advocacy, or tax advice. The Developer is not a healthcare provider, insurer, law firm, tax preparer, or licensed patient advocate.
The Developer is not a HIPAA “covered entity” or “business associate” unless separately agreed in writing (not offered by default). OCR, rule-based outputs, AI-assisted drafts, savings estimates, and timeline dates may be incomplete or wrong. You must verify all amounts, codes, deadlines, and procedures with your insurer, provider, and qualified professionals.
| Data | Purpose | Stored where | Linked to you? |
|---|---|---|---|
| Photos, camera scans, PDFs, pasted text of bills & EOBs | OCR, on-device audit, appeals, archive, export | On your device (SQLite) by default; cloud only if Cloud AI is on and you opt in per document | Yes |
| Patient profile (name, member ID, ZIP, state, insurer brand/type, appeal-related fields) | Appeal drafts, timeline estimates, price lookup by ZIP, reminders | On device (Secure Store / local DB); may sync when signed in | Yes |
| Family member names and relationships | Organize bills by household member | On device only | Yes (labels you enter) |
| Appeal letter drafts, denial codes, notes, PDFs you export | Your records; optional cloud-assisted drafting if enabled | On device; cloud processing only when opted in | Yes |
| Active Case metadata (title, insurer, denial code, linked bill/EOB IDs, status) | Case limits, appeal tracking, cross-device sync when signed in | On device; Supabase medical_cases when signed in |
Yes |
| Apple User ID (Sign in with Apple) | Account, save history, subscriptions, Cloud AI authentication | Device; Apple; Supabase Auth | Yes |
| Email / name from Apple (only if you choose to share with the App) | Account profile, support | Supabase profiles when signed in |
Yes |
| Support emails you send us | Respond to your request | Developer email systems | Yes |
| Data | Purpose | Stored where |
|---|---|---|
| Subscription / purchase status (Free, Pro monthly, Pro annual, Appeal Pack) | Unlock plan features, case limits, usage allowances | Apple App Store; RevenueCat; Supabase profiles when signed in |
| Plan tier, active case count/limit, premium appeal review balance, remaining AI credits | Enforce Active Case limits and Cloud AI quotas | Supabase profiles when signed in; summarized in App Settings |
| Cloud AI usage metering (action type, credits consumed, timestamps) | Fair-use enforcement, abuse prevention, cost control | Supabase user_ai_usage and related tables |
| Appeal reminder preferences & notification permission status | Local deadline reminders (if you enable) | On device; Apple Push Notification service |
| Privacy & feature consent (GDPR gate, Cloud AI toggle, per-scan cloud opt-in, notifications) | Honor your choices | On device (AsyncStorage / Secure Store) |
The App may request access only when needed for features you use:
Permission strings are shown in the App Store listing and in iOS system dialogs.
BillShield tracks open billing work as Active Cases. Your plan caps how many may be open at once. The App may display usage such as “1 / 1 used.” If you reach your limit, you must resolve or remove a case, or upgrade, before opening a new one.
When Cloud AI is enabled, usage is metered on our servers by AI credits tied to your plan (e.g., deep bill analysis, cloud-assisted appeal drafts). Unused credits generally do not roll over unless stated in the App or EULA at purchase time.
Prices and limits are shown in the App Store at purchase time and may vary by region. Typical U.S. values at last update:
| Plan | Active Cases | AI credits / billing cycle | Typical U.S. price |
|---|---|---|---|
| Free | 1 | 20 | Free |
| BillShield Pro (monthly auto-renewable) | 10 | 300 | USD $12.99 / month |
| BillShield Pro (annual auto-renewable) | 25 | 500 | USD $99 / year |
| Appeal Pack (one-time consumable) | — | +100 credits; +1 Premium Appeal Review | USD $24.99 (one-time) |
Exact limits and prices are enforced in the App and App Store at the time of purchase. We may update limits or pricing with notice as described in Section 18 and our EULA.
Unless you enable Cloud AI, bill and EOB content is processed only on your iPhone or iPad. OCR (including Apple Vision where available), denial decoding, timeline math, Medicare benchmarks, reference price ranges, negotiation templates, and offline appeal letter templates do not upload document content to our servers.
Cloud AI is disabled when you first use the App. To use it you must:
When enabled and opted in:
ai-proxy), which forwards it to OpenAI for processing.You can disable Cloud AI anytime in Settings. Disabling stops new cloud uploads; it does not by itself delete data already processed by third-party processors subject to their retention policies.
We do not use your name or branding of any AI model in the App interface as an endorsement. OpenAI is listed here only as a subprocessors for transparency.
BillShield offers:
All payments are processed by Apple. We receive entitlement and purchase status via RevenueCat, not your full payment card details. Manage or cancel subscriptions in Settings → Apple ID → Subscriptions. Use Restore Purchases in the App after signing in with the same Apple ID used for the original purchase. Refunds are handled by Apple under its policies.
| Provider | Role | Typical location | Privacy policy |
|---|---|---|---|
| Apple | Sign in with Apple, App Store, IAP, push notifications | United States / global | apple.com/legal/privacy |
| Supabase | Auth, database (profiles, medical_cases, usage logs), Edge Functions |
United States (project region) | supabase.com/privacy |
| OpenAI | Cloud AI text analysis (only when you opt in) | United States | openai.com/policies |
| RevenueCat | Subscription and purchase entitlement management | United States | revenuecat.com/privacy |
When you tap Call resource or open external links in the financial assistance section, you leave the App and interact directly with third-party websites or phone systems—we do not control those parties.
We require service providers to protect information consistent with this Policy and applicable law. Their privacy policies also apply.
If you are in the EEA, UK, or Switzerland, we rely on:
You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Medical billing documents may contain Protected Health Information (PHI) or other sensitive personal data. Tax-related CSV exports contain estimates only—not professional tax advice.
If you are a HIPAA-covered entity or business associate, do not use BillShield to process PHI subject to a BAA unless you have a separate written agreement with the Developer (not offered by default).
profiles, medical_cases): retained while your account is active; deleted on verified request (Section 14).We use reasonable administrative, technical, and organizational measures, including:
verify_jwt);No method of transmission or storage is 100% secure. You use the App at your own risk.
We do not “sell” or “share” personal information for cross-context behavioral advertising. California residents may request access, deletion, or correction. Submit requests to hello@familymedvault.com. We will verify your request and will not discriminate against you for exercising privacy rights.
You may have rights to access, rectify, erase, restrict, port, or object to processing, and to lodge a complaint with your supervisory authority. Contact us first at hello@familymedvault.com.
BillShield is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child provided us information, contact us and we will delete it promptly.
If you use Cloud AI or sign in, data may be processed in the United States by Supabase and OpenAI. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses offered by processors) for transfers from the EEA/UK.
This section helps meet Apple App Store Review and App Privacy requirements:
We may update this Privacy Policy from time to time. We will post the revised version at the same URL and update the “Last updated” date at the top. Material changes may also be communicated in-app where appropriate. Continued use after the effective date constitutes acceptance of the updated Policy.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE APP AND ALL SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, AND NON-INFRINGEMENT. THE DEVELOPER DOES NOT WARRANT THAT AI OUTPUTS, OCR TEXT, SAVINGS ESTIMATES, APPEAL TIMELINE ESTIMATES, CASE LIMITS, REFERENCE PRICING RANGES, DENIAL INTERPRETATIONS, RESOURCE LINKS, OR TAX-RELATED ESTIMATES ARE COMPLETE, CURRENT, OR CORRECT.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE DEVELOPER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING FROM YOUR USE OF THE APP, CLOUD AI, SUBSCRIPTIONS, CONSUMABLE PURCHASES, EXTERNAL LINKS, OR RELIANCE ON ANY OUTPUT. THE DEVELOPER’S TOTAL LIABILITY FOR ANY CLAIM RELATING TO THE APP SHALL NOT EXCEED THE GREATER OF (A) USD $100 OR (B) THE AMOUNT YOU PAID TO THE DEVELOPER (THROUGH APPLE) FOR THE APP, SUBSCRIPTIONS, OR IN-APP PURCHASES IN THE TWELVE (12) MONTHS BEFORE THE CLAIM.
Some jurisdictions do not allow certain limitations; in those cases, limitations apply to the fullest extent permitted.
You agree to indemnify, defend, and hold harmless the Developer from any claims, damages, losses, liabilities, and expenses (including reasonable attorneys’ fees) arising out of your misuse of the App, your violation of this Policy or applicable law, your violation of third-party rights, or content you submit or export from the App, except to the extent caused by the Developer’s gross negligence or willful misconduct where such limitation is prohibited by law.
This Policy is governed by the laws of the State of California, United States, without regard to conflict-of-law rules, except where mandatory consumer protection laws in your country of residence provide otherwise and cannot be waived. Any dispute shall be brought in the state or federal courts located in California, unless applicable law requires a different forum. You may also have rights to bring claims in your country of habitual residence where required by consumer law.
For privacy questions, access/deletion requests, or complaints:
Email: hello@familymedvault.com
Subject lines: BillShield Privacy Request · BillShield Account Deletion
We aim to respond within 30 days (45 days where permitted for complex California requests).
BillShield © 2026. Operated by an individual developer. Apple, App Store, Sign in with Apple, iPhone, and iPad are trademarks of Apple Inc. OpenAI, Supabase, and RevenueCat are trademarks of their respective owners. This Policy does not create a doctor-patient, attorney-client, insurer-insured, or tax-advisor relationship.