The data we ask for
When you use LifeDesk, we collect:
- Your name and email address — so we can communicate with you about your case
- Your medical bills — the documents you upload for us to review
- Your Explanation of Benefits (EOB) — from your insurer, showing what was paid and what you owe
- Your insurance plan documents — to understand your coverage and identify billing errors
- Basic case notes — our own internal notes about the dispute
We do not collect your Social Security Number, credit card information (billing is handled by Stripe, which has its own privacy policy), or any medical information beyond what you voluntarily share with us.
One purpose only
We use your information for one purpose: to provide the dispute service you've signed up for.
Specifically, we use it to:
- Analyze your bill for errors
- Prepare appeal letters on your behalf
- Communicate with your insurer as your authorized representative
- Contact you with updates on your case
We do not use your information for advertising. We do not build user profiles. We do not train AI models on your medical data without your explicit consent.
How we store it
Your documents are stored on Google Drive under a signed Business Associate Agreement (BAA) with Google, as required by HIPAA. All data is encrypted at rest and in transit using industry-standard encryption.
We retain your documents for 12 months after your case is resolved, in case questions arise about the outcome. After that, we delete them. You can request earlier deletion at any time.
Who we share it with
Almost no one.
The only time we share your information is when we submit an appeal to your insurer — and in that case, we're sharing only what's necessary to make the case, which is exactly the service you've asked us for.
We do not sell your data. We do not share it with data brokers, employers, or third parties. Ever.
Our subprocessors are limited to: Google (document storage, BAA in place) and Stripe (payment processing, no access to medical data).
You're in control
You can, at any time:
- Request a copy of everything we have on you — email us and we'll send it within 5 business days
- Request deletion of your data — we'll delete everything within 7 business days
- Withdraw your authorization for us to act on your behalf — we'll stop all activity within 48 hours
To exercise any of these rights, email [email protected].
Your medical records
Your medical bills and insurance records contain Protected Health Information (PHI) under HIPAA. We handle your PHI as your authorized representative — the same legal basis a patient advocate or billing advocate would use.
We comply with applicable HIPAA requirements, including maintaining a BAA with Google and limiting access to your PHI to personnel who need it to do their job.