Privacy Policy for WinYourAppeal

This Privacy Policy applies to personal information we collect through:

• our website and web application
• account creation, sign‑in, and authentication
• case intake, draft saving, and case updates
• document upload and storage features
• checkout and payment flows
• service emails and case status communications
• support and troubleshooting interactions

This Privacy Policy does not apply to third‑party websites, payment processors, authentication providers, insurers, providers, government agencies, or other outside services that have their own privacy notices.

WinYourAppeal is intended for people in the United States who are using the service for themselves or acting for another person as a parent, guardian, caregiver, family member, or other authorized representative.

If you use WinYourAppeal for another person, you represent that you have authority to provide information to us and to act on that person’s behalf.

WinYourAppeal is not intended for children under 18 acting on their own.

Because of the nature of WinYourAppeal’s services, we may collect and process sensitive information and, in some jurisdictions, consumer health data. This may include information about:

• insurance coverage
• claims and denials
• appeals and reviews
• prior authorization issues
• billing disputes and collections‑related issues
• providers involved in a case
• dates of service
• treatment‑related details contained in uploaded materials
• other information that may reasonably reveal health‑related circumstances

We use this information only for the purposes described in this Privacy Policy, to provide and support the service you requested, to secure and improve WinYourAppeal, and to comply with applicable law.

We may use personal information to:

• create and manage your account
• authenticate users and maintain account security
• let you create, save, edit, resume, and manage cases
• review uploaded documents and case details
• prepare and deliver your case plan and related service outputs
• respond to questions and support requests
• send transactional messages, reminders, and case status notifications
• process payments and maintain transaction records
• detect, prevent, and investigate fraud, abuse, misuse, or security incidents
• maintain, monitor, debug, and improve the service
• understand which channels are producing useful visits, case submissions, or paid services
• comply with legal obligations
• enforce our agreements and protect our rights, users, and business

We may also create aggregated or de‑identified information where permitted by law.

At launch, WinYourAppeal includes human review as part of paid case handling. Your case materials may be accessed by employees, contractors, or service providers who need access to deliver the service, provide support, maintain systems, prevent fraud, or comply with legal obligations.

We aim to limit access to case information to people with a legitimate business need to know.

We may disclose personal information in the following circumstances:

Unless we clearly state otherwise before a change takes effect:

• we do not sell personal information for money
• we do not sell consumer health data
• we do not use case file data for targeted advertising
• we do not share private case materials with advertisers
• we do not publicly post private case information

We may send you:

• account and sign‑in messages
• purchase confirmations
• case submitted confirmations
• case status updates
• requests for more information
• playbook ready notices
• support responses
• other service‑related communications

You cannot opt out of messages that are necessary to provide the service you requested, such as security notices or essential case status communications.

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain account history, resolve disputes, prevent fraud, enforce agreements, and comply with legal obligations.

Our general retention approach is:

• account data: while your account remains active and for a reasonable period afterward for security, fraud prevention, and compliance
• case files and uploaded materials: for a reasonable period after the last substantive case activity, unless a longer period is required or justified for legal, tax, accounting, fraud prevention, dispute resolution, backup integrity, or security purposes
• payment‑related records: as required for tax, accounting, compliance, and dispute handling
• support communications and logs: for a reasonable period consistent with operations and security needs

Deletion from backups may not be immediate except where applicable law requires otherwise.

Depending on where you live and subject to applicable law, you may be able to:

• access, review, or update certain account information
• request access to personal information we hold about you
• request correction of inaccurate information
• request deletion of your account or certain personal information
• opt out of marketing communications, if any
• appeal certain decisions about privacy requests
• exercise additional rights relating to sensitive data or consumer health data where provided by law

If you submit a request, we may take reasonable steps to verify your identity or authority before acting on it. If you act for another person, we may ask for proof of authorization.

You may submit privacy requests to: [PRIVACY EMAIL]

If we deny your request, you may appeal by contacting us at [PRIVACY EMAIL] with the subject line Privacy Appeal.

If Washington’s My Health My Data Act applies to your information, this section provides additional notice.

We may collect categories of consumer health data such as:

• information about claims, denials, appeals, prior authorization, billing disputes, collections‑related issues, providers involved in a case, dates of service, and health‑related details contained in case materials
• information that may reasonably identify an individual’s health‑related circumstances based on the documents and details submitted through the service
• inferences we draw from the information you provide in order to organize and manage your case

We may collect this information:

• directly from you
• from documents you upload
• from your use of the platform
• from payment and authentication providers
• from device, browser, and related technical information associated with your use of the service

We may use and disclose this information to:

• provide and support the service
• maintain and secure the platform
• process payments
• respond to requests and case updates
• comply with law
• work with service providers and authorized reviewers who support the service

Where required by law, you may have rights to confirm whether we collect, share, or sell consumer health data, access such data, withdraw consent, and request deletion. If applicable law requires deletion from our network, we will process qualifying requests in accordance with that law.

To submit a Washington consumer health data request, contact: [PRIVACY EMAIL]

If California law applies to your information, you may have rights that include:

• knowing what categories of personal information we collect
• knowing the purposes for which we use that information
• requesting access to specific pieces of personal information
• requesting correction of inaccurate information
• requesting deletion of certain personal information
• opting out of sale or sharing where applicable
• limiting certain uses of sensitive personal information where applicable
• not being discriminated against for exercising privacy rights

We do not sell personal information for money and do not use private case file data for targeted advertising.

To submit a California privacy request, contact: [PRIVACY EMAIL]

We may verify your identity before processing a request, and we may deny or limit requests where permitted by law.

If Nevada law applies to your information, we may collect, use, and disclose consumer health data described in this Privacy Policy to provide the service, maintain and secure the platform, process payments, respond to requests, and comply with legal obligations.

Where applicable, Nevada residents may have rights relating to access, deletion, and control over certain disclosures of consumer health data. To submit a Nevada privacy request, contact: [PRIVACY EMAIL]

If Connecticut law applies to your information, we may collect and process health‑related personal data described in this Privacy Policy to provide the service you requested, manage and secure the platform, communicate with you about your case, process transactions, and comply with law.

Where applicable, Connecticut residents may have rights to access, correct, delete, and obtain a copy of certain personal data, as well as rights to appeal certain decisions about privacy requests. To submit a Connecticut privacy request, contact: [PRIVACY EMAIL]

Depending on your state of residence and applicable law, you may have rights that include access, correction, deletion, portability, appeal, and limits on certain uses or disclosures of sensitive information.

To submit a privacy request under applicable state law, contact: [PRIVACY EMAIL]

We may verify your identity before processing a request, and we may deny or limit requests where permitted by law.

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. These may include:

• encryption in transit
• authentication controls
• role‑based access restrictions
• access controls for vendors and service providers
• logging and monitoring
• secure storage practices
• need‑to‑know limits for case information

No system can guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and notifying us promptly if you suspect unauthorized access to your account.

If we learn of a security incident involving personal information, we will investigate, respond, and provide notice as required by applicable law.

WinYourAppeal is intended for U.S. users. We aim to use U.S.‑based processing where practical, but some service providers may process data outside your state or outside the United States depending on their infrastructure and service model.

We may rely on third parties for services such as:

• hosting and infrastructure
• authentication
• database and file storage
• payment processing
• email delivery
• analytics and monitoring

Their handling of information may also be governed by their own privacy notices when they act independently.

WinYourAppeal is not intended for children under 18 acting on their own. If you believe a child has provided personal information in violation of applicable law, contact us and we will review and respond appropriately.

We may update this Privacy Policy from time to time. If we make material changes, we may notify you by updating the date at the top of the policy, posting a notice in the service, emailing you, or using another appropriate method where required.

If you have questions, concerns, or privacy requests, contact us at: