Legal

Privacy Policy

Effective date: 30 May 2026 · Data controller: HealthPlan Advise (healthplanadvise.com)

1. Who We Are

HealthPlan Advise provides clinically led, insurance-informed health insurance claims and coverage advisory services at healthplanadvise.com. This policy explains how we collect, use, store, and protect your personal data, and your rights in relation to it. Contact: info@healthplanadvise.com

2. Data We Collect

We collect the following categories of data:

• Account information: your name and email address, provided when you register.
• Payment information: processed and held by PayPal; we do not receive or store card numbers or bank account details.
• Case information: insurer name, policy number, claim number, service date, patient name, description of your case, and any additional notes you provide.
• Documents you upload: policy documents, denial letters, Explanation of Benefits (EOB), medical bills, referral letters, medical reports, and any other files you choose to submit.
• Usage data: IP address, browser type, and pages visited, used for security and, where analytics are enabled, for service improvement.
• Communications: any messages, emails, or WhatsApp communications you send to us.
• Newsletter subscription: your email address if you subscribe to our newsletter (you may unsubscribe at any time).

3. How We Use Your Data

We use your data to:

• Deliver the advisory service you purchased and prepare your reports
• Send transactional emails (payment confirmation, report delivery, reminders)
• Respond to your enquiries and support requests
• Prevent fraud, abuse, and security incidents
• Comply with our legal and regulatory obligations
• Send the newsletter where you have subscribed (you may withdraw consent at any time)

We do not sell your personal data, share your health documents for marketing purposes, or disclose your information to insurers, employers, or regulators except at your specific instruction or where required by law.

4. Legal Basis for Processing (GDPR / UK GDPR)

For users in the European Economic Area, the United Kingdom, or other jurisdictions with similar data protection laws, we process your data on the following legal bases:

• Contract performance: processing necessary to deliver the service you purchased
• Legitimate interests: fraud prevention, security monitoring, and service improvement
• Legal obligation: compliance with applicable law
• Consent: newsletter subscriptions (withdrawable at any time)

5. Data Storage and Security

Your data is stored on Google Firebase infrastructure in the europe-west1 (EU) region. We implement encryption in transit (TLS) and at rest. Documents are accessible only via signed, short-lived URLs. Only the assigned reviewer and authorised system accounts may access your case files.

While we take all reasonable and industry-standard measures to protect your data, no digital system is entirely immune to security incidents. We cannot guarantee absolute security and shall not be liable for breaches attributable to third-party infrastructure providers, cyberattacks beyond our reasonable control, or the actions of unauthorised parties outside our control. We will notify you of any breach that materially affects your rights in accordance with applicable law.

6. Data Retention and Automatic Deletion

We retain your account and case data for as long as your account is active or as needed to deliver the service and resolve any open disputes.

Health documents and case files are automatically and permanently deleted 90 days after your case is marked as complete. If you wish to retain access to your documents beyond this period, you must download them from your dashboard before the 90-day window closes. We cannot recover files after automatic deletion.

If you wish to extend this retention period or request early deletion, contact us in writing at info@healthplanadvise.com before the 90-day window expires. Early deletion requests will be processed within 30 days and may affect our ability to resolve open disputes relating to your case.

7. Third-Party Data Processors

We share data only as necessary with the following sub-processors to operate the service. Each provider processes data under their own privacy and security policies. We are not responsible for the independent privacy practices, security incidents, service interruptions, or errors of these third parties:

8. Your Rights

Depending on where you are located, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data (subject to legal retention obligations)
• Object to or restrict certain processing
• Receive a portable copy of your data
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email info@healthplanadvise.com. We will respond within 30 days. If you are in the EU or UK and are not satisfied with our response, you may lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).

9. Cookies

We use essential cookies for session authentication and security. Your country preference is stored in a cookie to improve the wizard experience. If analytics are enabled, additional cookies may be set by the analytics provider. You may manage cookies through your browser settings; disabling essential cookies may affect your ability to use the service.

10. Children

This service is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data, contact us immediately and we will delete it.

11. Changes to This Policy

We may update this policy periodically. The revised version will be posted here with an updated effective date. For changes that materially affect how we handle health documents, we will notify registered users by email.

12. Contact

Privacy enquiries: info@healthplanadvise.com