Overturn

Privacy Policy

Last updated: April 8, 2026

1. Information We Collect

Documents You Upload

When you use Overturn, you may upload or paste insurance denial letters and supporting documents. These documents may contain protected health information (PHI) including:

  • Patient name, date of birth, member ID
  • Diagnosis codes (ICD-10) and procedure codes (CPT)
  • Treatment information and clinical details
  • Insurance plan information

Information You Provide

  • Contact information (email address, mailing address, phone number)
  • Additional clinical context you provide through our questionnaire
  • Payment information (processed by Stripe — we do not store card numbers)

Automatically Collected

  • IP address and browser information
  • Usage data (pages visited, features used)

2. How We Use Your Information

We use your information solely to:

  • Analyze your denial letter and generate an appeal document
  • Search for relevant clinical evidence (PubMed)
  • Process your payment
  • Deliver your appeal letter via email
  • Improve the quality of our Service

3. AI Processing

Your documents are processed using third-party AI services (Anthropic Claude and/or OpenAI) to extract information and generate appeal letters. These services process your data according to their own privacy policies and data processing agreements:

  • Anthropic does not use API inputs to train models
  • OpenAI does not use API inputs to train models when using the API

4. Data Storage

  • Documents: Stored in Vercel Blob Storage with access-controlled URLs
  • Case data: Stored in a PostgreSQL database hosted by Vercel
  • Payment data: Processed and stored by Stripe

5. Data Retention

  • Uploaded documents are retained for 30 days after letter delivery, then permanently deleted
  • Generated letters are retained for 90 days to allow re-downloads
  • Case metadata (without documents) may be retained for analytics purposes
  • You may request deletion of all your data at any time

6. Data Sharing

We do not sell your personal information. We share data only with:

  • AI providers (Anthropic/OpenAI) — for document analysis and letter generation
  • Stripe — for payment processing
  • Resend — for email delivery
  • Vercel — for hosting and storage
  • PubMed/NCBI — search queries only (no personal data sent)

7. HIPAA Considerations

Overturn is a self-advocacy tool used directly by patients. As a tool that helps individuals exercise their own rights, we are not a HIPAA covered entity or business associate. However, we implement security measures appropriate for handling sensitive health information:

  • Encrypted data transmission (HTTPS/TLS)
  • Access-controlled document storage
  • Automatic data deletion after retention period
  • No sharing of health information for marketing purposes

8. Your Rights

You have the right to:

  • Request access to your personal data
  • Request deletion of your data
  • Request a copy of your data in a portable format
  • Opt out of any future communications

9. Security

We implement industry-standard security measures including encryption in transit and at rest, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure.

10. Children

The Service is not intended for use by individuals under 18. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

12. Contact

For privacy-related questions or data requests, contact us at: support@overturn.dev