Skip to main content
Now available: AI-Powered Prior Authorization

Privacy Policy

Last Updated: March 2026

NexaClaim AI, Inc. ("NexaClaim," "we," "us," or "our") is committed to protecting the privacy and security of the information we collect from our users, customers, and website visitors. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, platform, and services (collectively, the "Services").

1. Information We Collect

We collect the following categories of information:

Account Information: When you create an account, we collect your name, email address, organization name, job title, and phone number. For billing purposes, we collect payment information through our third-party payment processor.

Protected Health Information (PHI): In the course of providing our revenue cycle management services, we process PHI on behalf of our customers as a Business Associate under HIPAA. This may include patient names, dates of birth, medical record numbers, insurance information, diagnostic codes, procedure codes, and claim information. Our handling of PHI is governed by our Business Associate Agreement with each customer.

Usage Data: We automatically collect information about how you interact with our Services, including IP address, browser type, pages visited, features used, and time spent on the platform. This data helps us improve our product and diagnose technical issues.

Device Information: We collect information about the device you use to access our Services, including device type, operating system, and unique device identifiers.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing, maintaining, and improving our Services
  • Processing claims, denials, and appeals as directed by our customers
  • Training and improving our AI models using de-identified, aggregated data only
  • Communicating with you about your account, service updates, and support requests
  • Analyzing usage patterns to improve product features and user experience
  • Complying with legal obligations, including HIPAA requirements
  • Detecting and preventing fraud, abuse, or security incidents

3. AI Model Training and Data Use

NexaClaim uses artificial intelligence to analyze claims, denials, and clinical documentation. We want to be transparent about how data is used in this process:

  • PHI is never used for model training. All AI model training uses de-identified, aggregated data that cannot be traced back to any individual patient.
  • We use zero-retention API agreements with our AI providers (OpenAI, Anthropic) to ensure that PHI submitted for real-time analysis is not stored or used for their model training.
  • Payer rules, denial patterns, and aggregate performance metrics may be used to improve our AI models for the benefit of all customers.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

  • Service Providers: We share data with third-party service providers who help us operate our Services, including cloud hosting (Supabase, Vercel), AI providers (OpenAI, Anthropic), and payment processing. All service providers are bound by data processing agreements and, where applicable, Business Associate Agreements.
  • Legal Compliance: We may disclose information if required by law, regulation, or legal process, including HIPAA-required disclosures.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
  • With Your Consent: We may share your information with your explicit consent for purposes not described in this policy.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit for all data transmissions
  • Row-level security (RLS) policies for multi-tenant data isolation
  • Column-level encryption for sensitive PHI fields
  • Regular penetration testing and security audits
  • Immutable audit logs for all data access events
  • Multi-factor authentication for all user accounts

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide our Services. PHI is retained in accordance with applicable HIPAA requirements and our Business Associate Agreements, typically for a minimum of 7 years. You may request deletion of your personal information at any time, subject to legal retention requirements.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal obligations
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we limit our processing of your personal information
  • Objection: Object to processing based on our legitimate interests

To exercise any of these rights, please contact us at privacy@nexaclaim.ai.

8. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We use analytics cookies (such as Vercel Analytics) to understand how our Services are used. You may disable non-essential cookies through your browser settings. We do not use third-party advertising cookies or trackers.

9. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children. If we learn that we have collected information from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, for customers, by email notification. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Other Legal Pages

Terms of ServiceBusiness Associate AgreementHIPAA Compliance