Privacy Policy
Last Updated: April 27, 2026
Effective Date: April 27, 2026
Operated by Bodinh LLC ("Ellen," "we," "us," or "our")
99 Pratt Street, Hartford, CT 06103 | privacy@ellenrx.com
What Information We Collect
Account Information
- Contact details: Email address, name, zip code
- Account preferences: Settings, notification preferences
- Authentication data: Encrypted passwords, login sessions
Health Information You Provide
We only collect health information you voluntarily submit:
- Medical conditions: Diagnoses, symptoms, treatment history
- Medications: Drug names, dosages, prior authorizations
- Insurance information: Payer names, plan types, denial reasons
- Lab results: Test values extracted from uploaded images
- Billing data: Medical bills you upload for auditing
- Appeal information: Draft letters, supporting documentation
Technical Information
- Usage data: Pages visited, features used, time spent (anonymized)
- Device information: Browser type, operating system, screen size
- Network data: IP address (for security and rate limiting)
- Performance data: Load times, error rates (no personal data)
How We Use Your Information
Core Service Functions
- Generate appeal letters: AI creates personalized letters based on your health data
- Analyze lab reports: Extract and interpret lab values from uploaded images
- Audit medical bills: Identify potential overcharges and coding errors
- Decode denials: Explain insurance denial reasons in plain language
- Match clinical trials: Find potentially relevant research studies
AI Processing Disclosure
AI Transparency
Your health data is processed by an AI language model via Amazon Web Services to provide Ellen's core features. This processing occurs on HIPAA-eligible AWS infrastructure with:
- End-to-end encryption (AES-256 at rest, TLS 1.3 in transit)
- Signed Business Associate Agreement (BAA) with AWS
- US-based data processing (never leaves the United States)
- Automatic data deletion after 90 days
- No training on your personal data
Data Use and Restrictions
Bodinh LLC does not sell, rent, lease, or trade your individually identifiable health information to any third party — not to advertisers, data brokers, pharmaceutical companies, insurers, employers, or anyone else.
We do not:
- Share your health information for targeted advertising
- Use tracking pixels to share your activity with ad platforms
- Monetize your individually identifiable health information
We may use fully anonymized, aggregated data — stripped of all 18 HIPAA identifiers and not linkable to any individual — for research, product improvement, and commercial purposes. You may opt out of this in your account settings.
Lab Report Processing
Enhanced Privacy Protection
When you upload lab reports:
- Images are immediately deleted after AI extraction — we never store them
- Only structured lab values are retained (test names, results, units, ranges)
- You must redact personal identifiers before uploading
- Processing happens in real-time on secure AWS infrastructure
Information Sharing
Third-Party Services
| Service | Purpose | Data Shared | Protection |
|---|---|---|---|
| Amazon Web Services | Cloud hosting, AI processing | All service data | BAA signed, HIPAA-eligible |
| AI language model | Content generation | Health data for AI processing | Via AWS infrastructure |
| Plausible Analytics | Privacy-focused analytics | Anonymized page views | No cookies, no tracking |
| PostHog | Product analytics | Anonymized usage events | No health data |
| Resend | Email delivery | Email addresses, content | Transactional only |
| Cloudflare | Security, DDoS protection | Network metadata | Security-focused |
Important: No health data is shared with analytics providers. Health data processing occurs exclusively within AWS infrastructure under our BAA.
Legal Disclosures
We may disclose information when required by law:
- In response to valid subpoenas, court orders, or legal processes
- To comply with regulatory investigations
- To protect our legal rights or defend against claims
- In case of medical emergency where disclosure may prevent harm
Data Retention
| Data Type | Retention Period | Deletion |
|---|---|---|
| Health data (diagnoses, medications, insurance) | 90 days from last activity | Automatic purge |
| Lab report images | Immediately discarded | Never stored |
| Account data | Until deletion requested | Manual request |
| Anonymized data | Indefinite | Not linkable to individuals |
Your Privacy Rights
Right to Know
Request a copy of your personal data we have collected.
Right to Correct
Request correction of inaccurate personal data.
Right to Delete
Request deletion of your personal data (processed within 30 days).
Right to Portability
Request your data in a machine-readable format.
Right to Opt Out
Opt out of anonymized data contribution at any time.
Right to Withdraw
Withdraw consent for health data processing.
Security
Encryption
AES-256 encryption at rest, TLS 1.3 in transit for all data.
Access Controls
Multi-factor authentication and principle of least privilege.
Infrastructure
HIPAA-eligible AWS services with SOC 2 and ISO 27001 certifications.
Monitoring
24/7 security monitoring and automated threat detection.
Contact Us
- General inquiries: hello@ellenrx.com
- Privacy requests: privacy@ellenrx.com
- Mailing address: Bodinh LLC, 99 Pratt Street, Hartford, CT 06103
Last updated: April 27, 2026
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before taking effect.