ellenrx

Privacy Policy

Last updated: March 29, 2026

1. Information We Collect

When you use Ellen, we may collect the following information:

  • Email address (required for account creation)
  • Name (optional)
  • Self-reported medication, insurance, and denial information
  • Feedback submissions

2. Information We Do Not Collect

We do not collect:

  • Social Security numbers
  • Medical records
  • Insurance ID numbers
  • Protected health information (PHI) as defined by HIPAA

3. How We Use Your Data

We use the information you provide to deliver personalized denial decoding, appeal generation, and prior authorization tracking. We may use aggregate, anonymized data to improve the Service. Your individual data is never shared in identifiable form.

4. Data Storage

Your data is stored using industry-standard cloud infrastructure, including an encrypted database, secure application hosting, and content delivery. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2+. Our cloud infrastructure operates under a signed Business Associate Agreement (BAA) and is configured for HIPAA-eligible workloads. Ellen is not itself a HIPAA covered entity or business associate. These infrastructure protections reflect our vendor security standards, not a HIPAA compliance obligation.

Note: Bodinh LLC also acts as a Business Associate under HIPAA in connection with the Provider Dashboard and LMN Builder, where providers submit PHI. Ellen's Business Associate Agreement governs those relationships.

5. Third Parties

We do not sell your individual personal information to third parties. We may share aggregated, anonymized data and insights with healthcare industry partners to improve patient outcomes and advance research. Any future changes to how data is shared will be reflected in updates to this policy, and users will be notified.

We use the following third-party services to operate and improve Ellen:

  • Cloud infrastructure provider: Database hosting, content delivery, authentication, and email delivery. Data is processed and stored in the United States under a signed BAA.
  • Privacy-focused analytics service: Cookie-free website analytics that does not collect personal data and is fully GDPR/CCPA compliant. No individual user data is shared.
  • Product analytics service: Feature usage tracking and anonymized session replay to improve the user experience. This service processes usage events (page views, button clicks, feature interactions) and may record anonymized session replays to help us identify usability issues. It does not have access to your health data, appeal letters, lab values, or billing information. You may opt out of session recording at any time through your browser's Do Not Track setting.
  • Website analytics service: Aggregated website traffic analytics with IP anonymization enabled. No personal health data is sent to this service.

We do not share any individually identifiable health information with any analytics provider.

6. Cookies

We use cookies for:

  • Session authentication: To keep you logged in while using the Service.
  • Product analytics: To understand how users interact with Ellen's features, identify usability issues, and improve the Service. These cookies do not track you across other websites and are not used for advertising.

We do not use cookies for advertising, retargeting, or third-party ad tracking. Our privacy-focused analytics service does not use cookies. You may disable non-essential cookies through your browser settings; however, this may affect certain features of the Service.

7. Your Rights

You may request deletion of your account and all associated data at any time by emailing hello@ellenrx.com.

8. Children

Ellen is not intended for users under the age of 18. We do not knowingly collect information from children.

9. HIPAA Disclosure

Ellen is not a covered entity under HIPAA. We do not store protected health information (PHI). All health-related information entered into the Service is self-reported by users for their own educational use.

10. Data Retention

Account data is retained until you request deletion. Upon receiving a deletion request, we will remove your data within a reasonable timeframe.

11. Security Measures

We protect your data through encrypted connections (HTTPS/TLS 1.2+), row-level security on our database, secure API key management, encryption at rest (AES-256), security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy), API rate limiting, and automated abuse detection. While no system is perfectly secure, we take reasonable measures to safeguard your information.

12. Lab Report Processing

  • When you upload a lab report image, Ellen uses a secure AI service to extract lab values (test names, results, units, and reference ranges).
  • Your lab report image is processed in real-time and immediately discarded. We never store, save, or retain the original image.
  • Only the extracted, structured lab values are saved — associated with your diagnosis and insurer information — to help generate stronger appeal letters.
  • No personally identifiable information from your lab report (name, date of birth, address, Social Security number, insurance ID) is extracted or stored.
  • You may request deletion of your stored lab values at any time by contacting hello@ellenrx.com.
  • Lab report image processing is performed through our AI language model provider, which operates under our signed Business Associate Agreement ensuring your data is handled with healthcare-grade security standards. Ellen is not itself a HIPAA covered entity or business associate. These infrastructure protections reflect our vendor security standards, not a HIPAA compliance obligation. Note: This refers to our agreement with our AI infrastructure provider. No lab report images or extracted data are sent to any other third-party service.

13. Consumer Health Data

  • Ellen collects consumer health data (diagnosis, insurer, lab values) that you voluntarily provide.
  • This data is used to: (1) generate appeal letters and evidence summaries, (2) improve Ellen's intelligence about insurer approval patterns (in anonymized, aggregate form only).
  • By using Ellen's lab report upload feature, your anonymized lab values (test names, results, units, and reference ranges) are automatically saved to help improve Ellen's understanding of insurer approval patterns. No personally identifiable information is included in this data.
  • You may opt out of anonymous data contribution at any time through your account settings. For assistance, contact hello@ellenrx.com.
  • You may request deletion of all your data by emailing hello@ellenrx.com.

13A. Provider Dashboard Data Practices

If you use the Provider Dashboard, we collect:

  • Account information (name, email, professional role, organization)
  • Login activity and session data
  • Usage analytics (pages viewed, features used, search queries within the dashboard)

We do not collect any patient information through the Provider Dashboard. The Provider Dashboard displays only aggregated, anonymized data derived from publicly available payer policies and de-identified usage patterns.

Provider account data is subject to the same security, retention, and deletion rights described elsewhere in this policy.

14. Billing Data

When you use our bill audit tool, we collect de-identified billing information including procedure codes (CPT/HCPCS), charges, facility types, payer information, and geographic region. We use this data to:

  • Improve the accuracy of our bill analysis tools
  • Build aggregate pricing benchmarks
  • Generate anonymized analytics and reports

We may share aggregate, anonymized billing data with third parties including employers, benefits consultants, and researchers. We never share individual bill submissions or any information that could identify a patient.

You are responsible for removing all personally identifiable information (names, dates of birth, Social Security numbers, member IDs, and any other identifying information) before submitting a bill. EllenRx does not knowingly collect protected health information (PHI).

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

16. Contact

If you have questions about this Privacy Policy, please contact us at hello@ellenrx.com.

Bodinh LLC