ELLEN — TERMS OF SERVICE
Last Updated: June 14, 2026
Effective Date: June 11, 2026
Operated by Bodinh LLC ("Ellen," "we," "us," or "our")
hello@ellenrx.com | privacy@ellenrx.com
TABLE OF CONTENTS
- Acceptance of Terms
- Definitions
- Eligibility and Age Requirement
- Description of Service
- No Sale of Health Data
- Not a Healthcare Provider; No Professional Relationships
- AI-Generated Content and AI Disclosure
- Patient User Terms
- Provider User Terms
- Health Data Collection, Use, and Consent
- Lab Report Upload and Processing
- Bill Audit Tool
- Data Retention and Deletion
- Anonymized and De-Identified Data
- Anonymized Research & Insights
- Sub-Processors and Third-Party Services
- Business Associate Agreement (BAA)
- Security and Infrastructure
- Breach Notification
- Health Data and Advertising
- State Privacy Rights
- Geographic Restrictions
- Account Registration and Responsibility
- User-Generated Content
- Intellectual Property
- Prohibited Conduct
- Third-Party Links
- Disclaimer of Warranties
- Limitation of Liability
- Cap on Damages
- Insurance and Liability Coverage
- Indemnification
- Dispute Resolution and Binding Arbitration
- No Guarantees of Outcome
- Automated Quality Score
- Modification of Terms
- Termination
- Governing Law
- Severability
- Assignment
- Entire Agreement
- Contact
1. ACCEPTANCE OF TERMS
By accessing or using Ellen (the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree, do not use the Service.
By clicking "I Agree," checking the consent checkbox, creating an account, or using the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy. This constitutes a binding agreement between you and Bodinh LLC.
The Service includes features for individual consumers ("Patient Users") and for licensed healthcare professionals ("Provider Users"). Certain sections apply specifically to one user type and are labeled accordingly. Unlabeled sections apply to all users.
2. DEFINITIONS
- "Ellen" or "Service" means the ellenrx.com website, mobile applications, APIs, Provider Dashboard, and all related features and services.
- "Bodinh LLC" means the Connecticut limited liability company operating Ellen.
- "Patient User" means an individual consumer using Ellen for personal insurance denial decoding, appeal generation, lab report analysis, or bill auditing.
- "Provider User" means a licensed healthcare professional or authorized representative of a healthcare organization using the Provider Dashboard.
- "Health Data" means any information related to a user's health condition, diagnosis, medication, insurance status, lab values, billing codes, or appeal information submitted to the Service.
- "PHI" means Protected Health Information as defined under HIPAA (45 CFR § 160.103).
- "Provider Dashboard" means the provider-facing features accessible at /provider/* on the Service.
- "Guest User" means an individual who uses the Service without creating an account, identified by session data and, if provided, an email address.
3. ELIGIBILITY AND AGE REQUIREMENT
You must be at least eighteen (18) years of age and have reached the age of majority in your jurisdiction to use the Service. If you are under 18, you may not use the Service.
If you are using the Service on behalf of another individual (such as a family member or dependent), you represent that you have the legal authority to agree to these Terms on their behalf and assume full responsibility for their use of the Service.
4. DESCRIPTION OF SERVICE
Ellen is an AI-powered educational tool that helps patients understand insurance denial reasons, step therapy requirements, clinical exceptions, and appeal processes. Ellen also offers an appeal letter completeness checker ("automated quality score"), lab report analysis, bill auditing, and clinical trial matching.
Ellen also provides a Provider Dashboard that offers aggregated, anonymized payer policy intelligence, denial trend analytics, clinical decision-support tools, and a Letter of Medical Necessity (LMN) Builder.
Ellen does not provide medical advice, legal advice, or guaranteed outcomes. The information provided is for educational purposes only.
5. NO SALE OF HEALTH DATA
We do not sell your individually identifiable health data. We may use fully anonymized, aggregated data — stripped of all 18 HIPAA identifiers and not linkable to any individual — for research, product improvement, and to advance drug access and affordability. You may opt out of this anonymized data contribution in your account settings. See Section 14 and Section 15 for details.
6. NOT A HEALTHCARE PROVIDER; NO PROFESSIONAL RELATIONSHIPS
Ellen does not diagnose, treat, or prescribe. The Service is not a substitute for professional medical advice, diagnosis, or treatment.
Your use of Ellen does not create a physician-patient relationship, an attorney-client relationship, a fiduciary relationship, or any other professional relationship between you and Bodinh LLC. Ellen is an educational platform — not a healthcare provider, insurer, pharmacy, law firm, or patient advocate.
Appeal letters and guidance generated by Ellen are educational resources, not legal documents. They do not constitute legal advice.
7. AI-GENERATED CONTENT AND AI DISCLOSURE
AI TRANSPARENCY NOTICE
Ellen uses artificial intelligence to generate content. Specifically, Ellen uses Amazon Bedrock, powered by Anthropic's Claude large language model, for the following functions:
- Appeal letter generation — AI drafts appeal letters based on your denial information, diagnosis, and payer policies
- Lab report analysis — AI extracts and interprets lab values from uploaded images
- Bill auditing — AI analyzes medical bills for potential overcharges and coding errors
- Denial decoding — AI explains insurance denial reasons in plain language
- Clinical trial matching — AI identifies potentially relevant clinical trials
- Automated quality score — AI evaluates appeal letter completeness using pattern-matching
AI model provider: Anthropic, PBC (via Amazon Web Services Bedrock)
Important limitations of AI-generated content:
- AI-generated content is provided for educational and informational purposes only.
- It may contain errors, omissions, or inaccuracies.
- You are solely responsible for reviewing, editing, and verifying any content generated by Ellen before using it.
- Appeal letters generated by Ellen are starting points, not finished documents. They should be reviewed and, where appropriate, edited and signed by your treating physician before submission.
- Bodinh LLC is not responsible for the outcome of any appeal or communication that incorporates AI-generated content.
- AI does not make clinical decisions. All AI output requires human review.
8. PATIENT USER TERMS
This section applies only to Patient Users.
8.1 Scope of Use
As a Patient User, you may use Ellen to:
- Decode insurance denials for your own claims or those of dependents for whom you have legal authority
- Generate draft appeal letters
- Upload lab reports for value extraction
- Audit medical bills
- Search for clinical trials
- Upload denial letters for AI-powered analysis and appeal letter generation
8.2 Your Responsibilities
- You are responsible for verifying all information generated by Ellen before submitting it to any insurer, provider, or third party.
- You must redact all personally identifiable information from lab report images before uploading (see Section 11).
- You must not use Ellen for any illegal purpose or to submit fraudulent insurance claims.
- When uploading denial letters, you acknowledge that Ellen applies automated PHI redaction but you should remove unnecessary personal information where possible before uploading.
8.3 Health Data Consent (Patient Users)
SEPARATE HEALTH DATA CONSENT
By submitting health data to Ellen (including diagnosis information, insurance details, medication names, lab values, and billing information), you provide express, informed consent for Ellen to:
(a) Process your health data using AI (Amazon Bedrock/Claude) to generate appeal letters, analyze lab reports, and audit bills;
(b) Store your health data in encrypted form for up to 90 days to provide the Service;
(c) If you opt in, contribute anonymized, de-identified versions of your data to aggregate health intelligence datasets.
You may withdraw this consent at any time by emailing privacy@ellenrx.com. Withdrawal of consent will result in deletion of your health data within 30 days but will not affect the lawfulness of processing performed before withdrawal.
This health data consent is separate from your acceptance of these general Terms of Service.
9. PROVIDER USER TERMS
This section applies only to Provider Users.
9.1 Eligibility and Representations
If you register for a Provider account, you represent and warrant that:
- You are a licensed healthcare professional, or an authorized representative of a licensed healthcare organization, in good standing in your jurisdiction;
- You will use the Provider Dashboard solely for legitimate professional purposes related to patient care, clinical decision-making, and payer policy research;
- You will not upload, enter, or transmit any individually identifiable patient information or PHI into the Provider Dashboard unless you have executed a Business Associate Agreement (BAA) with Bodinh LLC governing the LMN Builder or other PHI-processing features;
- You are solely responsible for any clinical decisions made using information obtained from the Provider Dashboard;
- You will not share your Provider account credentials or grant access to unlicensed individuals;
- You acknowledge that data displayed in the Provider Dashboard is derived from publicly available sources and anonymized aggregate data, may not reflect real-time payer policy changes, and should be independently verified.
Bodinh LLC reserves the right to verify professional credentials and to suspend or terminate unverifiable Provider accounts.
9.2 Provider Business Associate Agreement
Where Provider Users submit PHI through the LMN Builder or other designated features, Bodinh LLC acts as a Business Associate under HIPAA. Provider Users must execute a separate BAA with Bodinh LLC before submitting any PHI. See Section 17 for BAA details.
9.3 Mutual Indemnification (Provider Users)
Provider Users are subject to the mutual indemnification provisions in Section 32.2.
9.4 Provider Data
Provider account information (name, email, professional role, organization, login activity, usage analytics) is subject to the same security, retention, and deletion rights described in these Terms and our Privacy Policy.
10. HEALTH DATA COLLECTION, USE, AND CONSENT
HEALTH DATA DISCLOSURE
This section describes what health data Ellen collects, how AI processes it, what happens to it, and your rights.
What Health Data We Collect
We collect the following health-related information that you voluntarily provide:
- Diagnosis and condition information (e.g., disease names, ICD codes)
- Insurance and payer information (e.g., insurer name, plan type, denial reasons, denial codes)
- Medication information (e.g., drug names, dosages, step therapy history)
- Lab values (e.g., test names, results, units, reference ranges — extracted from uploaded images)
- Billing information (e.g., CPT/HCPCS codes, charges, facility types)
- Appeal-related information (e.g., draft appeal letters, supporting documentation text)
How AI Processes Your Health Data
Your health data is processed by Amazon Bedrock (Anthropic's Claude) to:
- Generate personalized appeal letters
- Extract structured lab values from uploaded images
- Analyze medical bills for potential errors
- Decode denial reasons and suggest appeal strategies
- Match you with potentially relevant clinical trials
AI processing occurs in real-time on secure AWS infrastructure within the United States. Your data is encrypted in transit (TLS 1.3) and at rest (AES-256).
What Happens to Your Health Data
- Active use period: Your health data is stored encrypted for up to 90 days to provide the Service.
- After 90 days: Personal health data is automatically deleted.
- Lab report images: Immediately discarded after value extraction — never stored.
- Anonymized data: If you opt in, de-identified data may be retained indefinitely for aggregate analytics.
Your Rights
- Access: Request a copy of your health data at any time.
- Correction: Request correction of inaccurate health data.
- Deletion: Request immediate deletion of your health data (processed within 30 days).
- Opt out: Opt out of anonymized data contribution via account settings or by emailing privacy@ellenrx.com.
- Portability: Request your data in a machine-readable format.
- Withdraw consent: Withdraw health data consent at any time (see Section 8.3).
11. LAB REPORT UPLOAD AND PROCESSING
By using Ellen's lab report upload feature:
- You agree to crop or redact all personally identifiable information (name, date of birth, address, Social Security number, insurance ID) from your lab report image before uploading.
- Your uploaded image is processed in real-time by Amazon Bedrock (Anthropic's Claude) and is immediately discarded after extraction. Ellen never stores, saves, or retains your original lab report image.
- Only the extracted, structured lab values (test names, results, units, and reference ranges) may be saved to help generate appeal letters and, if you opt in, to contribute to anonymized aggregate health intelligence.
- You acknowledge that Ellen is not responsible for any personally identifiable information included in uploaded images that you did not remove prior to uploading.
- Lab report processing is performed within AWS infrastructure under a signed BAA ensuring healthcare-grade security standards.
11A. DENIAL LETTER UPLOAD AND PROCESSING
By using Ellen's denial letter upload feature:
- You upload your insurance denial letter for analysis.
- Your letter is processed through an automated PHI redaction pipeline that strips all 18 HIPAA Safe Harbor identifiers before any AI processing.
- The redacted text is processed by AI to decode the denial reason, generate appeal arguments, and draft an appeal letter.
- Your original uploaded document is immediately discarded after redaction and processing — it is never stored.
- Redacted and extracted data (denial reason, drug, payer, and appeal arguments) may be retained as described in Section 10.
- You acknowledge that Ellen applies automated redaction but cannot guarantee 100% removal of personal information, and you should remove unnecessary personal information where possible before uploading.
12. BILL AUDIT TOOL
When you use our bill audit tool, we collect de-identified billing information including procedure codes (CPT/HCPCS), charges, facility types, payer information, and geographic region. We use this data to:
- Improve the accuracy of our bill analysis tools
- Build aggregate pricing benchmarks
- Generate anonymized analytics and reports
You are responsible for removing all personally identifiable information (names, dates of birth, Social Security numbers, member IDs) before submitting a bill.
13. DATA RETENTION AND DELETION
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Personal health data (diagnoses, medications, insurance info, lab values, appeal content) | 90 days from last activity | Automatic purge |
| Lab report images | Immediately discarded — never stored | Real-time deletion after processing |
| Account data (email, name, preferences) | Until account deletion requested | Manual request |
| Audit logs and security incident records | 6 years minimum | Required by law |
| BAA-related records | 6 years from termination of BAA | Required by HIPAA 45 CFR § 164.530(j) |
| Anonymized, aggregate data | Indefinite (cannot be linked to individuals) | Not subject to deletion requests |
| Billing audit data (de-identified) | 90 days in identifiable form | Automatic purge |
| Provider Dashboard usage data | Until account deletion requested | Manual request |
To request deletion: Email privacy@ellenrx.com with the subject line "Data Deletion Request." Include the email address associated with your account. We will acknowledge your request within 5 business days and complete deletion within 30 calendar days.
Anonymized, aggregate data that has already been de-identified prior to a deletion request is not subject to deletion, as it cannot be linked to any individual.
14. ANONYMIZED AND DE-IDENTIFIED DATA
Bodinh LLC de-identifies data using the HIPAA Expert Determination method (45 CFR § 164.514(b)(1)). Under this method, the re-identification risk of data shared for research and insights is determined to be very small. Our de-identification combines two safeguards: (1) removal of all 18 HIPAA identifiers (the same identifiers used in the Safe Harbor method), and (2) cohort suppression, which withholds data for small or rare populations that could otherwise be re-identifiable even after identifiers are removed. The identifiers removed include:
- Names
- Geographic data smaller than state
- Dates (except year) related to an individual
- Phone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers
- Device identifiers and serial numbers
- Web URLs
- IP addresses
- Biometric identifiers
- Full-face photographs
- Any other unique identifying number or code
Cohort suppression for rare and small populations: Because individuals with rare conditions can sometimes be re-identified even after the 18 identifiers are removed, Bodinh LLC suppresses data from datasets when a population (for example, a specific diagnosis combined with location and treatment) is too small to be safely de-identified. The threshold scales with rarity — rarer conditions require larger groups before any data is included, and unknown conditions are treated as the rarest (most protective) category.
After de-identification, Bodinh LLC has no reasonable basis to believe the remaining information can be used to identify any individual.
You may opt out of anonymized data contribution at any time through your account settings or by emailing privacy@ellenrx.com. Opting out does not affect your access to the Service.
Provider Users may not attempt to re-identify any anonymized data accessible through the Provider Dashboard.
15. ANONYMIZED RESEARCH & INSIGHTS
Transparency notice: To improve drug access and affordability for all patients, Bodinh LLC may share fully anonymized, aggregated insights with third parties, including but not limited to:
- Academic and clinical researchers
- Healthcare policy organizations
- Pharmaceutical companies seeking to improve patient access to their therapies
- Health systems and payer organizations
What is shared: Only data that has been fully de-identified using the HIPAA Expert Determination method (Section 14). Shared datasets contain no individually identifiable information.
Examples of shared insights: Aggregate denial rates by payer and diagnosis, anonymized appeal success rate benchmarks, drug access pattern analytics.
What is never shared: Individual health records, personally identifiable information, individual appeal letters, individual lab reports, or any data that could identify a specific user.
Your opt-out right: You may opt out of contributing your data to anonymized datasets at any time via account settings or by emailing privacy@ellenrx.com. Opt-out takes effect within 30 days. Data already de-identified and incorporated into aggregate datasets prior to your opt-out cannot be removed, as it is no longer linked to you.
16. SUB-PROCESSORS AND THIRD-PARTY SERVICES
Bodinh LLC uses the following third-party sub-processors to operate the Service:
| Sub-Processor | Service | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting (ECS Fargate), database (RDS PostgreSQL), authentication (Cognito), AI processing (Bedrock), CDN (CloudFront), email (SES), serverless compute (Lambda) | All Service data | United States |
| Anthropic, PBC | AI model provider (Claude via AWS Bedrock) | Health data submitted for AI processing | United States (via AWS) |
| Plausible Analytics | Privacy-focused website analytics | Anonymized page views (no personal data, no cookies) | EU |
| PostHog | Product analytics and feature usage | Anonymized usage events, session data | United States |
| Google Analytics 4 (GA4) | Website traffic analytics | Anonymized traffic data (IP anonymization enabled) | United States |
| Resend | Transactional email delivery | Email addresses, email content | United States |
| Cloudflare | DNS management, DDoS protection, security | Network traffic metadata | Global |
No health data is shared with analytics providers (Plausible, PostHog, GA4). Health data processing occurs exclusively within AWS infrastructure.
All sub-processors with access to health data operate under contractual data processing agreements or BAAs. We maintain a BAA with AWS covering all HIPAA-eligible services.
We will update this sub-processor list as our infrastructure evolves and will notify users of material changes via email or in-app notification.
17. BUSINESS ASSOCIATE AGREEMENT (BAA)
17.1 When Ellen Acts as a Business Associate
Bodinh LLC acts as a Business Associate under HIPAA in connection with the following features where Provider Users may submit PHI:
- LMN Builder — where providers draft Letters of Medical Necessity containing patient information
- Other designated PHI-processing features as identified in the applicable BAA
17.2 BAA Requirements
In accordance with HIPAA 45 CFR § 164.502(e) and 45 CFR § 164.504(e), Provider Users who are Covered Entities or Business Associates must execute a separate Business Associate Agreement with Bodinh LLC before submitting any PHI to the Service.
The BAA governs:
- Permitted uses and disclosures of PHI
- Safeguards for PHI protection
- Breach notification obligations
- Return or destruction of PHI upon termination
- Sub-contractor obligations
To request a BAA, contact: hello@ellenrx.com
17.3 Infrastructure BAA
Bodinh LLC maintains a signed BAA with Amazon Web Services covering all HIPAA-eligible AWS services used in the operation of Ellen, including RDS, Cognito, Bedrock, ECS, S3, CloudFront, SES, and Lambda.
17.4 Patient Users and HIPAA
Ellen is not a Covered Entity under HIPAA for Patient User interactions. Patient Users submit self-reported information for their own educational use. The infrastructure protections described herein (encryption, BAA-backed cloud services, access controls) reflect our security standards and our commitment to healthcare-grade data protection, regardless of whether a strict HIPAA obligation applies.
18. SECURITY AND INFRASTRUCTURE
Ellen's infrastructure includes the following security measures:
- Encryption at rest: AES-256 encryption for all stored data
- Encryption in transit: TLS 1.2+ (TLS 1.3 preferred) for all data transmission
- Database security: Row-level security, encrypted connections, automated backups
- Authentication: AWS Cognito with secure token management
- Network security: CloudFront CDN with AWS WAF, Cloudflare DDoS protection
- Security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
- API security: Rate limiting, automated abuse detection, API key rotation
- Infrastructure as Code: All infrastructure managed via Terraform with version-controlled, auditable configurations
- Access controls: Principle of least privilege; multi-factor authentication for all administrative access
Security Certifications
Ellen's infrastructure runs entirely on Amazon Web Services, which maintains SOC 2 Type II, ISO 27001, HITRUST, and FedRAMP certifications. AWS's compliance reports are available through AWS Artifact.
Bodinh LLC SOC 2 compliance: SOC 2 Type II audit for Bodinh LLC is currently in progress. We are committed to achieving independent SOC 2 Type II certification and will update this section upon completion.
19. BREACH NOTIFICATION
Bodinh LLC complies with the FTC Health Breach Notification Rule (16 CFR Part 318) and all applicable state breach notification laws.
19.1 Notification Timeline
In the event of a breach of unsecured personally identifiable health information:
- Individual notification: Within 60 calendar days of discovery of the breach, or sooner where required by state law
- FTC notification: As required under 16 CFR Part 318
- State attorney general notification: As required by applicable state law
- BAA breach notification (Provider Users): Within the timeframe specified in the applicable BAA (default: 30 calendar days of discovery)
19.2 State-Specific Requirements
Where state law requires a shorter notification period than 60 days, we will comply with the shorter timeline. Notable state requirements include:
- Connecticut: 60 days (Conn. Gen. Stat. § 36a-701b)
- California: "Expedient" and without unreasonable delay
- Washington: 30 days (RCW 19.255.010)
- Colorado: 30 days (CRS § 6-1-716)
19.3 Notification Content
Breach notifications will include: (a) description of the breach, (b) types of information involved, (c) steps taken to address the breach, (d) steps individuals can take to protect themselves, and (e) contact information for questions.
20. HEALTH DATA AND ADVERTISING
Bodinh LLC does not share, sell, or disclose your personal health information — including your drug searches, denial information, payer data, lab values, or appeal activity — to advertisers, advertising networks, or data brokers for the purpose of targeted advertising.
Ellen does not use tracking pixels, cookies, or similar technologies to share your health-related activity with third-party advertising platforms (such as Meta/Facebook, Google Ads, or similar services) for ad targeting purposes.
21. STATE PRIVACY RIGHTS
Bodinh LLC is committed to complying with applicable state privacy laws. We write to the strictest applicable standard (California and Washington) so that compliance cascades to all states. The following summarizes your rights under specific state laws:
21.1 California (CCPA/CPRA — Cal. Civ. Code § 1798.100 et seq.)
California residents have the right to:
- Know what personal information is collected, used, and disclosed
- Delete personal information (subject to legal exceptions)
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information (Bodinh LLC does not sell personal information)
- Limit use of sensitive personal information to purposes necessary for the Service
- Non-discrimination for exercising privacy rights
Sensitive personal information: Health data submitted to Ellen is "sensitive personal information" under CPRA. We use it only to provide the Service and do not use it for profiling or advertising.
To exercise California rights: privacy@ellenrx.com or call [to be added when phone support is available].
21.2 Washington (My Health My Data Act — RCW 19.373)
Washington residents have the right to:
- Know what consumer health data is collected and with whom it is shared
- Consent before collection and sharing of consumer health data (separate from general terms acceptance)
- Withdraw consent for health data processing
- Delete consumer health data
- Access consumer health data
- Private right of action under the Washington Consumer Protection Act
Washington-specific consent: By using Ellen's health data features, Washington residents provide affirmative consent to the collection and processing of consumer health data as described in Section 10. Certain features (e.g., lab report upload) may be restricted pending full MHDA compliance verification.
21.3 Connecticut (CTDPA — Conn. Gen. Stat. § 42-515 et seq.)
Connecticut residents have the right to:
- Access, correct, and delete personal data
- Obtain a copy of personal data in portable format
- Opt out of targeted advertising, sale of personal data, and profiling
- Appeal a denial of a privacy request (appeal to privacy@ellenrx.com; if unresolved, contact the CT Attorney General)
21.4 Colorado (CPA — CRS § 6-1-1301 et seq.)
Colorado residents have the right to:
- Access, correct, and delete personal data
- Data portability
- Opt out of targeted advertising, sale of personal data, and profiling
- Universal opt-out mechanism recognition
21.5 Virginia (VCDPA — Va. Code § 59.1-575 et seq.)
Virginia residents have the right to:
- Access, correct, and delete personal data
- Data portability
- Opt out of targeted advertising, sale of personal data, and profiling
21.6 Oregon (OCPA — ORS § 646A.570 et seq.)
Oregon residents have rights to access, correct, delete, and port personal data, and to opt out of targeted advertising and sale of personal data.
21.7 Texas (TDPSA — Tex. Bus. & Com. Code § 541.001 et seq.)
Texas residents have rights to access, correct, delete, and port personal data, and to opt out of targeted advertising and sale of personal data.
21.8 All Other States
Regardless of your state of residence, Bodinh LLC provides all users with the rights to access, correct, and delete their personal data as described in these Terms. We apply California and Washington standards universally, which means you benefit from the strictest protections regardless of where you live.
21.9 How to Exercise Your Rights
- Email: privacy@ellenrx.com
- Subject line: "[State] Privacy Rights Request" (e.g., "California Privacy Rights Request")
- Response time: 30 calendar days (45 days with notice of extension if reasonably necessary)
- Verification: We will verify your identity before processing requests using the email address associated with your account.
We will not discriminate against you for exercising any privacy right.
22. GEOGRAPHIC RESTRICTIONS
Certain features of the Service, including lab report upload and analysis, may not be available to residents of all U.S. states due to varying consumer health data laws.
By accessing geographically restricted features, you represent and warrant that you are a resident of the state you selected during the verification process. Misrepresenting your state of residence — including using a VPN, proxy, or other tool to circumvent geographic restrictions — is a violation of these Terms.
23. ACCOUNT REGISTRATION AND RESPONSIBILITY
To access certain features, you may need to create an account. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You agree to provide accurate and complete information during registration.
Certain features are available without account creation. Guest Users who accept these Terms via the consent checkbox are bound by all applicable provisions. Guest Users may later create an account to access additional features such as letter history, appeal tracking, and follow-up communications.
24. USER-GENERATED CONTENT
You may submit feedback, comments, or other content through the Service. By submitting content, you grant Bodinh LLC a non-exclusive, royalty-free license to use, modify, and display such content in connection with operating and improving the Service.
25. INTELLECTUAL PROPERTY
The Service, including its design, text, graphics, interfaces, code, and all related intellectual property, is owned by Bodinh LLC and protected by applicable intellectual property laws. You may not reproduce, distribute, or create derivative works without our prior written consent.
26. PROHIBITED CONDUCT
You agree not to:
- Scrape or automate: Use any robot, spider, crawler, or automated means to access or extract data from the Service
- Reverse engineer: Decompile, disassemble, or reverse engineer the Service
- Commercially exploit: Copy, sell, license, or distribute content from the Service without written consent
- Misrepresent: Impersonate any person or entity, or misrepresent your identity, credentials, age, or state of residence
- Interfere: Disrupt the Service or connected networks
- Circumvent: Bypass security or access control measures
- Compete: Use the Service to build or improve a competing product
- Export data: Systematically extract Provider Dashboard data for competing purposes
- Submit PHI improperly: Upload individually identifiable PHI into the Provider Dashboard without an executed BAA
- Misrepresent credentials: Register for a Provider account without valid professional credentials
- Re-identify data: Attempt to re-identify any anonymized or de-identified data
Violation may result in immediate termination and may subject you to civil and criminal liability.
27. THIRD-PARTY LINKS
The Service may contain links to third-party websites including manufacturer hub programs, copay assistance programs, ClinicalTrials.gov, PubMed, and patient advocacy organizations. Bodinh LLC does not control or endorse third-party content.
28. DISCLAIMER OF WARRANTIES
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. We do not guarantee that appeal strategies will result in insurance approval. All information is for educational purposes only.
29. LIMITATION OF LIABILITY
TO THE FULLEST EXTENT PERMITTED BY LAW, BODINH LLC SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS ARISING FROM YOUR USE OF OR RELIANCE ON THE SERVICE. Bodinh LLC is not liable for decisions made based on Ellen's information, including medical treatment decisions, insurance appeals, or coverage disputes.
30. CAP ON DAMAGES
In no event shall Bodinh LLC's total cumulative liability to you for all claims arising out of or related to the Service exceed the greater of (a) the amount you paid to Bodinh LLC in the twelve (12) months preceding the claim, or (b) one hundred dollars ($100).
31. INSURANCE AND LIABILITY COVERAGE
Bodinh LLC maintains Errors and Omissions (E&O) insurance and cyber liability insurance coverage to protect against claims arising from the operation of the Service. This coverage provides additional assurance that Bodinh LLC has the financial resources to address potential claims and incidents.
32. INDEMNIFICATION
32.1 Patient User Indemnification (One-Way)
Patient Users agree to indemnify, defend, and hold harmless Bodinh LLC, its officers, directors, employees, agents, affiliates, subsidiaries, and parent companies from and against any claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys' fees) arising out of or related to: (a) your use of the Service, (b) your violation of these Terms, (c) your reliance on any information provided by the Service, or (d) your submission of personally identifiable information in lab report images or bill submissions that you were instructed to redact.
32.2 Mutual Indemnification (Provider Users)
(a) Provider User indemnification of Bodinh LLC: Provider Users agree to indemnify, defend, and hold harmless Bodinh LLC, its officers, directors, employees, agents, affiliates, subsidiaries, and parent companies from and against any claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys' fees) arising out of or related to: (i) Provider User's use of the Service, (ii) Provider User's violation of these Terms, (iii) Provider User's submission of PHI without an executed BAA, (iv) Provider User's clinical decisions made using Service information, or (v) Provider User's breach of applicable healthcare laws or regulations.
(b) Bodinh LLC indemnification of Provider Users: Bodinh LLC agrees to indemnify, defend, and hold harmless Provider Users from and against third-party claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys' fees) arising directly from: (i) Bodinh LLC's breach of an executed BAA, (ii) Bodinh LLC's unauthorized disclosure of Provider User's confidential information, or (iii) Bodinh LLC's material breach of its security obligations under these Terms, provided that Provider User promptly notifies Bodinh LLC of the claim, grants Bodinh LLC sole control of the defense, and cooperates fully.
33. DISPUTE RESOLUTION AND BINDING ARBITRATION
33.1 Informal Resolution
Any dispute arising out of or relating to these Terms shall first be attempted through informal negotiation by contacting hello@ellenrx.com. If unresolved within thirty (30) days, either party may initiate binding arbitration.
33.2 Binding Arbitration
Any dispute, claim, or controversy arising out of or relating to these Terms, the Service, or your relationship with Bodinh LLC — including disputes involving Bodinh LLC's officers, directors, employees, agents, affiliates, subsidiaries, and parent companies — shall be resolved exclusively through binding arbitration administered by the American Arbitration Association ("AAA") under its Consumer Arbitration Rules (for Patient Users) or Commercial Arbitration Rules (for Provider Users). Arbitration shall be conducted in the State of Connecticut.
33.3 Class Action Waiver
YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. You expressly waive any right to participate in a class action lawsuit or class-wide arbitration against Bodinh LLC or any of its officers, directors, employees, agents, affiliates, subsidiaries, or parent companies.
33.4 Statute of Limitations
Any claim must be filed within one (1) year after the event giving rise to the claim. Claims filed after this period are permanently barred.
33.5 Jury Trial Waiver
To the fullest extent permitted by applicable law, you waive any right to a jury trial.
33.6 Survival
This Section 33 survives termination of your account, deletion of your data, or discontinuation of your use of the Service.
34. NO GUARANTEES OF OUTCOME
Ellen provides information to help you understand your insurance denial and potential options. We make no guarantee that any appeal will be successful or that any insurance company will reverse a denial. Success rates, if referenced, are based on publicly available data and historical patterns, not guaranteed results.
35. AUTOMATED QUALITY SCORE
The automated quality score is an appeal letter completeness metric that uses AI pattern-matching to identify whether common structural elements are present in your letter. The automated quality score is for informational purposes only and does not guarantee appeal success. A high score does not mean your appeal will be approved; a low score does not mean it will be denied.
36. MODIFICATION OF TERMS
We reserve the right to modify these Terms at any time. Material changes will be communicated via email to the address associated with your account at least fourteen (14) days before they take effect, except for changes required by law, which may take effect immediately. Changes will also be posted on this page with an updated "Last updated" date. Your continued use of the Service after the effective date constitutes acceptance.
37. TERMINATION
We may suspend or terminate your access to the Service at any time, with or without cause, and with or without notice. Upon termination, your right to use the Service ceases immediately. Sections that by their nature should survive termination (including Sections 5, 13, 14, 15, 17, 28–33, and 38) shall survive.
38. GOVERNING LAW
These Terms are governed by and construed in accordance with the laws of the State of Connecticut, without regard to conflict of law principles. To the extent any dispute is not subject to arbitration, the exclusive jurisdiction shall be the state and federal courts located in Hartford County, Connecticut.
39. SEVERABILITY
If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.
40. ASSIGNMENT
Bodinh LLC may assign these Terms to a successor or affiliated entity upon notice to users, including in connection with any corporate reorganization, merger, or sale of assets.
41. ENTIRE AGREEMENT
These Terms, together with the Privacy Policy and any executed BAA, constitute the entire agreement between you and Bodinh LLC regarding the Service.
42. CONTACT
- General inquiries: hello@ellenrx.com
- Privacy requests: privacy@ellenrx.com
Bodinh LLC | © 2024–2026 All Rights Reserved