Legal

Privacy Policy

How DenialsDX collects, uses, and protects your organization's data.

Last updated: March 2026  ·  Questions? info@denialsdx.com

1. Who We Are

DenialsDX is a B2B healthcare revenue integrity platform. We provide denial management assessment and SaaS platform services to healthcare organizations. This policy describes how we handle data collected through our platform at app.denialsdx.com and any associated services.

2. What Data We Collect

We collect only the data necessary to deliver our services:

  • Denial and claims data: denials and remittance records uploaded through the DenialsDX intake package (templates 02a through 02h), 835 remittance files, or equivalent client-provided exports. Includes CARC and RARC codes, payer identifiers, claim amounts, service dates, department codes, and provider NPIs.
  • User account data: Name, email address, job title, and organization affiliation. Used for authentication, role-based access, and notifications.
  • Platform activity: Questionnaire responses, action item updates, document uploads, and session activity. Used to generate recommendations and track program progress.
  • Contact information: Name, email, and organization provided via the contact or demo request form. Used to respond to inquiries and manage sales conversations.

We do not collect patient names, Social Security numbers, dates of birth, or other direct patient identifiers unless they are present in raw claim files uploaded by your organization. We recommend de-identifying data at the source before upload where possible.

3. How We Use Your Data

  • To run the denial analytics engine and generate recommendations specific to your organization
  • To display KPI trends, benchmarks, and financial opportunity sizing in the platform
  • To generate assessment reports, policies, governance documents, and training materials
  • To send email notifications for action item reminders, questionnaire assignments, and weekly digests
  • To support advisory involvement when included in your engagement scope
  • For platform improvement - aggregate, de-identified denial pattern data may be used to improve recommendation rules and benchmarks. No client-identifiable data is shared.

4. Data Storage and Security

Your data is stored in Supabase (a managed Postgres database) hosted on AWS infrastructure. Data is encrypted at rest using AES-256. All data in transit is protected with TLS 1.3. Platform delivery is through Cloudflare Workers, which provides network-level DDoS protection and edge security.

Multi-tenant row-level security (RLS) is enforced at the database layer - your organization's data is isolated from other clients by design, not convention. Supabase and Cloudflare both maintain SOC 2 Type II compliance.

5. Business Associate Agreement (BAA)

If your organization handles protected health information (PHI) and requires a BAA as part of HIPAA compliance, DenialsDX will execute one. BAA requests should be submitted to info@denialsdx.com. We do not begin processing PHI-containing data until a BAA is in place for clients that require one.

6. Data Sharing

We do not sell your data. We do not share client denial data with third parties except:

  • Infrastructure providers: Supabase (database hosting), Cloudflare (delivery), Resend (transactional email). Each is under appropriate data processing terms.
  • Legal requirements: If required by law or valid legal process.

7. Data Retention

We retain your data for the duration of your engagement plus 12 months, to support any follow-on work or reporting. After that period, data is deleted upon request or as part of standard offboarding. You may request deletion at any time by contacting info@denialsdx.com.

8. Your Rights

You may request access to, correction of, or deletion of your organization's data at any time. Contact info@denialsdx.com with the subject line "Data Request." We will respond within 10 business days.

9. Changes to This Policy

We may update this policy as our services evolve. Material changes will be communicated to active clients via email. Continued use of the platform after notification constitutes acceptance of the updated policy.

10. Contact

Privacy questions or concerns: info@denialsdx.com