How we protect your information.
Insurance denial letters contain protected health information. Here's exactly how we handle yours — straight, no jargon.
Encrypted at rest and in transit
All PHI is stored in an AES-256-encrypted database (SQLCipher) sitting on top of a LUKS-encrypted (AES-XTS) disk volume — two layers of encryption at rest. Transit is TLS 1.3 end-to-end. Files you upload are never stored unencrypted on disk.
Every action is logged
Uploads, views, exports, and deletions are recorded in an append-only audit log with actor, IP, user-agent, and timestamp. Required for HIPAA breach response and for our own forensic posture.
Signed vendor BAAs
We have signed Business Associate Agreements with every third party that handles PHI. The vendor list below identifies who is covered, with the date each BAA was signed.
Minimum retention
Anonymous denial-letter uploads (made before you create an appeal) are automatically deleted within 24 hours. Once you create an appeal, your appeal record and uploaded documents are retained for up to 7 years from the date you last use the Service (HIPAA recommendation). Audit logs are retained 6 years per HIPAA §164.312. You may permanently delete your appeal and all associated data at any time via the "Delete my data" link on your dashboard, or by emailing [email protected].
Strict access controls
Only your account, your treating provider (when you grant access), and our incident-response team (only on a documented support ticket from you) can see your data. No bulk read access, no broad analytics access, no third-party advertising access — ever.
Anonymous analytics only
We use product-analytics tooling to measure aggregate funnel metrics (page views, button clicks by anonymous category — never identifiers). We do NOT send PHI, patient names, member IDs, claim numbers, email addresses, or any other identifying field to our analytics provider. Session replay, heatmaps, and form-input autocapture are explicitly disabled. Performance metrics (page-load timing) are captured anonymously.
Vendors covered by our BAA program
These are the only third parties that touch your PHI. Each has a signed HIPAA Business Associate Agreement (or is covered by an exception noted below).
| Vendor | Purpose |
|---|---|
| AWS (Textract + S3 + Lightsail) | Document OCR (Textract), encrypted offsite backups (S3), public-facing TLS gateway (Lightsail) — BAA signed 2026-05-08 |
| Anthropic (subscription Claude CLI) | AI inference for de-identified PHI text (PHI redacted before send via in-house de-id pipeline) |
| Paubox | Transactional email (HIPAA Email API; BAA signed 2026-05-16) |
| Google Workspace | Operator mailbox + admin notifications (BAA signed 2026-05-12) |
| Stripe | Payment processing (PHI-free metadata; conduit exception) |
| Cloudflare | DNS only — denialhelp.com proxy disabled |
Important disclaimers
Not medical advice. We help draft insurance appeal letters. We are not a healthcare provider and do not diagnose, prescribe, or treat. Always consult your treating physician for medical decisions.
Not legal advice. Appeal letters are legal communications with your insurer, but DenialHelp is not a law firm. For complex legal questions (ERISA fiduciary breaches, parity-law claims, civil action), consult a licensed attorney.
Letters are AI-drafted, physician-reviewed. Our system drafts your appeal using the denial letter, your intake answers, and any clinical records you upload. Your treating physician then reviews, verifies clinical accuracy, signs, and files. We don't bypass your physician — we equip them.
Found a vulnerability or have a security question?
[email protected]