Privacy Policy

1. Data We Collect

• Account information — name, email address, password, state of residence, and insurance type when you create an account.
• Quiz and assessment responses — answers to our home-safety quiz and assessment questionnaires.
• Home media — photos and videos you capture through our guided home-scan flow.
• Profile and medical information — information you enter in your profile for form auto-fill, including medical conditions, medications, allergies, doctor information, and insurance details. This data is stored primarily in your browser (localStorage) and optionally synced to your account if you sign in.
• Form activity — which forms you fill, field values you enter during form completion, and form progress. Field values are stored in your browser session and optionally persisted to your account for resuming later.
• Health records — if you choose to connect your MyChart or other FHIR-enabled health portal, we receive the clinical data you authorize via OAuth. Clinical data is held in a temporary session cookie (1 hour) and is not stored in our database.
• Usage data — pages visited, feature interactions, device type, and browser information collected through PostHog analytics.

2. How We Use Your Data

• Form auto-fill — using your profile data (name, address, insurance, medical information) to pre-fill healthcare and government benefit forms, saving you time and reducing errors.
• Form matching — analyzing your profile (age, state, insurance type, veteran status, conditions) to recommend forms you may be eligible for.
• AI-assisted drafting — when you opt in, using limited clinical information (conditions, medications, allergies, age, gender) to help draft narrative form responses. See the AI-Assisted Form Drafting section below for full details.
• PDF generation — creating filled PDF documents from your form data, delivered directly to your browser. We do not retain copies of generated PDFs.
• Health records integration — if you connect MyChart, pulling clinical data to enrich auto-fill. Data is held in a temporary session only.
• Communications — sending you form completion confirmations, renewal reminders, and service-related notifications.
• Product improvement — analyzing aggregated, de-identified usage patterns to improve our service.

3. AI-Assisted Form Drafting

BeneFill uses Anthropic's AI to help draft narrative sections of benefits forms. This feature is designed with strict privacy boundaries:

• What is shared with AI: Only clinical information necessary for drafting — conditions, medications, allergies, age, and gender.
• What is NEVER shared with AI: Your name, date of birth, Social Security number, address, phone number, email address, and insurance member IDs are never sent to the AI provider.
• No data retention by AI: AI processing happens in real time. The AI provider does not store your information after processing is complete.
• Consent required: You must explicitly consent before AI features are activated. You will be prompted clearly before any data is sent for AI processing.
• Opt out at any time: You can disable AI features at any time in your Settings page.
• Transparent output: AI-generated content is clearly labeled and can be reviewed and edited by you before it is included in any form submission.

4. What We Do NOT Do

5. Home Media Privacy

Your home photos and videos are treated with the highest level of care. Frames that may contain personally identifiable content (faces, documents, screens) are automatically redacted before storage. We do not retain raw, unprocessed video. All stored media is encrypted at rest and in transit. You can request deletion of all home media at any time.

6. Health Data

If you connect your health records through MyChart or another FHIR-enabled portal, data access is patient-authorized via standard FHIR/OAuth flows. You control exactly what data is shared and can revoke access at any time.

BeneFill is a direct-to-consumer platform. As such, consumer health data we collect is governed by the FTC Health Breach Notification Rule (HBNR) and applicable state consumer health data privacy laws, rather than HIPAA. We maintain security and privacy standards that meet or exceed regulatory requirements.

7. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide our services. Assessment reports and clinician-reviewed documents are retained to support ongoing benefits claims and future reassessments.

You may request deletion of your account and all associated data at any time by contacting us at privacy@benefill.ai or through your account settings. We will process deletion requests within 30 days, subject to any legal retention obligations.

8. State-Specific Rights

9. Security

We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest), role-based access controls, and regular security audits to protect your data. Access to personal data is limited to personnel who require it to provide our services.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: