IInsurancePDFtoExcel

Privacy Policy

Effective April 22, 2026. Last updated April 22, 2026.

1. Who we are

InsurancePDFtoExcel (insurancepdftoexcel.com) operates a web service that extracts structured data from insurance PDFs.

2. What we collect

  • Account data: email address, optional company name, plan tier, and Stripe customer ID for billing.
  • Uploaded documents: the PDFs you upload, the structured data we extract from them, and metadata (filename, size, processing status, confidence scores).
  • Usage data: which API endpoints you call and how often, for rate-limiting and billing.
  • Operational logs: errors and request traces, retained for 30 days for debugging. We do not log document contents.

3. What we do not collect

We do not collect protected health information (PHI) — this service is not HIPAA-compliant and should not be used with health insurance documents that contain PHI. We do not run analytics or advertising trackers on documents.

4. How we use your data

  • To run extractions you request.
  • To bill you (Stripe) and send transactional emails (Resend).
  • To detect abuse and enforce plan limits.
  • To improve our extraction models — only on aggregated, non-identifying signals like overall accuracy. We do not train on your document contents.

5. Subprocessors

We share data with the following trusted subprocessors:

  • Supabase (database + storage + auth) — US.
  • Vercel (web hosting) — US.
  • Anthropic (Claude vision for extraction) — US.
  • Stripe (billing) — US.
  • Resend (transactional email) — US.
  • Sentry + PostHog (error tracking + product analytics) — US.

6. Retention

Uploaded PDFs and extracted data are retained for 90 days, then permanently deleted. You can request immediate deletion of any document at any time from the dashboard. Account data is retained for as long as your account is active and 30 days after deletion.

7. Your rights

  • Export all your data at any time (Settings → Export).
  • Delete your account and all associated documents.
  • EU/UK customers: rights of access, rectification, erasure, restriction, portability, and objection per GDPR. Contact legal@insurancepdftoexcel.com.
  • California residents: rights under CCPA/CPRA, including the right to know and to delete.

8. Security

Documents are encrypted at rest and in transit (TLS 1.3). API keys are stored as SHA-256 hashes — we cannot recover a key after creation. We follow OWASP Top 10 controls and run dependency scanning on every deploy.

9. Changes

We will notify you by email at least 30 days before any material change to this policy.

Questions? Email legal@insurancepdftoexcel.com.

Privacy Policy — InsurancePDFtoExcel