Privacy Policy

Last Updated: January 2026

Summary: FairVisitHealth does not collect, store, or have access to any Protected Health Information (PHI). We are a price comparison tool, not a medical records system.

Privacy-First
256-bit SSL
Security Controls
Delaware Corp
PCI DSS

1. Introduction

Welcome to FairVisitHealth ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare price transparency platform.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email, password)
  • Profile information (ZIP code, role)
  • Search queries and preferences
  • Provider reviews and ratings
  • Communication with our support team

2.2 Automatically Collected Information

  • Location data (with your permission)
  • Device information and IP address
  • Usage data and analytics
  • Cookies and similar technologies

3. How We Use Your Information

We use your information to:

  • Provide and improve our services
  • Show relevant healthcare provider search results
  • Send service updates and notifications
  • Personalize your experience
  • Process payments and manage subscriptions
  • Comply with legal obligations
  • Detect and prevent fraud or abuse

4. Regulatory Compliance & Consumer Health Data

FTC & State Consumer Health Data Laws

FairVisitHealth is a healthcare price comparison platform. As such, we are not a HIPAA-covered entity (we don't provide healthcare or process insurance claims). However, we comply with applicable regulations including:

  • FTC Act Section 5 - Prohibition on unfair/deceptive practices
  • FTC Health Breach Notification Rule (HBNR) - Notification requirements for health data breaches
  • State Consumer Health Data Laws - Including Washington My Health My Data Act, California CCPA/CPRA

4.1 FTC Health Breach Notification

While FairVisitHealth is not a HIPAA-covered entity, we comply with the FTC Health Breach Notification Rule (16 CFR Part 318). In the event of a breach of identifiable health-related information, we will:

  • Notify affected users within 60 days as required by law
  • Notify the FTC if the breach affects 500+ individuals
  • Provide prominent media notice if required by law

4.2 What We Do NOT Collect

FairVisitHealth does NOT collect, store, access, or transmit:

  • Medical records or health history
  • Diagnoses or treatment information
  • Lab results or test outcomes
  • Prescription details or medication lists
  • Insurance claims data
  • Doctor-patient communications

4.2.1 Bill Audit Tool -- Special Data Handling

Our Fair Fight Bill Audit tool allows you to upload a medical bill for price comparison analysis. This feature uses strict privacy-first data handling:

  • Uploaded bill images are processed in memory and permanently deleted immediately after analysis — we never retain your original documents
  • Only de-identified pricing data is stored: procedure codes (e.g., CPT 99213) and dollar amounts — no patient names, dates of birth, Social Security numbers, insurance member IDs, or other personal identifiers
  • Provider name and service date are stored solely to display your audit results to you
  • We strongly recommend redacting personal details (name, DOB, SSN, member ID) from bills before uploading
  • You may delete all bill audit data from your account at any time
  • Bill audit data is never sold, shared, or disclosed to any third party

4.3 Search Query Privacy

Your search queries (e.g., "MRI near me") are used solely for providing price comparison results. We take the following privacy measures:

  • Search queries are NOT sent to third-party analytics (Google Analytics receives only page paths, not search terms)
  • Stored search data is automatically deleted after 30 days
  • Search analytics are aggregated and anonymized for internal use only

4.4 Data Security Standards

We maintain strict data security practices:

  • 256-bit SSL/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Row-level security (RLS) on all database tables
  • Automated security monitoring, RLS policy audits, and continuous dependency vulnerability scanning

For healthcare providers seeking integration: Contact [email protected] to discuss data handling arrangements.

5. Information Sharing

We may share your information with:

  • Service Providers: Payment processors (Stripe), cloud infrastructure
  • Healthcare Providers: Only when you initiate contact through our platform
  • Legal Requirements: When required by law or to protect our rights
  • Aggregated Data: Anonymous, aggregated data for research or business purposes

We never sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures including:

  • 256-bit SSL/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Row-level security (RLS) on all database tables
  • Secure authentication with multi-factor support
  • RLS policy audits and automated dependency vulnerability scanning (Dependabot)
  • Automated uptime and security-anomaly monitoring with alerting

7. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and data
  • Opt-out of marketing communications
  • Export your data

8. Children's Privacy

FairVisitHealth is not intended for children under 13. We do not knowingly collect information from children under 13.

9. Account Sharing & Device Limits

2-Device Limit Per Account

FairPass memberships are for individual use only. Each account is limited to a maximum of 2 simultaneous devices. This limit is enforced to protect your account security and prevent unauthorized sharing.

Account Sharing Prohibited: Sharing your account credentials with others is strictly prohibited and constitutes a violation of our Terms of Service.

Security Monitoring:

  • Device tracking: Maximum 2 simultaneous devices per account
  • IP address monitoring (excessive IP changes trigger security alerts)
  • Usage pattern analysis and behavioral tracking
  • Rate limiting (50 searches per day for members)

Consequences of Account Sharing:

  • First violation: Warning email and security review
  • Second violation: 7-day account suspension
  • Third violation: Permanent account termination without refund

Unusual activity (such as logins from multiple locations or exceeding the 2-device limit) will result in automatic logout from all devices and a security verification email.

10. State-Specific Privacy Rights

10.1 California (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of personal information collected in the past 12 months
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising these rights

We do NOT sell your personal information. To exercise your CCPA rights — including data access, deletion, or opt-out — email [email protected] or delete your account directly from Account Settings.

10.2 Washington (My Health My Data Act)

Washington residents have specific rights under the My Health My Data Act (MHMDA) regarding "consumer health data":

  • Right to Confirm: Confirm whether we are collecting or processing your consumer health data
  • Right to Access: Access your consumer health data
  • Right to Withdraw Consent: Withdraw consent for processing
  • Right to Delete: Request deletion of consumer health data

We do NOT sell consumer health data. To exercise your rights, email: [email protected]

Other States: We comply with applicable privacy laws in Nevada (SB 220), Connecticut (CTDPA), Virginia (VCDPA), Colorado (CPA), and other states with consumer privacy legislation. Contact us at [email protected] to exercise your rights.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or prominent notice on our platform.

11. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

FairVisitHealth, Inc.

Delaware Corporation

Privacy: [email protected]

HIPAA/BAA Inquiries: [email protected]

General Support: [email protected]