Privacy Policy
Last Updated: January 2026
Summary: FairVisitHealth does not collect, store, or have access to any Protected Health Information (PHI). We are a price comparison tool, not a medical records system.
1. Introduction
Welcome to FairVisitHealth ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare price transparency platform.
2. Information We Collect
2.1 Information You Provide
- Account information (name, email, password)
- Profile information (ZIP code, role)
- Search queries and preferences
- Provider reviews and ratings
- Communication with our support team
2.2 Automatically Collected Information
- Location data (with your permission)
- Device information and IP address
- Usage data and analytics
- Cookies and similar technologies
3. How We Use Your Information
We use your information to:
- Provide and improve our services
- Show relevant healthcare provider search results
- Send service updates and notifications
- Personalize your experience
- Process payments and manage subscriptions
- Comply with legal obligations
- Detect and prevent fraud or abuse
4. Regulatory Compliance & Consumer Health Data
FTC & State Consumer Health Data Laws
FairVisitHealth is a healthcare price comparison platform. As such, we are not a HIPAA-covered entity (we don't provide healthcare or process insurance claims). However, we comply with applicable regulations including:
- FTC Act Section 5 - Prohibition on unfair/deceptive practices
- FTC Health Breach Notification Rule (HBNR) - Notification requirements for health data breaches
- State Consumer Health Data Laws - Including Washington My Health My Data Act, California CCPA/CPRA
4.1 FTC Health Breach Notification
While FairVisitHealth is not a HIPAA-covered entity, we comply with the FTC Health Breach Notification Rule (16 CFR Part 318). In the event of a breach of identifiable health-related information, we will:
- Notify affected users within 60 days as required by law
- Notify the FTC if the breach affects 500+ individuals
- Provide prominent media notice if required by law
4.2 What We Do NOT Collect
FairVisitHealth does NOT collect, store, access, or transmit:
- Medical records or health history
- Diagnoses or treatment information
- Lab results or test outcomes
- Prescription details or medication lists
- Insurance claims data
- Doctor-patient communications
4.2.1 Bill Audit Tool -- Special Data Handling
Our Fair Fight Bill Audit tool allows you to upload a medical bill for price comparison analysis. This feature uses strict privacy-first data handling:
- Uploaded bill images are processed in memory and permanently deleted immediately after analysis — we never retain your original documents
- Only de-identified pricing data is stored: procedure codes (e.g., CPT 99213) and dollar amounts — no patient names, dates of birth, Social Security numbers, insurance member IDs, or other personal identifiers
- Provider name and service date are stored solely to display your audit results to you
- We strongly recommend redacting personal details (name, DOB, SSN, member ID) from bills before uploading
- You may delete all bill audit data from your account at any time
- Bill audit data is never sold, shared, or disclosed to any third party
4.3 Search Query Privacy
Your search queries (e.g., "MRI near me") are used solely for providing price comparison results. We take the following privacy measures:
- Search queries are NOT sent to third-party analytics (Google Analytics receives only page paths, not search terms)
- Stored search data is automatically deleted after 30 days
- Search analytics are aggregated and anonymized for internal use only
4.4 Data Security Standards
We maintain strict data security practices:
- 256-bit SSL/TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Row-level security (RLS) on all database tables
- Automated security monitoring, RLS policy audits, and continuous dependency vulnerability scanning
For healthcare providers seeking integration: Contact [email protected] to discuss data handling arrangements.
5. Information Sharing
We may share your information with:
- Service Providers: Payment processors (Stripe), cloud infrastructure
- Healthcare Providers: Only when you initiate contact through our platform
- Legal Requirements: When required by law or to protect our rights
- Aggregated Data: Anonymous, aggregated data for research or business purposes
We never sell your personal information to third parties.
6. Data Security
We implement industry-standard security measures including:
- 256-bit SSL/TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Row-level security (RLS) on all database tables
- Secure authentication with multi-factor support
- RLS policy audits and automated dependency vulnerability scanning (Dependabot)
- Automated uptime and security-anomaly monitoring with alerting
7. Your Rights
You have the right to:
- Access your personal information
- Correct inaccurate data
- Delete your account and data
- Opt-out of marketing communications
- Export your data
8. Children's Privacy
FairVisitHealth is not intended for children under 13. We do not knowingly collect information from children under 13.
9. Account Sharing & Device Limits
2-Device Limit Per Account
FairPass memberships are for individual use only. Each account is limited to a maximum of 2 simultaneous devices. This limit is enforced to protect your account security and prevent unauthorized sharing.
Account Sharing Prohibited: Sharing your account credentials with others is strictly prohibited and constitutes a violation of our Terms of Service.
Security Monitoring:
- Device tracking: Maximum 2 simultaneous devices per account
- IP address monitoring (excessive IP changes trigger security alerts)
- Usage pattern analysis and behavioral tracking
- Rate limiting (50 searches per day for members)
Consequences of Account Sharing:
- First violation: Warning email and security review
- Second violation: 7-day account suspension
- Third violation: Permanent account termination without refund
Unusual activity (such as logins from multiple locations or exceeding the 2-device limit) will result in automatic logout from all devices and a security verification email.
10. State-Specific Privacy Rights
10.1 California (CCPA/CPRA)
California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of personal information collected in the past 12 months
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising these rights
We do NOT sell your personal information. To exercise your CCPA rights — including data access, deletion, or opt-out — email [email protected] or delete your account directly from Account Settings.
10.2 Washington (My Health My Data Act)
Washington residents have specific rights under the My Health My Data Act (MHMDA) regarding "consumer health data":
- Right to Confirm: Confirm whether we are collecting or processing your consumer health data
- Right to Access: Access your consumer health data
- Right to Withdraw Consent: Withdraw consent for processing
- Right to Delete: Request deletion of consumer health data
We do NOT sell consumer health data. To exercise your rights, email: [email protected]
Other States: We comply with applicable privacy laws in Nevada (SB 220), Connecticut (CTDPA), Virginia (VCDPA), Colorado (CPA), and other states with consumer privacy legislation. Contact us at [email protected] to exercise your rights.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or prominent notice on our platform.
11. Contact Us
For questions about this Privacy Policy or to exercise your rights, contact us at:
FairVisitHealth, Inc.
Delaware Corporation
Privacy: [email protected]
HIPAA/BAA Inquiries: [email protected]
General Support: [email protected]