Privacy & Legal

This Privacy Policy explains how ClaimScan handles personal information when people use the scanner, reports, saved evidence dashboard, public issue pages, Verified Notice Registry, attorney-review features, ClaimScan Pro, support channels, and related services.

ClaimScan may act as an independent controller for consumer accounts and platform operations. For some ClaimScan Pro or firm-customer data, ClaimScan may process personal information as a processor, service provider, or contractor under the Data Processing Addendum and a separate agreement.

• Account information, such as name, email address, role, authentication records, communication preferences, and workspace membership.
• Scan inputs and artifacts, such as screenshots, PDFs, text, emails, URLs, domains, phone numbers, product details, medical or device timelines you choose to submit, original filenames, MIME type, size, hashes, and upload timestamps.
• Extracted facts and report data, such as sender domains, deadlines, administrator names, company names, product names, issue tags, source matches, confidence values, practical next steps, saved scans, tracking choices, reminders, and attorney-review consents.

ClaimScan may receive sensitive information because users choose to scan notices, breach letters, suspicious messages, product incidents, medical or device concerns, identity-theft materials, payment records, or other evidence. Submit only information that is reasonably needed for the service.

ClaimScan is not a healthcare provider, health plan, or healthcare clearinghouse. ClaimScan should not be treated as a HIPAA-covered service unless ClaimScan has signed a separate business associate agreement that expressly says so.

• Provide scanner results, source matching, extraction, OCR, report generation, evidence preservation, saved scans, issue tracking, reminders, and account features.
• Compare scans against known settlement, breach, scam, recall, lawsuit, investigation, administrator, domain, phone, and similar-report signals.
• Generate anonymized and aggregated trend signals, public issue pages, and similar-report counts after privacy thresholds and review controls are met.

ClaimScan may use deterministic extraction, OCR, AI-assisted extraction, embeddings, classifiers, and source-matching workflows to turn user-submitted artifacts into structured facts and possible matches.

AI and automated outputs may be inaccurate or incomplete. ClaimScan stores prompt versions, model IDs when applicable, source citations, and confidence indicators where feasible so outputs can be audited and improved.

• Service providers and subprocessors that host, store, secure, authenticate, analyze, deliver, monitor, or support the service.
• AI, OCR, database, storage, logging, email, security, and infrastructure providers when needed to operate ClaimScan.
• Participating attorneys, firms, or reviewers only when you request attorney review or otherwise consent to a permitted sharing workflow.

ClaimScan does not sell personal information for money. ClaimScan does not use uploaded evidence for third-party targeted advertising.

If ClaimScan later uses advertising, cross-context behavioral advertising, or data-sharing practices that require opt-out rights, ClaimScan will update this policy and provide the required controls before those practices begin.

ClaimScan retains account records, artifacts, extracted text, reports, source matches, hashes, consent records, audit logs, and workspace records for as long as needed to provide the service, preserve evidence files, maintain security, comply with legal obligations, resolve disputes, or support user-requested tracking and attorney-review workflows.

You may request deletion of personal information or uploaded artifacts. ClaimScan may need to retain limited records where required for legal, security, fraud-prevention, dispute, backup, audit, or consent-history purposes. Deletion may also be delayed for records subject to legal hold or active attorney-review workflows.