Privacy Policy

This Privacy Policy describes how Claimo collects, uses, discloses, and safeguards information in connection with our website, waitlist, early-access program, software dashboards, document processing, and ABA compliance intelligence workflows. It applies to visitors, prospective customers, authorized users, and organizations evaluating or using Claimo.

Claimo is built for ABA practices and related organizations that review claims, session notes, authorizations, payer requirements, and compliance-support materials. If Claimo processes protected health information for or on behalf of a covered entity or business associate, the applicable written customer agreement, business associate terms, or other data protection terms control where they conflict with this Privacy Policy.

This Privacy Policy is not a notice of privacy practices for a healthcare provider. Individuals seeking access to clinical records, billing records, or other health information should contact the applicable provider, clinic, payer, or covered entity directly.

Account Information means information about an authorized user or customer organization, such as name, work email, role, organization, account settings, authentication activity, support communications, and billing or contracting contacts.

Customer Data means records, documents, files, extracted fields, metadata, comments, review decisions, risk flags, and other content submitted to or generated through Claimo for a customer workspace. Customer Data may include sensitive business information and, depending on the workflow, protected health information.

Usage Data means technical, operational, security, and product interaction information generated when someone uses the website or platform, such as pages viewed, feature activity, IP address, browser type, device information, timestamps, logs, error events, and audit events.

Protected Health Information, or PHI, has the meaning given to that term under HIPAA. Whether information is PHI can depend on who submits it, why it is processed, and the contractual role Claimo has for that workflow.

We may collect Account Information, including names, work email addresses, organization names, roles, credentials-related metadata, security settings, support requests, vendor-review communications, and other information provided during onboarding, contracting, support, or account administration.

We may collect Customer Data, including uploaded file metadata, claims fields, authorization fields, session-note fields, payer or CPT context, extracted document text, generated risk scores, match statuses, review decisions, audit events, and operational records needed to provide the service.

Uploaded records may contain billing, treatment, authorization, patient, provider, or payer information. Claimo is designed to strip, tokenize, or avoid unnecessary patient-identifying information before downstream AI-assisted analysis where feasible for the workflow. Original files, identity-linkage records, and derived operational records may still be treated as sensitive customer records and protected accordingly.

We may collect Usage Data such as browser and device information, IP address, pages viewed, referral information, timestamps, session activity, API activity, security logs, and error reports for service operation, reliability, abuse prevention, product improvement, and security monitoring.

If you join the waitlist, request early access, contact us, or otherwise evaluate Claimo, we may collect the information you provide, including your name, work email, practice name, role, approximate claim-line volume, notes about payer mix or operational needs, and related communications.

We use prospective customer information to respond to requests, prioritize early-access onboarding, understand product fit, improve website and waitlist flows, and communicate about Claimo. A waitlist or contact-form submission is not approval to process patient records. Do not include patient-identifying information in public website forms, waitlist forms, or general email.

Claimo may use cookies, local storage, server logs, and similar technologies to operate the website and application, remember preferences, measure page performance, diagnose errors, prevent abuse, and understand aggregate usage. We aim to keep analytics proportional to operating and improving a business software product.

Some cookies or storage mechanisms are necessary for authentication, session management, security controls, and application functionality. Browser settings may allow you to block or delete cookies, but some product or security features may not work correctly if necessary cookies or storage are disabled.

We use information to provide and improve the Claimo service, process uploaded materials, generate practice risk scores, reconcile claim lines to session notes and authorizations, maintain accounts, support customers, secure the platform, monitor reliability, and communicate about product updates or early-access participation.

We may use information to verify users, enforce access controls, investigate suspicious activity, maintain audit trails, debug workflows, respond to support requests, conduct security review, comply with legal obligations, and enforce customer agreements or website terms.

We do not sell Customer Data. We do not use customer PHI for advertising. We do not disclose customer documents or derived sensitive records to third parties except as necessary to provide the service, comply with law, protect rights and security, investigate misuse, or follow customer instructions.

We may use aggregated, anonymized, or de-identified information to understand product performance, improve workflows, evaluate model quality, develop benchmarking features, and communicate general product insights, provided the information is not reasonably capable of identifying an individual patient or customer organization.

Claimo may use automated and AI-assisted systems to extract, classify, compare, and summarize information from claims, notes, authorizations, and related records. AI outputs are intended to assist operational review and do not replace professional billing, clinical, legal, or compliance judgment.

For downstream analysis workflows, Claimo is designed to use de-identified or tokenized text where feasible. Some narrowly scoped preprocessing workflows may review source text to identify client identity, classify documents, or support PHI minimization before downstream analysis. Those workflows should be handled server-side, logged, and limited to the purpose for which the customer submitted the record.

When third-party infrastructure or model providers are used, Claimo applies technical and operational controls appropriate to the sensitivity of the data and the customer configuration. We do not intentionally use identifiable customer PHI to train general-purpose AI models.

AI-assisted workflows may produce incomplete, inaccurate, or context-dependent outputs. Customers remain responsible for reviewing source documents and deciding whether any billing, documentation, clinical, payer, or compliance action is appropriate.

We may share information with service providers that help us operate hosting, storage, authentication, security monitoring, analytics, communications, support, document processing, and AI-assisted processing. Service providers are authorized to use information only as necessary to provide services to Claimo or as otherwise permitted by the relevant customer agreement.

We may disclose information if required by law, subpoena, court order, regulatory process, or to protect the rights, safety, and security of Claimo, customers, patients, users, or the public. Where legally permitted, we will seek to provide notice before disclosing customer information in response to legal process.

We may share information in connection with a merger, financing, acquisition, reorganization, sale of assets, or similar corporate transaction, subject to confidentiality and data protection obligations appropriate to the information involved.

Customers are responsible for providing source documents and data through supported workflows and confirming that uploads are authorized, accurate, and appropriate for the intended use. Customers should not upload production PHI unless the required internal approvals, security review, and written contractual terms are in place.

Customers are responsible for determining whether submitted information includes PHI, whether Claimo is approved for the intended use case, whether the customer's internal policies allow the upload or processing of the relevant records, and whether any patient, employee, payer, or provider notice or authorization is required.

We use administrative, technical, and organizational safeguards intended to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards include authenticated access, role-aware permissions, audit logging, encryption controls, secure transport, and operational procedures intended to reduce unnecessary exposure of sensitive records.

No system can be guaranteed completely secure. Customers remain responsible for configuring user access, enforcing internal security policies, protecting endpoints and credentials, reviewing exports and downloads, and limiting uploads to appropriate business purposes.

Security questions, vulnerability reports, and vendor-review requests may be sent to founders@tryclaimo.com. Please do not include patient information in initial security reports unless Claimo provides a secure channel for that purpose.

We retain information for as long as reasonably necessary to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain audit trails, support continuity, and operate legitimate business functions. Retention periods may differ by data type, customer agreement, legal requirement, and product configuration.

Raw uploaded files are intended to be retained only as long as needed for processing and short-term operational support. De-identified analysis results, audit trails, and security logs may be retained longer to support customer review, HIPAA-aligned auditability, dispute resolution, and legal obligations.

Customer deletion or export requests are handled according to the applicable customer agreement and legal obligations. Backup, log, audit, and archival records may persist for limited or legally required periods after deletion from active systems where retention is necessary for security, continuity, audit, or compliance purposes.

Claimo may use cloud infrastructure and service providers located in the United States or other jurisdictions. Hosting, processing, support, and vendor details may evolve as the product develops and as customer requirements are finalized during contracting.

Where a vendor processes PHI as a subcontractor business associate, Claimo expects appropriate contractual protections to be in place before that vendor is used for the relevant production workflow. Customers with data residency, subprocessor approval, vendor review, security questionnaire, or audit-rights requirements should raise those requirements before uploading sensitive production records.

Customers may request access, correction, export, or deletion of certain Account Information and organizational information by contacting Claimo. Customer administrators may also control user invitations, role assignments, access removal, and workspace configuration through supported product workflows.

Individual privacy rights vary by jurisdiction and by whether Claimo acts as a service provider, processor, business associate, or independent controller for a given data element. Depending on applicable law, individuals may have rights to access, correct, delete, restrict, or object to certain processing, or to opt out of certain communications.

If a request concerns PHI or records submitted by a customer organization, Claimo may refer the request to the applicable customer, healthcare provider, or covered entity. Some records may be retained where necessary for security, audit, legal, backup, continuity, or compliance purposes.

We may send service, security, administrative, onboarding, support, and product-related communications. These communications are part of operating the service and may not be fully optional while an account or customer relationship is active.

We may send marketing or educational communications to prospective customers or business contacts. Recipients can ask to stop receiving marketing communications by using the instructions in the message or contacting us. We will still send non-marketing messages where necessary for service, security, legal, or transactional purposes.

Claimo is a business software product for healthcare and ABA organizations. It is not directed to children for personal use, and children should not create accounts or submit information directly to Claimo.

Records processed by customer organizations may relate to pediatric ABA services. When such records are processed, Claimo handles them as customer-provided sensitive records under the applicable customer agreement and privacy/security terms.

We may update this Privacy Policy as our product, legal obligations, or operational practices evolve. Material updates will be reflected by changing the last-updated date and, where appropriate, providing additional notice.

Questions about privacy or security concerns may be sent to founders@tryclaimo.com.