Privacy Policy for OpenHand Inc.

Last Updated: September 16, 2024

  1. Introduction

OpenHand Inc (“we,” “our,” “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using our service, you agree to the collection and use of information in accordance with this policy.

  1. Information We Collect

We collect the following types of information:

  • Personal Information: Name, email address, phone number, date of birth.

  • Medical Information: Medical billing information, insurance provider, medical records, and documentation.

  • Payment Information: Details necessary to process any payments.

  1. How We Use Your Information

We use your information solely for the purpose of:

  • Helping you identify potential savings on your medical bills.

  • Assisting in the negotiation of medical bills on your behalf.

  • Providing customer support and responding to your inquiries.


We will not share your information with third parties unless expressly authorized by you to do so.

  1. Data Security

OpenHand Inc. takes its legal obligations regarding data security seriously by implementing robust physical, technical, and administrative safeguards to protect against unauthorized access, disclosure, misuse, or loss of data collected through our Services, adhering to recognized industry standards. 


Data is securely stored on protected servers, with access limited to authorized personnel who operate on password-protected systems and are bound by confidentiality and security protocols. Security measures are continuously updated and tested, and our team is trained on maintaining the confidentiality and security of your information.


More specifically, we take the following measures to protect user data:

  • Data is encrypted at rest and in transit.

  • We store data with Google Firestore, a secure cloud provider, that is protected by a BAA.

  • We pass data to OpenAI, a secure enterprise-grade API model provider, that is protected by a BAA. We do not pass protected health information (PHI) nor personally identifiable information (PII) to OpenAI.


While we strive to ensure maximum protection, no security measures can offer absolute security. Upon registration, you'll create account credentials and are responsible for maintaining their confidentiality. You must keep your password secure, as you're accountable for all activities conducted under your account. If you suspect any compromise of your account (e.g., loss or unauthorized use of your credentials), you must immediately inform OpenHand Inc. You may be held responsible for any losses resulting from unauthorized use of your account. OpenHand Inc. reserves the right to disable any account credentials at our discretion if we believe there has been a violation of this Agreement.

  1. User Consent

User consent for data collection and use is obtained during the account creation process. When you create an account, you will be presented with a checkbox asking you to accept OpenHand Inc.'s data collection and use policies as outlined in this Privacy Policy. By checking the box and proceeding, you consent to the collection, use, and disclosure of your information as described.

  1. Data Retention and Deletion

We retain your personal and medical information for up to six (6) years to comply with legal and regulatory obligations and to support ongoing business needs.
Upon account deactivation, all your data will be permanently deleted from our systems, meaning that if you choose to reactivate your account in the future, you will need to start the account creation process from scratch.

  1. Breach Notification

In the unlikely event of a data breach that results in the unauthorized access, use, or disclosure of your personal data, OpenHand Inc. will notify you promptly, in compliance with applicable laws and regulations. Notification will be provided via email, postal mail, or other appropriate means and will include:

  • A description of the nature of the breach, including the types of data involved.

  • Steps you should take to protect yourself from potential harm.

  • Steps we are taking to mitigate the breach and prevent future occurrences.

  • Contact details for further information.

8. Prohibition on Re-identification of De-identified Data

OpenHand Inc. takes the de-identification of data seriously. We prohibit the re-identification of any data that has been de-identified, either by us or any third party, in accordance with applicable privacy laws and regulations. 

9. Access to Device Data and Other Applications

While using our services, OpenHand Inc. does not require access to or collect data from other applications installed on your device, nor do we collect information from other device functionalities (such as cameras, microphones, or location data) unless expressly authorized by you. Any access to such device data or other applications is strictly opt-in and will only occur upon explicit consent provided by the user. In cases where such access is granted, OpenHand Inc. will only use that data as outlined in this Privacy Policy and for the purpose for which you have provided consent. We do not share or disclose any device data to third parties without your explicit consent.

10. Your Rights

You have the right to:

  • Request access to the information we hold about you.

  • Request corrections to any incorrect information.

  • Request the deletion of your data.

11. Compliance with Laws

We comply with all applicable laws, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA).

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@openhand.health.