HCC Buddy — Privacy Policy

Privacy Policy

Effective Date: March 1, 2026 | Last Updated: March 1, 2026

HCC Buddy ("we," "our," or "the extension") is a Chrome extension and web service. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

We collect only the minimum information necessary to operate the service:

Account information: Your email address and a hashed (encrypted) password when you register.
Chat queries: Questions you type into the coding assistant chat. These are used solely to generate a response and are logged for usage analytics. Queries that appear to contain Protected Health Information (PHI) are never logged.
Uploaded documents: PDF documents (payer guidelines, Determination of Usual care documents) you upload are processed for indexing and stored on our server. We do not accept documents containing patient-identifiable data.
Usage data: Basic usage statistics such as number of queries and tokens used, tied to your account.

2. Information We Do NOT Collect

We do not collect patient names, member IDs, dates of birth, Social Security Numbers, or any other Protected Health Information (PHI).
We do not collect browsing history or data from web pages you visit.
We do not sell, rent, or share your data with third parties for marketing purposes.
We do not use tracking cookies or third-party analytics.

3. How We Use Your Information

To authenticate your account and maintain your session.
To respond to coding questions using AI (powered by Anthropic's Claude API).
To index uploaded payer guideline documents for your personal knowledge base.
To monitor usage and maintain service reliability.

4. Third-Party Services

HCC Buddy uses the following third-party service to process chat queries:

Anthropic (Claude API): Your chat questions are sent to Anthropic's API to generate responses. Anthropic's privacy policy applies to data processed through their API. We do not send your account information or uploaded documents to Anthropic — only the text of your chat question and relevant coding context.

5. Data Storage and Security

Your account data and uploaded documents are stored on a private server.
Passwords are never stored in plain text — they are hashed using bcrypt encryption.
Access tokens expire automatically and sessions are single-device only.
We implement industry-standard security measures including rate limiting, input validation, and encrypted transport (HTTPS).

6. Data Retention

We retain your account data and uploaded documents for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at the email below.

7. Your Rights

You have the right to:

Access the data we hold about you.
Request correction of inaccurate data.
Request deletion of your account and all associated data.
Withdraw consent at any time by discontinuing use of the extension.

8. Children's Privacy

HCC Buddy is intended for use by healthcare coding professionals. We do not knowingly collect information from anyone under the age of 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the extension after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to request data deletion, please contact:

HCC Buddy
Email: privacy@hccbuddy.com
Website: hccbuddy.com