KarvBill

Your Data Security is Our Priority

We employ industry-standard security practices to protect your sensitive medical billing information.

Encryption & Data Protection

In-Transit Encryption

All data transmitted between your browser and our servers is protected using TLS 1.3 encryption, the latest and most secure transport layer security protocol.

At-Rest Encryption

Your analyzed bills are stored in encrypted databases. All sensitive data is encrypted using industry-standard encryption algorithms before being stored.

Document Processing

Medical bills are processed using secure AWS Textract services, which maintain strict security and compliance standards. Documents are processed in secure, isolated environments.

Data Retention Policy

We believe in giving you control over your data:

  • Storage Location: AWS US-East-1 (Virginia) region with data residency controls
  • Retention Period: Analysis results stored indefinitely until you delete them
  • Your Control: Delete your data anytime using the "Delete My Bill & Data" button on results
  • What Gets Deleted: Bill analysis, uploaded images, line item edits, and flag responses
  • Anonymous Feedback: If you mark flags as correct/incorrect, anonymized patterns may be retained to improve accuracy
  • No Selling: We never sell, rent, or share your data with third parties for marketing

Who Has Access to Your Data

  • Automated Systems Only: Bill analysis is performed by AI/ML algorithms with no human review
  • Support Access: Customer support can access your data only if you explicitly request help
  • No Third-Party Sharing: Your data is never shared with insurance companies, providers, or data brokers
Compliance & Standards

HIPAA Readiness

While KarvBill is currently in beta, we are designed with HIPAA compliance principles in mind. We implement security measures and data handling practices that align with healthcare data protection requirements.

PHI Handling Procedures

Protected Health Information (PHI) is handled with the utmost care. We minimize data collection to only what is necessary for bill analysis, and implement strict access controls to ensure only authorized systems can process your data.

Security Practices

Regular Security Audits

We conduct regular security assessments and audits to identify and address potential vulnerabilities.

Minimal Data Collection

We only collect and store the minimum amount of data necessary to provide our bill analysis service.

Access Controls

Strict access controls ensure that only authorized personnel and systems can access your data, and only when necessary.

Secure Infrastructure

Our infrastructure is built on trusted cloud platforms with robust security measures and compliance certifications.

Questions About Security?

If you have any questions about how we protect your data, please reach out through our feedback form.