Privacy Policy

Last updated: 2026-05-29

BID Partners LLC ("we") operates PriceTransparency.io. This policy explains what we collect, how we use it, and what choices you have. The Service primarily surfaces public-record data published by U.S. hospitals under the federal Hospital Price Transparency rule; the personal data we collect is limited and tied to operating the Service.

1. What we collect

Account data — your name, work email, and organization when you sign up. Billing data is processed by Stripe; we receive only the last four digits of your card and the subscription or order state. Usage data — pages you visit, searches and comparisons you run, exports and reports you download, and the device/browser metadata your browser sends. AI prompts — text you submit to the AI Query Builder, along with the structured query that gets returned.

2. What we don't collect

We don't buy or rent personal data from data brokers. We don't target ads. We don't set cookies for cross-site tracking. The pricing data in the Service is sourced from hospitals' own federally-mandated machine-readable files about facility rates — it is not personal patient data and contains no individual health records.

3. How we use what we collect

To operate the Service (authenticate you, deliver exports and reports, bill subscriptions and orders), to improve the Service (aggregate analytics, debug, model quality), to communicate with you about your account, and to comply with legal obligations.

4. Sharing

We share with infrastructure providers strictly to run the Service — Stripe (billing), Supabase (database hosting), Vercel (web hosting), and our AI provider for the AI Query Builder. We do not sell personal data. We may disclose information when required by law or to protect rights and safety.

5. Retention

Account data persists while your account is open. Billing records are retained for tax and audit periods (typically 7 years). Usage logs are retained for up to 24 months. AI prompts may be retained for service operation and quality improvement; you can request deletion of your prompt history at any time.

6. Your rights

You can access, correct, or delete your account data via the account settings or by emailing us. If you're in the EU, UK, or California, you have additional rights under GDPR, UK-GDPR, or CCPA respectively — including the right to data portability and to lodge a complaint with a supervisory authority.

7. Security

We use HTTPS everywhere, encryption at rest for database fields, and least-privilege access for staff. No system is perfectly secure; we'll notify affected users without undue delay if a breach affects their personal data.

8. Children

The Service is not directed at children under 13. If we learn we've collected data from a child under 13, we'll delete it.

9. International transfers

Our infrastructure runs primarily in the United States. If you're accessing from outside the U.S., you understand your data may be processed in the U.S.

10. Changes

We may update this policy. Material changes will be announced on the site and emailed to subscribers.

11. Contact

Questions or requests: help@healthparse.io.