Privacy Policy

Effective Date: June 11, 2026

THE SHORT VERSION

Solomon Copilot does not keep your medical bills, and nothing we store is tied to your name. We do not maintain user accounts. Your bill is processed and automatically deleted within minutes; what remains on our servers is anonymous and time-limited. The policy below explains exactly what we keep, why, and for how long — with specific retention periods that are enforced automatically.

Contents
  1. Introduction
  2. What We Do Not Store
  3. What We Do Store, Briefly
  4. Third-Party Processors
  5. Storage on Your Device
  6. How We Use Data
  7. Sharing & Disclosure
  8. California Privacy Rights
  9. Children's Privacy
  10. Security
  11. Changes to This Policy
  12. Contact

1. Introduction

Solomon Copilot™ ("we," "us," or "our") operates a medical bill analysis service at solomoncopilot.com (the "Service"). This Privacy Policy explains what information we collect, what we do with it, what we deliberately choose NOT to collect, and what rights you have.

This policy is meant to be read. We have tried to write it plainly. If something is unclear, contact us and we will explain.

2. What We Do Not Store

The following information is never retained on our servers:

Your uploaded bill itself (PDF, photo, EOB, or statement) is held only transiently while your analysis runs: it is written to a temporary processing record, and that record is automatically wiped the moment the analysis completes or fails — minutes, not days. Bills are never retained after processing.

We do not maintain any history connected to you. Analysis results are stored without names, accounts, or contact information (see Sections 3.1 and 3.5 for what is kept, anonymously and for how long). A returning user is functionally indistinguishable from a new user from our system's perspective. This is by deliberate design, not a feature gap.

3. What We Do Store, Briefly

To operate the Service safely and prevent abuse, we keep limited information that is intentionally minimal and never personally identifies you:

3.1 Stripe Payment Session Identifiers

When you pay for an analysis, we record the Stripe Checkout session ID, the payment status, the timestamp, and the amount paid. We use this to verify your payment server-side and to enforce that each payment corresponds to one analysis. We do not store your name, billing address, or any other information Stripe collects from you during checkout. Stripe handles all payment information directly (see Section 4).

Each analysis you run creates a job record that holds the analysis output and, for paid analyses, the Stripe session identifier, so that you can return and re-access your report. Job records are automatically deleted after 30 days. After that, no connection of any kind exists between a payment and an analysis on our systems.

3.2 Hashed IP Addresses

We compute a one-way cryptographic hash (SHA-256) of your IP address combined with a secret salt, and store the hash temporarily for rate-limiting and abuse detection. The hash cannot be reversed to recover your IP address. Hashes are automatically deleted within 48 hours.

3.3 Anonymous Outcome Data (Optional)

If you voluntarily submit an outcome report through our "Pay it Forward" feature after winning a dispute, we record only the win category, plan type, U.S. state, and savings range. No identifying information is collected. This data helps us show aggregate impact and improve the Service.

3.4 General Technical Information

3.5 Anonymous Cached Analyses

To return instant results when an identical bill is analyzed more than once, we cache analysis output (the findings, benchmark comparisons, and generated dispute letter text) keyed by a one-way cryptographic fingerprint (SHA-256) of the bill file — not by you. The cache contains no name, account, contact information, or IP address, and cannot be searched by person. Cached analyses are automatically deleted after 6 months.

3.6 Pay It Forward Wall (Consent-Based)

If you make a Pay It Forward purchase, you may optionally submit a display name and short message for our public recognition wall. This is the only place we store a name, it happens only if you type one in, and it is shown publicly only after our review. The name is associated with the purchase's payment session identifier solely to verify it belongs to a real Pay It Forward purchase. You may request removal of your wall entry at any time using the contact methods in Section 12, and we will remove it promptly.

4. Third-Party Processors

Operating the Service requires us to work with a small number of trusted third-party providers. We have selected each based on their data protection commitments.

4.1 Payment Processing — Stripe

All payments are processed by Stripe. We do not see, handle, or store your credit card number, CVV, or billing details. Stripe collects this information directly and handles it under their privacy policy and PCI compliance. You can review Stripe's privacy policy at stripe.com/privacy.

Stripe's checkout form also collects your email address and billing address directly from you during payment. This information is stored by Stripe under their privacy policy and is not retained on Solomon's servers.

4.2 AI Analysis

To perform the actual analysis of your bill, we send the bill contents to a third-party AI provider whose service we have selected based on strong privacy and security commitments. Under our agreement with this provider:

If you would prefer that your bill not be sent to a third-party AI provider at all, please do not use the Service.

4.3 Infrastructure Providers

We rely on standard cloud infrastructure providers for hosting, content delivery, database operations, and analytics. All providers are bound by their published privacy and security policies. Your bill contents pass through this infrastructure only for the duration of processing and are automatically deleted within minutes (see Section 2).

4.4 Analytics

We use Google Analytics 4 to understand aggregate Service usage (page views, navigation patterns, general traffic). Google Analytics is configured to anonymize IP addresses where possible. You can opt out of Google Analytics tracking using the Google Analytics opt-out browser add-on.

5. Storage on Your Device

During the course of a single session, the Service may temporarily store small amounts of data in your browser's local storage on your device. This data does not leave your device and is not transmitted to us or to any third party.

5.1 Bill Cache During Checkout

When you upload a bill and proceed to payment, your bill is temporarily stored in your browser's local storage on your device. This allows the analysis to resume automatically after you return from the payment page, so you do not have to re-upload the same file. The stored bill is automatically deleted from your device after the analysis completes, or after 10 minutes if the session is abandoned.

5.2 Promo Code Memory

If you enter a valid promo code, we may store it in your browser's local storage so you do not have to enter it again. You can clear this at any time through your browser's settings.

5.3 Standard Cookies

The Service uses standard browser cookies for session management and analytics (see Section 4.4). You can manage cookies through your browser's privacy settings.

6. How We Use Data

The limited information we collect is used solely to:

We do not use your information to advertise to you, profile you, or sell anything to third parties.

7. Sharing & Disclosure

We do not sell, rent, lease, or otherwise share your personal information with third parties for marketing purposes. We do not have a data-broker relationship with anyone.

We may disclose information when:

8. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

Because we do not store personally identifying information in connection with your bill analyses, most "right to delete" requests will be a no-op — we do not have data tied to you to delete. The exception is the Pay It Forward Wall (Section 3.6): if you submitted a display name, you may request its removal at any time. We do not sell personal information.

To exercise your rights, contact us using the methods in Section 12.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take prompt action to remove it.

10. Security

We use industry-standard security measures to protect the limited data we do store:

No system can guarantee absolute security. Our architecture is designed to minimize the data we hold, so that even in the unlikely event of a breach, the information at risk is minimal.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this page and, where appropriate, provide additional notice on the Service. Continued use of the Service after a policy update constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or to exercise any privacy rights described above:

We aim to respond within 30 days.