Privacy Policy
This policy describes what data Veridax collects, how it is used and stored, who it is shared with, and the rights you have over it. It applies to the Veridax web app at veridax.ai and the Veridax Chrome extension.
What data is collected
Veridax collects the clinical note text that you paste into the Veridax web app or the Veridax Chrome extension. That text is used to generate a Medicare LCD compliance audit or an insurance appeal letter, and is discarded immediately after the response is returned.
No Protected Health Information (PHI) is collected. Before any clinical text leaves your browser, structured identifiers are scrubbed locally on your device by JavaScript — specifically:
- Patient and provider names
- Dates of birth (DOBs)
- Medical Record Numbers (MRNs)
- Social Security Numbers (SSNs)
- Insurance IDs and policy numbers
- Phone numbers
- Street addresses
- National Provider Identifiers (NPIs)
Each match is replaced with a type token ([NAME], [DOB], [MRN], etc.) before the text is transmitted, so the downstream model retains note structure without seeing any identifying data.
If you create an account, the authentication provider (Clerk) stores your email address and sign-in credential. If you subscribe, the payment processor (Stripe) receives the payment details you enter at checkout — Veridax itself never sees or stores credit card numbers or bank account numbers.
How data is used
Scrubbed clinical text is transmitted over TLS to the Anthropic Claude API to generate one of two outputs:
- A structured compliance audit against the selected 2026 Medicare Local Coverage Determination (LCD), or
- An insurance appeal letter responding to a stated denial reason.
The response is returned to your browser and displayed to you. Scrubbed text is used solely for the purpose of providing the audit or appeal-generation service you requested. It is not used for advertising, analytics, profiling, marketing, or training AI models.
How data is stored
No patient health information is stored anywhere at any time. Clinical notes submitted for audit or appeal generation are processed in-memory by a single serverless function invocation and discarded the moment the response is returned. Veridax has no patient database, no note archive, and no backup copies of submitted clinical text.
Appeal outcome tracking data — payer name (Medicare, UHC, BCBS, Cigna, or Aetna), outcome status (won, denied, or pending), your optional free-text notes, the first 200 characters of the already-scrubbed denial reason, a timestamp, and the word count of the generated letter — is stored only locally in your own browser via chrome.storage.local. This data never leaves your device and is never transmitted to Veridax servers.
Web-app local storage (saved drafts, free-tier audit counter, and the signed access token you receive after payment) is stored in your browser's localStorage for the domain veridax.ai. This is also local-only.
Account records are retained by Clerk. Billing records are retained by Stripe. Standard request metadata (IP address, user agent, timestamp, response status) is logged by our hosting provider, Netlify, for reliability and abuse prevention. None of these logs contain the contents of your clinical notes.
Who data is shared with
Scrubbed clinical text is shared with one party only: Anthropic, for text analysis via the Claude API. Anthropic's API terms prohibit using API inputs to train its models.
Limited non-clinical information is handled by service processors strictly to operate the service:
- Stripe — payment processing
- Clerk — user authentication
- Netlify — hosting and serverless function execution
These processors do not receive clinical note content.
Veridax does not share your data with any other third parties. Veridax does not sell your data to anyone, ever. There is no advertising network, no analytics broker, no data resale, and no marketing partner.
Your rights
You can clear all locally stored Veridax data at any time:
Uninstall the Chrome extension — removes all chrome.storage.local data (appeal outcome history, license key, saved extension state).
Clear your browser storage for veridax.ai — removes all localStorage data (drafts, audit counters, access tokens).
Delete your account — email the address below to request deletion of account records (Clerk) and billing records (Stripe).
Because Veridax does not store clinical notes on its servers, there is no stored clinical content for us to return, correct, or delete on request — it was discarded at the moment of processing.
Contact
For privacy questions, to exercise any of the rights above, or to report a concern, email oscar@veridax.ai.