Privacy Policy

This Privacy Policy describes how Rette Corp. (“Company,” “we,” “us,” or “our”) collects, uses, and protects information when you use policy.rette.ai (the “Service”).

1. Information We Collect

1.1 Information You Provide

The Service does not require account creation, login, or registration. When using the Service, you may input CPT/HCPCS codes and payer names to receive policy lookup results. These inputs do not constitute protected health information (PHI) or personally identifiable information (PII) as they contain no patient-identifying data.

1.2 Automatically Collected Information

When you access the Service, we may automatically collect certain technical information, including:

• IP address (anonymized for analytics)
• Browser type and version
• Device type and operating system
• Pages visited and features used
• Date and time of access
• Referring URL
• Approximate geographic location (city/country level, derived from IP)

1.3 Analytics

We use PostHog and similar analytics tools to understand how the Service is used, improve functionality, and monitor performance. Analytics data is aggregated and does not identify individual users.

2. Information We Do NOT Collect

The Service is specifically designed to avoid collecting:

• Protected Health Information (PHI) as defined under HIPAA
• Patient names, dates of birth, Social Security numbers, or medical record numbers
• Personal email addresses, phone numbers, or mailing addresses (unless you voluntarily contact us)
• Payment or financial information (the Service is free)
• Login credentials or passwords (no accounts required)

3. How We Use Information

We use the information we collect to:

• Provide and operate the Service
• Analyze usage patterns to improve the Service
• Monitor for abuse, fraud, or technical issues
• Respond to inquiries submitted to our contact email
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell, rent, or trade your information. We may share information only in the following circumstances:

• Service Providers: Third-party analytics and infrastructure providers that assist in operating the Service, subject to confidentiality obligations.
• Legal Requirements: When required by law, court order, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.
• Safety: To protect the rights, safety, or property of the Company, our users, or the public.

5. Cookies and Tracking Technologies

The Service may use cookies and similar technologies for analytics and functionality purposes. These are limited to:

• Essential cookies: Required for the Service to function properly.
• Analytics cookies: Used to understand usage patterns (e.g., PostHog). These do not track you across other websites.

You can control cookies through your browser settings. Disabling cookies may affect Service functionality.

6. Data Retention

Query inputs (CPT codes and payer selections) may be retained in server logs for up to 90 days for performance monitoring and service improvement, after which they are automatically deleted. Aggregated, non-identifiable analytics data may be retained indefinitely.

7. Data Security

We implement industry-standard security measures to protect information, including encryption in transit (TLS/SSL), secure cloud infrastructure, and access controls. While we implement commercially reasonable security measures, no method of transmission over the Internet or electronic storage is completely secure. Accordingly, we cannot guarantee the absolute security of any information transmitted to or stored by the Service.

8. HIPAA Compliance

The Service does not collect, store, process, or transmit PHI. The Service is designed as a reference tool that operates on non-identifiable billing codes and payer names. As such, the Company does not act as a Business Associate under HIPAA and does not execute Business Associate Agreements for the use of this Service. Users are strictly prohibited from submitting any Protected Health Information (PHI) or patient-identifying data into the Service. Users are responsible for ensuring they do not input PHI into the Service.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect information from minors. If we become aware that we have collected information from a minor, we will take steps to delete such information.

10. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. As noted above, we do not sell personal information. To exercise any rights, contact us at the email below.

11. International Users

The Service is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to such transfer and processing.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time at our sole discretion. Changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, contact us at: info@rette.ai

Rette Corp.
320 High Street, Palo Alto, California 94301