Privacy Policy

Last updated: March 2026

This Privacy Policy describes how FoundryNX LLC, an Arizona limited liability company doing business as ClaimWon ("ClaimWon," "we," "us," or "our"), collects, uses, discloses, and protects information in connection with the ClaimWon platform (the "Platform"), including the website at claimwon.ai and the application at app.claimwon.com.

This Privacy Policy applies to all users of the Platform ("you" or "your"). For information about how we handle Protected Health Information ("PHI") specifically, please refer to our Business Associate Agreement, which governs PHI handling in accordance with HIPAA.

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, organization name, NPI number, practice address, and phone number. Used for account creation, authentication, billing, and support.

Denial Documents: Uploaded insurance denial letters containing patient PHI. Used for extraction of denial data for appeal generation.

Extracted Denial Data: Patient identifiers, payer information, claim details, billing codes, diagnosis codes, denial reason codes, and financial amounts. Used for appeal letter generation, analytics, and payer intelligence.

Appeal Outcome Data: Appeal results and recovered amounts. Used for analytics and payer intelligence improvement.

Payment Information: Handled entirely by our third-party payment processor. ClaimWon does not store credit card numbers or bank account details.

1.2 Information Collected Automatically

When you access the Platform, we may automatically collect:

  • IP address, browser type, operating system, and device identifiers;
  • Pages viewed, features used, and actions taken within the Platform;
  • Date and time of access, session duration, and referring URL;
  • Error logs and performance data.

We collect this information through server logs. We do not currently use third-party analytics cookies or tracking pixels.

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Platform, including generating appeal letters and processing denial data;
  • Authenticate users and manage account access;
  • Process payments and manage subscriptions;
  • Display appeal outcomes and analytics on your dashboard;
  • Build and maintain our centralized payer intelligence database using de-identified, aggregated data;
  • Communicate with you about your account, service updates, and support inquiries;
  • Comply with legal obligations, including HIPAA, and respond to lawful requests;
  • Detect, prevent, and address technical issues, fraud, and security threats.

3. How We Share Information

We do not sell, rent, or trade your personal information or PHI. We share information only in the following circumstances:

3.1 Subprocessors

We use third-party service providers ("Subprocessors") to operate the Platform. Each Subprocessor that handles ePHI operates under a Business Associate Agreement with ClaimWon. A current list of Subprocessors, including the categories of data each handles, is maintained at claimwon.ai/subprocessors.

3.2 Legal Requirements

We may disclose information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request. We will attempt to notify you before making such a disclosure unless prohibited by law.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

4. Data Retention

We retain different categories of data for different periods as described in our data retention schedule:

  • Account information: Retained for the duration of your account plus one (1) year after termination, unless earlier deletion is required by the BAA.
  • PHI: Retained for the duration of the BAA. Upon termination, PHI is returned or destroyed within sixty (60) days as specified in the BAA.
  • De-identified aggregate data: Retained indefinitely, as this data contains no PHI and forms the core of the Platform's intelligence.
  • Application logs: Retained in accordance with our internal log retention policy.
  • Payment records: Retained as required by applicable tax and accounting law, managed by our payment processor.

5. Data Security

We implement administrative, physical, and technical safeguards to protect your data in compliance with the HIPAA Security Rule. These include:

  • Encryption of ePHI at rest (AES-256 or equivalent) and in transit (TLS 1.2 or higher);
  • Network segmentation isolating application and data tiers from public access;
  • Unique user identification and authentication;
  • Automated audit logging and monitoring;
  • Use of HIPAA-eligible infrastructure providers operating under Business Associate Agreements;
  • Regular review and improvement of security controls.

Despite these measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using industry best practices and HIPAA-required safeguards.

6. Your Rights

6.1 HIPAA Rights

Your rights regarding PHI are governed by HIPAA and detailed in the Business Associate Agreement. These include the right to access, amend, and receive an accounting of disclosures of your patients' PHI.

6.2 Account Rights

You may:

  • Access and update your account information at any time through the Platform;
  • Request a copy of the data we hold about your organization;
  • Request deletion of your account and associated data, subject to legal retention requirements and the BAA;
  • Opt out of non-essential communications.

To exercise any of these rights, contact us at privacy@claimwon.ai.

6.3 California Residents (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise CCPA rights, contact us at privacy@claimwon.ai.

7. Children's Privacy

The Platform is not directed to individuals under 18. We do not knowingly collect personal information from children. The Platform may process denial documents that reference minor patients; such data is PHI governed by HIPAA and the BAA.

8. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

9. International Data

The Platform is hosted in the United States and is intended for use by ABA practices operating in the United States. If you access the Platform from outside the U.S., you understand that your data will be transferred to and processed in the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy at claimwon.ai/privacy and sending an email notification at least thirty (30) days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, contact us at:

FoundryNX LLC d/b/a ClaimWon
Phoenix, Arizona
Privacy inquiries: privacy@claimwon.ai
General inquiries: support@claimwon.ai
Website: claimwon.ai