Privacy.

Audra is operated by YK Holdings LLC, a Virginia limited liability company doing business as “Audra,” which is the entity responsible for your data.

Audra treats every uploaded bill as protected health information. Files are encrypted in your browser before they leave your device. We don't sell your data and we don't share bill contents with insurers, hospitals, employers, or data brokers. You can permanently delete everything at any time.

We do use a small number of standard web analytics and advertising tools to understand which pages drive signups — described in detail under Analytics & advertising below. None of those tools receive your uploaded documents or audit findings.

This page is a working draft. A full, lawyer-reviewed Privacy Policy ships before Audra exits beta. If anything here is ambiguous, the commitment is: do the most privacy-protective thing.

• Account info. Email address, name, US state, insurance carrier, and plan type — used to tailor audits.
• Uploaded documents. Medical bills, EOBs, or related files — stored only as ciphertext.
• Audit results. Findings we generate from those documents.
• Operational signals. IP address, user agent, and a privacy-respecting browser fingerprint — used for security, rate-limiting, and detecting fraudulent multi-account abuse.
• Usage telemetry. Page views, button clicks, and conversion events (signup, purchase, subscription) — described under Analytics & advertising.
• Billing data. Stripe handles all card details; we never see your card number. We do receive transaction IDs, amounts, and subscription state.

• Sell your personal information.
• Share your uploaded bills or audit findings with insurers, hospitals, employers, or data brokers.
• Send your uploaded documents to third-party analytics or advertising vendors.
• Use your bill data to train models that affect anyone other than you.
• Run pixels or trackers inside any logged-in dashboard or audit page that displays your bill data.

Files are encrypted with AES-256-GCM in your browser. Only ciphertext reaches our storage layer (Supabase Storage). The per-file key is wrapped with a server-side master key (envelope encryption); the raw key is never persisted.

Row-Level Security is enforced on every database table — even an administrator running raw queries cannot return another user's rows.

Document text is processed transiently by Anthropic (Claude) and AWS Textract to generate your audit. Both are configured to not retain or train on data we send them. The processed text is discarded; only the structured audit findings are stored against your account.

On marketing pages (the homepage, pricing, blog, etc.) and at a few conversion moments (signup, purchase, subscription start) we use the following services to measure which traffic sources lead to signups. No uploaded bill, audit finding, or PHI is ever sent to any of them.

• Google Analytics 4 — page views and conversion events.
• Meta Pixel & Conversions API — attribution for Facebook / Instagram ads.
• TikTok Pixel & Events API — attribution for TikTok ads.
• LinkedIn Insight Tag — attribution for LinkedIn ads.
• Hotjar — anonymized heatmaps of marketing pages. Hotjar is configured to mask all text on logged-in pages.
• Vercel Analytics & Speed Insights — first-party page-load timing and Core Web Vitals. No cookies, no personal data.
• Sentry — error monitoring and session replays of pages where an uncaught error occurred. All text is masked and media is blocked in replays.

When we send a conversion event server-to-server (e.g. to Meta CAPI), we send hashed versions of your email address and a transaction ID — never the bill, never the audit.

Your choice. Most browsers offer a built-in tracker blocker (Brave Shield, Safari Intelligent Tracking Prevention, Firefox Enhanced Tracking). Those will block the browser pixels above and we'll respect that signal. You can also enable Global Privacy Control to broadcast a Do-Not-Sell / Do-Not-Track signal — we honor it as an opt-out request under CCPA/CPRA.

We use the smallest possible set of cookies:

• Session cookies — required to keep you signed in. Set by Supabase Auth.
• Stripe cookies — fraud prevention on the checkout page only.
• Analytics cookies — set by the vendors listed above. These are not used on logged-in pages.

We do not run third-party advertising cookies inside the authenticated app. If you delete cookies, your session will be reset.

We send three types of email: (1) transactional (sign-in links, audit-complete notifications, billing receipts), (2) product updates we think you'll find useful, and (3) occasional promotional emails.

Every marketing or promotional email includes a one-click unsubscribe link in the footer plus a List-Unsubscribe header so any modern mail client can opt you out with one tap. We comply with the US CAN-SPAM Act and process unsubscribes within ten business days (usually within minutes).

Transactional email cannot be opted out of without deleting your account, since it's required to operate the service.

We rely on the following vendors to operate Audra. Each has a signed Data Processing Agreement (or equivalent) with us:

• Vercel — hosting + edge runtime.
• Supabase — Postgres database, authentication, encrypted object storage.
• Anthropic — Claude model used to analyze bills. Configured for zero data retention.
• AWS — Textract OCR for image-based bills (HIPAA-eligible service, under our AWS BAA when applicable).
• Stripe — payment processing.
• Resend — transactional and marketing email delivery.
• Cloudflare — DNS, DDoS protection, edge caching for marketing pages.
• Sentry — error monitoring (text masked, media blocked in replays).
• FingerprintJS — privacy-respecting browser fingerprint for anti-fraud.

Bills & audits are kept until you delete them or delete your account.

Account deletion is soft-deleted for 30 days (so accidental deletes can be recovered by emailing us), then hard-deleted. Backup snapshots are purged within 90 days.

Aggregated, de-identified usage data (e.g. “X% of users found at least one billing error”) may be retained indefinitely. It cannot be linked back to you.

From Settings → Data, you can export all of your data as a zip or permanently delete your account. Deletion is hard-delete after a 30-day grace period. You can also request deletion by emailing [email protected].

California (CCPA/CPRA), Virginia, Colorado, and similar state laws: you have the right to (a) know what we collect, (b) access or export it, (c) correct it, (d) delete it, and (e) opt out of any sale or sharing. We don't sell data, but we honor opt-out requests for analytics/advertising the same way. To exercise any of these, email the address above. We respond within 45 days.

EU / UK residents: Audra is a US service. We don't market in the EU/UK, but if you reach us from there, you have the same rights under GDPR and we honor them.

If we make material changes, we'll update the “last updated” date at the top and (for non-trivial changes) email registered users at least 14 days before the change takes effect.

Questions, complaints, or data requests: [email protected].