Privacy Policy
Last updated: 2026-06-10. Version: 2026-06-10 (v3).
Service description and scope
Apellica, Inc. prepares and files administrative insurance appeals on behalf of denied policyholders. Apellica is not an insurance company, not a law firm, and not a medical provider, and does not offer insurance, legal advice, or medical advice. Apellica acts as an authorized representative under the Assignment of Benefits each customer signs at intake, and under HIPAA-compliant patient authorization. Past appeal outcomes do not predict the outcome of any individual case. The contingency fee is disclosed in writing in the engagement letter before any work begins, and again in our Terms of Service. Nothing is due at intake.
Service scope: medical-necessity denials, prior-authorization denials, formulary denials, out-of-network denials, experimental or investigational denials, and timely-filing denials, across ACA marketplace plans, employer-sponsored plans (including ERISA self-funded), Medicare Advantage, Medicare Original, and Medicaid managed care. Apellica does not accept oncology, cancer-treatment, or rare-disease claims at this time. Visitors with those denials are referred to their state Department of Insurance external-review program and to the Patient Advocate Foundation at patientadvocate.org.
In short
- We collect what we need to fight your denied insurance claim, and nothing more.
- Your health information is treated with HIPAA-grade safeguards even though we are not, by default, a HIPAA-covered entity.
- We do not sell your data, and we do not train AI models on identifiable PHI.
- You can request a copy, correction, or deletion of your data at any time by emailing privacy@apellica.com.
- We notify you of any data breach within 60 days, consistent with HIPAA section 164.404, sooner if your state law requires it.
1. Who We Are
Apellica, Inc. ("Apellica", "we", "us", "our") is a Delaware corporation operating an insurance-appeals advocacy service in the United States. Our customer-facing office is in New York, NY, United States, and our registered office is in New York, NY. We are the data controller for personal information collected on https://apellica.com and through our case-management portal at crm.apellica.com.
2. What We Collect
| Category | Examples |
|---|---|
| Identifiers | Name, email, phone, date of birth, address, state of residence. |
| Claim and insurance information | Carrier name, member ID, claim number, denial date, denial reason, plan type. |
| Protected Health Information (PHI) | EOBs, denial letters, prior-authorization records, clinical notes, lab and imaging, peer-to-peer call records, only when you authorize disclosure via the AOB. |
| Financial | Invoice, payment-method last 4, bank routing for ACH (tokenized by our payment processor; we never store full card or bank credentials). |
| Account and authentication | HMAC case-access tokens, signed-cookie session, audit log of actions. |
| Device and technical | IP address, user agent, timestamp, referrer, and pages viewed, for security and aggregate analytics only. |
| Communications | Emails to and from you, SMS (if opted in), uploaded documents, and support tickets. |
We do not knowingly collect information from anyone under 18. We do not use third-party advertising trackers, behavioral retargeting pixels, or social-media tracking scripts on the public site.
3. How We Collect It
- Directly from you, through the intake form, account signup, AOB signing, customer portal, and email or phone communications.
- From your carrier, after you authorize Apellica via the AOB (45 CFR section 164.508 HIPAA authorization), through a portal API, secure email, fax, or certified mail.
- From your healthcare providers, after you authorize the disclosure via the AOB.
- Automatically, through our hosting infrastructure (request logs and security telemetry).
We do not buy lists or scrape third-party sources to enrich your case file.
4. Why We Collect It
- To respond to your inquiry and provide a free initial denial review.
- To prepare and submit insurance appeals on your behalf under your signed AOB.
- To bill, invoice, and collect contingency fees when a recovery occurs.
- To comply with applicable law (tax, recordkeeping, regulatory reporting).
- To improve our appeal engine using aggregated, de-identified outcomes data only. We do not train AI on identifiable PHI.
- To protect the security and integrity of the service.
5. With Whom We Share It
We share your information only as needed to deliver the service, with the parties below. We require every party to handle your information consistent with this policy and applicable law, and to maintain a Business Associate Agreement where they handle PHI on our behalf.
- Your carrier and providers, to file appeals, request records, and pursue recovery, per your AOB.
- Subprocessors, as listed in Section 6 below.
- Government and regulators, only when required by law or subpoena, and only the minimum necessary.
- An acquirer, in connection with a merger or sale of substantially all assets, on prior written notice to you and subject to the same privacy commitments.
We do not sell your personal information. We do not share personal information for cross-context behavioral advertising as that term is defined under the CCPA and CPRA.
6. Subprocessors
The third parties below process personal information on our behalf in the categories shown. We maintain Business Associate Agreements (BAAs) with subprocessors that handle PHI.
| Subprocessor | Purpose | Location | PHI? | BAA |
|---|---|---|---|---|
| Supabase (Postgres and Storage) | Primary database, encrypted PHI at rest, signed AOB PDF storage | US | Yes (encrypted) | Yes (Team tier) |
| Vercel | Marketing-site edge hosting (no PHI, public pages only) | Global edge, US origin | No | N/A |
| Modal Labs | Appeal-letter generation compute (model inference) | US | Yes (transient, in-memory) | In progress |
| Resend | Transactional email delivery (signed AOB copy, status updates) | US | Yes (envelope and attachment) | Yes |
| Postal (self-hosted) | Bulk transactional email send (failover) | US (Apellica-operated VPS) | Yes | N/A (operated by Apellica) |
| Documenso (self-hosted) | E-signature for AOB, certified signed PDF storage | US (Apellica-operated VPS) | Yes (signed document) | N/A (operated by Apellica) |
| Stripe | Hosted invoice payments (ACH and card), no PHI in invoice line items | US and Canada | No | N/A (no PHI) |
| Cloudflare | DNS, WAF, DDoS mitigation | Global | In-transit only (encrypted) | Yes (Enterprise BAA available) |
Material changes to this list will be reflected here with the Last updated date. For a current programmatic list with effective dates, email privacy@apellica.com.
7. How Long We Keep It
| Category | Retention |
|---|---|
| Signed AOB and case file (PHI) | 7 years from case close (HIPAA recordkeeping standard) |
| Financial and invoice records | 7 years (IRS standard) |
| Marketing-list contacts (free review only, no engagement) | 24 months from last interaction, then deleted |
| Audit and security logs | 2 years |
| Anonymous aggregate analytics | Indefinite (no identifiers retained) |
8. How We Protect It
- Encryption in transit: TLS 1.2 or higher on every endpoint.
- Encryption at rest: AES-256-GCM via libsodium for PHI columns (email, first name, last name, and member ID), and full denial documents stored in private storage buckets. Server-side keys are held in environment-bound key material that never leaves the runtime.
- Access control: role-based, least privilege, HMAC-signed per-case customer tokens, and admin authentication with rate limiting.
- Audit log: every read and write to a case is logged with actor, IP, user agent, and timestamp.
- Workforce: confidentiality agreements with all staff, and mandatory PHI training before access.
- Security posture: aligned with the HIPAA Security Rule (45 CFR sections 164.308, 164.310, 164.312). A SOC 2 Type 1 audit is in progress.
9. Your Rights Under HIPAA (where applicable)
Where Apellica handles PHI on your behalf under a signed AOB, you have the right to:
- Access your records (45 CFR section 164.524).
- Amend incorrect records (section 164.526).
- Receive an accounting of disclosures we have made of your PHI (section 164.528).
- Request restrictions on certain uses and disclosures (section 164.522).
- Revoke your HIPAA authorization (section 164.508) at any time in writing, except to the extent we have already acted on it.
- Complain to Apellica (privacy@apellica.com) or to the HHS Office for Civil Rights without retaliation.
10. Your Rights Under State Privacy Laws
Depending on your state of residence, you may have additional rights:
- California (CCPA and CPRA): the right to know, delete, correct, opt out of sale and sharing (we do neither), limit use of sensitive personal information, and equal service without retaliation.
- Virginia (CDPA): the right to access, correct, delete, portability, and opt out of targeted advertising, sale, and profiling.
- Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, and New Jersey: rights substantially similar to the CDPA, including access, correct, delete, portability, and opt out.
- Washington (My Health My Data Act): the right to access, correct, delete, and withdraw consent for consumer health data processing. We do not sell consumer health data.
- Nevada (Consumer Health Data Privacy): the same protections as Washington in substance.
To exercise any right, email privacy@apellica.com with your name and case number. We verify identity before fulfilling a request, respond within 45 days (extendable once by 45 days with notice), and do not charge a fee unless the request is excessive. You may designate an authorized agent to act on your behalf with proof of authority. We do not discriminate against you for exercising any of these rights.
11. Children
The service is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, email privacy@apellica.com and we will delete it.
12. International Transfers
Apellica operates only in the United States and processes data exclusively in US-based facilities. We do not knowingly serve customers outside the US. If you access the service from outside the US, you do so on your own initiative and are responsible for compliance with local law.
13. Cookies and Analytics
The Apellica marketing site uses a minimal set of first-party cookies for session state and CSRF protection. We do not use third-party advertising trackers, retargeting pixels, or social-media beacons. We may use privacy-respecting product analytics (page-view counts, referrer, viewport), which are aggregated and do not identify you. The customer portal uses an HMAC-signed session cookie for authentication, set with the Secure, HttpOnly, and SameSite=Lax attributes.
14. Data Breach Notification
In the event of a breach of unsecured PHI, we will notify affected individuals without unreasonable delay and in no case later than 60 days after discovery, consistent with 45 CFR section 164.404. We will notify the HHS Secretary as required by 45 CFR section 164.408, and any state attorneys general where state law requires.
15. Connected Insurance Accounts and CMS Blue Button 2.0
If you choose to connect an insurance or Medicare account, you authorize Apellica to retrieve your claims and Explanation of Benefit records directly from that source, so we can identify denied or adjusted claims and help you appeal them. This includes the CMS Blue Button 2.0 API for Medicare Parts A, B, and D.
- Consent first. We access nothing until you log in to your insurer or Medicare and approve the connection. Your identity is verified by the payer or by Medicare.gov, and Apellica never sees your insurer or Medicare password.
- Minimum necessary. We request only the claims and benefit data needed to find denials and prepare an appeal you ask us to prepare.
- How we use it. Only to show you your denied or adjusted claims and, at your request, to prepare and file an appeal. We do not sell this data, use it for advertising, or train AI on identifiable data from it.
- Storage. Access tokens and any retrieved health data are encrypted in transit and at rest, and held on HIPAA-eligible infrastructure separate from our public website.
- Not persistently collected. We do not continuously poll your connected account. We retrieve your records only when you ask us to look for denials or work an appeal, and we do not pass record-level Blue Button data to any third party except a subprocessor strictly necessary to operate the service (see Section 6) or your carrier to file an appeal you have authorized.
- Revoke, and what happens to your data. You can disconnect a connected account and revoke our access at any time, including by removing Apellica from the connected applications in your Medicare account. When you revoke, we immediately stop retrieving any further data from that account. Data we already retrieved is kept only to support an appeal you have asked us to file. If you have no active appeal, or once an appeal concludes, we securely delete the retrieved Blue Button data. You may request immediate and complete deletion at any time, regardless of appeal status.
- Dormant or closed accounts. If you close your Apellica account, or if it stays inactive for 24 months, we disconnect any linked insurer or Medicare connection, revoke our stored access tokens, and securely delete the retrieved Blue Button data, except records we are legally required to retain for an appeal already filed.
- De-identified data. Any de-identified or aggregated outcomes data we derive is stripped of identifiers. We recognize that de-identified health data can in rare cases be re-identified, so we do not publish or share record-level de-identified data; we share only aggregate statistics that cannot reasonably identify you.
Our use of information received through the CMS Blue Button 2.0 API complies with the CMS API Terms of Service.
16. Changes to This Policy
We will post the new version here with a new Last updated date. For material changes affecting how we use already-collected information, we will email customers with an active case at least 30 days before the change takes effect, so you have time to revoke your AOB if you object.
17. Contact
- Privacy questions: privacy@apellica.com
- Legal: legal@apellica.com
- Customer support: support@apellica.com or (888) 777-6120