MediShield
100% Stateless: Data Never Leaves Your Device

Privacy Policy

Last updated: May 30, 2026

The short version: MediShield analyzes your medical bill entirely inside your own web browser. The bill details you enter — line items, charges, facility name, dates — are never uploaded to our servers. We use Google Analytics to understand site traffic, and Stripe to process the optional $5 dispute-letter payment. That's it.

1. Who we are

MediShield Auditor ("MediShield", "we", "us") operates the website at medishield.xyz. We provide a free, browser-based tool that helps people review medical bills for common billing errors and No Surprises Act violations. This policy explains what data we handle and your choices regarding it.

2. The bill data you enter stays on your device

All bill analysis happens locally in your browser using JavaScript. The information you type into the auditor — including charges, billing codes, facility names, visit dates, and insurance details — is processed on your device and is not transmitted to, stored on, or accessible by our servers.

To let you regenerate your dispute PDF after paying, a copy of your most recent audit is temporarily saved in your browser's localStorage (under the key cached_audit_session). This data never leaves your browser and is removed automatically once the PDF is generated. You can clear it anytime by clearing your browser storage.

3. Information we do collect

  • Usage & analytics data. We use Google Analytics to measure traffic and improve the site. It collects standard analytics information such as pages visited, referring site, approximate location (derived from IP address), device and browser type, and interaction events. This is collected via cookies and similar technologies.
  • Payment information. If you choose to purchase a Formal Dispute PDF ($5), payment is handled entirely by Stripe. You enter your card details on Stripe's secure checkout — we never see or store your full card number. We receive only a confirmation that payment succeeded.
  • Technical request logs. Our payment backend runs on Cloudflare Workers. Like most web infrastructure, Cloudflare may process limited technical metadata (such as IP address and request headers) to deliver and secure the service. These requests contain no medical bill data.

4. How we use information

We use the limited data we collect to operate, maintain, secure, and improve the website; to process your optional payment; and to understand aggregate usage trends. We do not sell your personal information, and we do not use your bill data for advertising.

5. Third-party services

We rely on the following processors, each governed by its own privacy policy:

6. Cookies

We use cookies set by Google Analytics to distinguish visitors and measure usage. You can block or delete cookies through your browser settings; the auditor tool will continue to work without them. Where required by law, we will ask for your consent before setting non-essential cookies.

7. Data retention

Because we don't collect your bill data, there is nothing for us to retain about your medical information. Analytics data is retained according to Google Analytics' default retention settings. Payment records are retained by Stripe as required for financial and tax compliance.

8. Your privacy rights

Depending on where you live, you may have rights under laws such as the EU/UK GDPR or the California Consumer Privacy Act (CCPA/CPRA), including the right to access, correct, delete, or port your personal data, and to opt out of its sale (we do not sell personal data). To exercise these rights, contact us using the details below.

You can opt out of Google Analytics across all sites using the Google Analytics Opt-out Browser Add-on.

9. International data transfers

Our service providers may process data in the United States and other countries. Where personal data is transferred internationally, those providers rely on recognized safeguards such as Standard Contractual Clauses.

10. Children's privacy

MediShield is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be highlighted on this page.

12. Contact

Questions about this policy or your data? Contact us at privacy@medishield.xyz.