Submit Shield

Submit Shield Privacy Policy

Last updated: April 18, 2026

This Privacy Policy explains how Moise Mickerlin Medina LLC, a Florida limited liability company (Document No. L18000289509) doing business as Submit Shield ("Submit Shield," "Company," "we," "us"), collects, uses, and shares information when you visit our websites at submitshield.health and app.submitshield.health, use our API, or install our Python SDK (collectively, the "Service").

This policy is written to be short and plain. If anything is unclear, email privacy@submitshield.health.

1. Who this policy covers

This policy applies to:

  • Individuals who visit our marketing website.
  • Customers who create an account and use the Service.
  • Developers who call our API or install the submitshield Python SDK.

This policy does not cover Protected Health Information ("PHI") processed under a signed Business Associate Agreement — that is governed separately by your BAA with Submit Shield and by HIPAA.

2. What we collect

2.1 Information you give us

  • Account information: name, email address, organization name, and an auto-generated API key.
  • Billing information (if applicable): collected and processed by our payment processor. Submit Shield does not store full payment card numbers.
  • Support correspondence: the content of emails and messages you send us.

2.2 Information we receive when you use the Service

  • De-identified claim data. When you use the Service in default (Safe Harbor) mode, our servers receive claim data after patient identifiers have been scrubbed in your browser or by the SDK on your machine. This data is de-identified under 45 C.F.R. §164.514(b)(2).
  • Usage metadata: API endpoint, timestamp, HTTP status, response latency, source IP, user agent, and counts such as "claims validated today."
  • Validation results: the verdict for each claim (READY / NEEDS FIX / BLOCKED) and the rule identifiers that fired.
  • Cookies and similar technologies on our marketing site and dashboard — used for authentication and basic analytics. We do not use third-party advertising cookies.

2.3 Information we specifically do NOT collect (default mode)

  • Patient names (replaced with REDACTED in your browser).
  • Full dates of birth (reduced to year only, e.g. 1985-01-01).
  • Raw member IDs (replaced with a deterministic HMAC pseudonym using your account secret — we cannot reverse it).
  • Street addresses, ZIP codes below state level, phone numbers, email addresses, SSNs, or free-text notes.

2.4 BAA-mode customers

If you have a signed BAA with Submit Shield and have enabled BAA mode, our servers may receive raw PHI. That information is governed by your BAA and by HIPAA, not by this policy.

3. How we use information

We use the information we collect to:

  1. Operate the Service — run validation rules, return verdicts, power the dashboard.
  2. Authenticate your account and protect it from abuse.
  3. Send operational emails — welcome messages, API key notifications, security alerts, billing confirmations.
  4. Troubleshoot errors and improve the Service, including refining validation rules and fixing bugs.
  5. Comply with legal obligations.

We do not sell your information to anyone. We do not use your de-identified claim data to train models for third parties.

4. How we share information

We share information only with the following categories of service providers, each of which is contractually obligated to use the information only to provide their service to us:

VendorRoleData sharedBAA status
Fly.ioApplication hosting, Postgres databaseAccount data + de-identified claim data (PHI under BAA mode only)BAA via Fly.io HIPAA tier
Tigris (via Fly.io)Object storage for rule packsInternal rule packs; no customer-identifying PHICovered under Fly.io HIPAA tier
VercelStatic hosting for the dashboard and marketing siteNo PHI — dashboard runs in your browser and calls our API directlyNot required (no PHI transits)
CloudflareDNS and email routingRouting metadata onlyNot required
SendGrid (Twilio)Transactional email (welcome, key rotation, usage alerts)Email address + email subject/body — never PHINot required; emails contain no PHI

We may also disclose information:

  • To comply with a valid legal request (subpoena, court order, law enforcement).
  • To protect our rights, property, or safety, or that of our customers or the public.
  • In connection with a merger, acquisition, or sale of assets, subject to the same commitments in this policy.

5. How we protect information

  • In transit: TLS 1.2 or higher on all API endpoints and database connections.
  • At rest: AES-256 volume encryption on storage. Postgres Row-Level Security isolates customer data at the database level.
  • Access controls: API keys are stored hashed (SHA-256). Access is scope-based and audit-logged.
  • Browser-side de-identification: in default mode, PHI is scrubbed on your device before transmission — we cannot leak what we never receive.
  • PHI guard: server-side middleware rejects submissions containing raw PHI on accounts without an active BAA.

No system is perfectly secure. We report material breaches involving your data promptly and as required by applicable law.

6. How long we keep information

  • Account information: for as long as your account is active, plus up to ninety (90) days after closure for backup and audit purposes.
  • De-identified claim data and verdicts: retained while your account is active to power history, duplicate detection, and frequency-limit rules. You may request deletion at any time via privacy@submitshield.health; deletion is completed within thirty (30) days.
  • Operational logs: retained for up to two (2) years for security and debugging purposes.
  • Billing records: retained for seven (7) years to meet tax and accounting obligations.
  • PHI under BAA: retention is governed by your BAA.

7. Your rights

Depending on where you are located, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Export your data in a portable format (your validation history is available via the dashboard and API).
  • Withdraw consent for marketing communications at any time.

Email privacy@submitshield.health to exercise any of these rights. We will respond within thirty (30) days.

8. Children

The Service is intended for healthcare organizations, not individuals, and is not directed at children. We do not knowingly collect personal information from children under 13. If you believe we have, email us and we will delete it.

9. International users

Submit Shield is operated from the United States and is intended for customers in the United States. If you access the Service from outside the U.S., you acknowledge that your information will be processed in the U.S.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated to active customers by email at least thirty (30) days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

11. Governing law and disputes

This Policy is governed by the laws of the State of Florida, without regard to its conflict-of-laws principles. Any dispute arising out of or relating to this Policy is subject to the dispute-resolution procedure set forth in our Terms of Service, Section 15 — including pre-suit notice, mandatory mediation and binding arbitration in Palm Beach County, Florida, waiver of class actions and jury trial, and the shortened one-year limitations period.

12. Contact us

Questions, requests, or complaints:

Moise Mickerlin Medina LLC, d/b/a Submit Shield Attn: Privacy Florida LLC, Document No. L18000289509 Email: privacy@submitshield.health Web: submitshield.health