Privacy Policy
Last updated: March 2026
Overview
Kupu is built on the principle that your medical data belongs to you. Your documents — bills, EOBs, denial letters — live on your device, not on our servers. When analysis is needed, your data is de-identified before it ever leaves your phone. We do not sell, share, or retain your medical information.
Data Collection & Processing
When you upload a medical bill, EOB, or denial letter, Kupu de-identifies the document on your device before transmitting it to our servers. The de-identified data is analyzed against medical coding databases, NCCI bundling rules, and fee schedule benchmarks to identify potential errors. All data is encrypted in transit using TLS.
In rare cases where an action requires identified information — such as sending an appeal letter on your behalf — Kupu will request your explicit permission before transmitting any personally identifiable health data. These transactions are fully HIPAA-compliant, handled under a Business Associate Agreement (BAA), and the data is deleted from our servers once it is no longer needed to support your claim.
What We Can and Cannot See
Kupu collects anonymized, aggregate usage statistics — things like app opens, documents uploaded, letters saved — to improve the product. These statistics contain no medical detail. We cannot see your bills, your diagnoses, your charges, or any information within your documents. When our servers process a document for analysis, it arrives de-identified: we see procedure codes and charge amounts, not who you are or where you were treated.
Account Information
We collect your email address when you create an account. This is used solely for account management and product communications. You can request deletion of your account and all associated data at any time.
Third-Party Services
Kupu uses third-party services for infrastructure (hosting, analytics). These services are selected for their privacy practices and, where applicable, operate under BAAs. We do not share your medical data with advertising networks or data brokers.
Contact
For privacy-related questions or data deletion requests, contact us at privacy@kupuhealth.com.