Our approach
Why We Built AppealAngle to Keep Your Records Private
This is our point of view. We built AppealAngle, so treat what follows as our perspective on a problem we think about constantly — not a neutral survey of the market. We'll be plain about what we do, what we don't do, and where the honest limits are. Our goal here is to explain a design decision that shaped the whole product: how we handle your records, and why we made privacy the first thing we solved rather than the last.
Here's the tension at the heart of any appeal tool. To help you fight a denial well, we need the two most sensitive documents you own: your denial letter and your medical records. There's no shortcut around it. A generic appeal template is nearly useless; a strong appeal answers the insurer's specific stated reason using your specific diagnosis, history, and prior treatments. That means the tool has to read the real thing. And in our conversations with people facing denials, the single biggest reason they hesitate to use any software isn't price or effort — it's that they don't want to hand their medical history to an app, or paste it into a chatbot, and lose control of where it goes.
We think that hesitation is completely reasonable. So instead of asking you to ignore it, we designed around it.
The real risk of pasting records into a general chatbot
Let's be specific about the category risk, because it's easy to wave at "privacy" without saying anything concrete. A lot of people, understandably, reach for a general-purpose AI chatbot to draft an appeal. You paste in your denial letter and a few pages of records, and ask it to write something. It often produces a reasonable-sounding draft. The problem isn't the draft — it's what you just did with your health data.
When you paste protected health information into a consumer AI tool that wasn't built for it, a few things are typically true at once:
- There's no Business Associate Agreement. A Business Associate Agreement (BAA) is the contract that legally binds a vendor to handle health data under specific safeguards and use limits. General consumer chatbots don't sign one with you, and their terms usually say as much.
- Your input may be retained. Depending on the product and settings, what you paste can be stored on the provider's systems — sometimes to review, sometimes indefinitely — rather than being discarded when you close the tab.
- It may be used to train future models. Many consumer AI terms permit using your conversations to improve or train models unless you find and flip an opt-out. Once fragments of your history are absorbed into a training set, there is no meaningful way to pull them back out.
- There's no deletion guarantee. You generally can't compel a consumer AI tool to prove your sensitive documents were actually deleted from every system they touched.
None of this means those tools are malicious. It means they weren't built to hold your medical records, and using them for that purpose puts your most sensitive data somewhere you can't govern. The U.S. Federal Trade Commission has been direct that consumer health data carries real obligations and that mishandling it has consequences (FTC, Health Privacy). That's the standard we wanted to hold ourselves to from day one.
The choices we made, stated plainly
Because we need to read your records to help, we decided the burden was on us to make that exchange as safe as we could engineer it. Here is what we do, described honestly and without embellishment:
- Encrypted in transit and at rest. Your documents are encrypted while they travel to us and while they're stored during processing, so they aren't sitting or moving in the clear.
- Processed under a Business Associate Agreement. The AI processing we rely on to read and draft happens under a BAA that contractually forbids the provider from retaining your data or using it for their own purposes — zero data retention as a contract term, not a hope.
- Never used to train AI. Your denial letter and records are not used to train or improve any AI model, ours or anyone else's. Full stop.
- Deleted after your packet is built. Once your appeal packet is assembled and yours to download, your source records are deleted. We don't want a growing archive of strangers' medical histories, and neither do you.
- Works on any device. There's nothing to install and no records living on a device you might lose. You work in the browser, on a phone or a laptop, and the sensitive material stays inside the protected flow.
That's the architecture. The point of listing it this way is that each item is a decision we can be held to, not a vibe.
The honest part: we are not a HIPAA-covered entity
Here's where a lot of consumer health tools get slippery, and we don't want to. HIPAA — the health privacy law most people have heard of — applies to "covered entities" like health plans, clearinghouses, and health-care providers, and to their business associates. AppealAngle is a direct-to-consumer tool. You come to us on your own, not through your doctor or insurer. That means we are not a HIPAA-covered entity, and we do not claim to be "HIPAA compliant." Any tool in our category that tells a consumer it's "HIPAA compliant" is, at best, using the phrase loosely.
So why adopt safeguards like a BAA and encryption if the law doesn't force us to? Because they're the right safeguards for handling records, regardless of which statute has jurisdiction. We adopt them by choice — we hold ourselves to the substance of those protections even though we sit outside the specific law that would mandate them for a hospital.
And to be clear, "not HIPAA" does not mean "no rules." Consumer health data is governed by other laws that very much apply to a company like ours:
- The FTC Act. The Federal Trade Commission treats deceptive or unfair handling of health data as an enforceable violation, and has published guidance specifically on health privacy expectations for companies outside HIPAA (FTC, Health Privacy).
- The FTC Health Breach Notification Rule. This rule requires certain companies handling personal health records to notify people if their data is breached — an obligation that reaches beyond traditional HIPAA-covered entities (FTC, Health Breach Notification Rule).
- Washington's My Health My Data Act. This state law extends strong protections to consumer health data that HIPAA doesn't cover, including requirements around consent and around not sharing or selling that data without permission (IAPP overview).
We name these not to sound impressive but because we think you deserve to know exactly which framework you're standing in when you use us. It isn't HIPAA. It's a real and growing body of consumer-health-data law, and we intend to operate well inside it.
What this means for you
Strip away the legal vocabulary and the practical promise is simple. You can give AppealAngle the documents it needs to build a genuinely useful appeal without accepting the quiet trade you'd make by pasting the same pages into a general chatbot. Your records are encrypted, handled under a contract that forbids retention and reuse, kept out of any training data, and deleted once your packet is done.
We'd rather earn trust by being specific than by using a reassuring label we haven't earned. We don't call ourselves "HIPAA compliant," we don't invent security scores, and we're not going to pretend a template can substitute for your actual medical facts. What we can tell you is the design, the reasoning behind it, and the laws we hold ourselves to — and let you decide.
Privacy wasn't a feature we bolted on at the end. It was the first constraint we designed the product around, because we didn't think anyone should have to choose between fighting a denial and protecting their own health information. Our view is that you should be able to do both.
When you're ready to build your packet: AppealAngle turns your denial letter and records into a complete appeal packet you review and file yourself — with the privacy safeguards described above.