Privacy Policy

Effective Date: June 11, 2026

1. Introduction

Settle, operated by Bewaji Healthcare Solutions (“BHS”), is built for healthcare revenue cycle operations. We handle billing records, insurance data, and payment information on behalf of independent clinics. This Privacy Policy describes what information we collect, how we use it, who we share it with, and the protections we have in place to keep it secure.

We take these obligations seriously. We do not sell your data. We do not use patient information for advertising. And we have put specific contractual and technical controls in place for every third-party service that touches the data in our platform.

2. Information We Collect

We collect the following categories of information:

Account Information

Name, email address, clinic name, and role for each user account registered on the Platform. This is used to authenticate users and manage access within your clinic.

Clinical and Billing Data

Patient names, dates of service, diagnosis and procedure codes, insurance information, claim details, payment records, and EOB documents uploaded by your clinic. This data is entered or uploaded by your clinic and is processed solely to provide the revenue operations services described in our Terms and Conditions.

Usage and Log Data

IP addresses, browser type, pages accessed, timestamps, and action logs within the Platform. This data is used for security monitoring, audit trail maintenance, and platform reliability.

3. How We Use Your Information

We use the information collected to:

  • Operate, maintain, and improve the Platform
  • Display and process billing, claims, and payment data as directed by your clinic
  • Send operational communications such as task reminders and follow-up notifications
  • Maintain audit logs of actions taken within your clinic's account
  • Monitor for security incidents and enforce our Terms and Conditions
  • Respond to support requests and account inquiries

We do not sell your data to any third party. We do not use patient data for advertising, marketing, or any purpose unrelated to providing the Platform services.

4. AI Processing and OpenAI

Certain features of the Platform use artificial intelligence to assist with tasks including EOB data extraction, billing import column mapping, and payment matching. This AI processing is powered by OpenAI. We have put the following protections in place:

Zero Data Retention

We have configured our OpenAI integration with zero data retention. Data submitted to OpenAI through our API integration is not stored by OpenAI beyond the duration of the immediate API call. OpenAI does not retain, log, or train on any data processed through our integration.

Business Associate Agreement

We have executed a Business Associate Agreement (BAA) with OpenAI. This agreement establishes the legal obligations and data handling requirements under HIPAA for any Protected Health Information (PHI) that may be included in documents processed through our AI features.

5. Authentication

User authentication on the Platform is handled through Firebase Authentication, a service provided by Google. Firebase Authentication manages the secure sign-in process and session tokens. Your login credentials are not stored by BHS directly — they are managed by Firebase in accordance with Google's security practices.

6. Data Storage and Security

All data transmitted to and from the Platform is encrypted in transit using TLS. Data at rest is encrypted at the storage layer. Access to clinic data within the Platform is governed by role-based access controls, ensuring each user can only access records appropriate to their assigned role. We maintain security controls aligned with HIPAA requirements, including access logging, audit trails, and data segregation between clinics.

7. Data Sharing

We do not share your clinic's data or patient information with third parties except in the following circumstances:

  • Service providers who assist in operating the Platform, such as cloud infrastructure and database services, each bound by appropriate data processing agreements
  • OpenAI, as described in Section 4, under a BAA with zero data retention enabled
  • Firebase / Google, for user authentication as described in Section 5
  • Legal or regulatory authorities, if required by law, court order, or to protect the rights and safety of BHS or others

8. Data Retention

We retain clinic account information and associated billing and patient data for the duration of your active subscription. Following cancellation or termination, we retain data for a reasonable period to support account recovery requests and to meet applicable compliance obligations, after which it is deleted. You may request earlier deletion of your data by contacting us.

9. Your Rights

You may request access to, correction of, or deletion of your personal account information by contacting us at contact@yoursettleapp.com. Requests relating to patient records maintained in the Platform should be directed to the clinic that entered that data, as they are the data controller for those records.

10. HIPAA

Settle is designed for use in healthcare revenue cycle contexts and is built with HIPAA compliance in mind. If your clinic is a Covered Entity or Business Associate under HIPAA and you require a Business Associate Agreement with BHS, please contact us at contact@yoursettleapp.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised policy on this page with an updated effective date. We encourage you to review this page periodically. Continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

12. Contact

For privacy-related questions, data requests, or to report a concern, contact us at contact@yoursettleapp.com.