SuperbilledSuperbilled
Get started free

Privacy Policy

Last updated: March 2026

Who We Are

Superbilled is a HIPAA-compliant superbill generator operated by Superbilled, Inc. For privacy inquiries, contact us at privacy@superbilled.com.

Information We Collect

  • Provider account info — name, email, NPI, EIN, and license number.
  • Client PHI entered by the provider — client name, date of birth, and insurance ID.
  • Session data — CPT codes, ICD-10 codes, session dates, and fees.

How We Use Your Information

  • To generate and store superbill PDFs on your behalf.
  • To send superbills by email when you request it.
  • We do not sell your data. We do not use PHI for training AI models.

Data Storage and Security

All data is stored on Supabase with AES-256 encryption at rest and TLS in transit. We maintain a Business Associate Agreement (BAA) as required by HIPAA.

Data Retention

  • Provider account data is retained for the life of your account.
  • PHI is retained for 6 years per HIPAA requirements, then permanently deleted.

Third-Party Services

  • Supabase — database and file storage.
  • Stripe — billing (no PHI is shared).
  • Resend — transactional email delivery.
  • Vercel — application hosting.

Contact

For privacy-related questions, email us at privacy@superbilled.com.