BillGuard Privacy Policy

Effective date: 2026-04-26 · Last updated: 2026-04-26

Short version: BillGuard stores all of your case data — bills, photos, EOBs, phone call logs, denial letters, appeal records, payment history — only on your device. We have no servers and no analytics. We never see your case. We do not log into your insurance carrier on your behalf. The only network communication the app performs is with Apple's StoreKit servers to verify your subscription status.

1. Who we are

BillGuard is published by an independent iOS developer (Apple Developer Team ID ZM8LF8494F). For any privacy-related question, write to captainlongevity@gmail.com.

2. Information we do not collect

We do not collect, transmit, store on a server, sell, share, or analyze:

Your bills, providers, amounts, photos, EOBs, denial letters, or appeal documents
Your phone call logs, contact-person names, reference numbers, or promises recorded
Your insurance carrier name, policy number, group number, member ID, deductible, or out-of-pocket information
Your name, email, phone number, or any account identifier
Family member names or relationships
Device identifiers (IDFA, IDFV) for advertising or tracking purposes
Location data
Crash reports or analytics events sent to any third party

3. Information stored on your device

All case data you enter is stored locally on your iOS device using Apple's SwiftData framework. This data is included in your iCloud or iTunes device backup if you have device backup enabled. We do not have access to your device backups; only Apple does, under their published privacy terms.

4. We do not log into your insurance carrier

BillGuard does not request, store, or use your insurance carrier login credentials. The app does not connect to any insurance carrier API, portal, or claims system. All bill, EOB, denial, and payment information is entered by you (typed or photographed). This is by design — many of our users are mid-fight with the carrier they would otherwise be asked to log into.

5. We do not use AI to read your bills

The app does not run any artificial-intelligence or machine-learning model on your bills, EOBs, denial letters, or call notes. There is no OCR, no document parsing, no automatic categorization. You read the documents; you enter the values. We make no decisions about your case.

6. On-device processing (Pro features)

The following Pro features process data locally on your device only:

Dispute summary PDF is generated using Apple's PDFKit framework on-device. Bill data, photos, call log, and appeal timeline are read from local storage and written to a PDF file in your device's local share sheet. No content is transmitted off-device during generation.
App Lock uses Apple's LocalAuthentication framework. Your Face ID or Touch ID biometric data never leaves Apple's Secure Enclave; the app only receives a success or failure signal.
Deadline reminders are scheduled via Apple's UserNotifications framework and fire locally on your device. No remote push servers are involved.

7. Subscriptions and StoreKit

BillGuard offers an optional Pro subscription via Apple's StoreKit 2. When you subscribe, restore a purchase, or when the app verifies your entitlement, your device communicates directly with Apple's servers. BillGuard receives only the entitlement status (active or inactive) and a purchase identifier. We do not see your Apple ID, payment method, billing address, or transaction history. Apple's handling of subscription information is governed by Apple's Privacy Policy.

8. Permissions the app requests

Camera — only when you tap "Take photo" in the bill or EOB photo section.
Photo Library — only when you tap "Import photo".
Face ID — only after you enable App Lock in Settings (Pro).
Notifications — only after you enable a deadline reminder.

You can revoke any of these permissions at any time in iOS Settings > BillGuard.

9. Children's privacy

BillGuard is not directed to children under 13. We do not knowingly collect any information from anyone, including children. The app's age rating reflects this.

10. Data retention and deletion

Because all data is stored only on your device, you control retention completely. To delete all case data, delete the app from your device. There is no remote copy for us to delete.

11. International users

The app does not transfer your data internationally because it does not transfer your data anywhere. The app is published in English and is primarily marketed in North America.

12. Not legal, financial, medical, or insurance advice

BillGuard is a personal documentation tool. The Patient Rights guide and any in-app text about appeal deadlines, denial reasons, or insurance procedures is general information only. It is not legal, financial, medical, or insurance advice. Consult a licensed advisor for your specific case.

13. Changes to this policy

If we ever change how the app handles data — for example, if a future version adds an opt-in cloud backup feature — we will update this policy and surface the change in the app before you can use that feature. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

Privacy questions: captainlongevity@gmail.com