Privacy Policy
Last updated: May 17, 2026
This Privacy Policy explains how A1cHero ("A1cHero," "we," "us") collects, uses, stores, and shares information when you use our website, calculator, waitlist, member dashboard, and related services (collectively, the "Service"). It also describes the rights you have over your information.
A1cHero is a consumer health app. We are not a healthcare provider, health plan, healthcare clearinghouse, or HIPAA business associate. HIPAA does not apply to us. Instead, we operate under the Federal Trade Commission's Section 5 authority, the FTC Health Breach Notification Rule, the California Confidential Medical Information Act (CMIA), the Washington My Health My Data Act, the Colorado Privacy Act, and analogous state laws.
1. What A1cHero Does
A1cHero helps people with diabetes find, organize, and use manufacturer cap card programs, copay savings programs, and patient assistance programs that may reduce their out-of-pocket medication costs. The Service includes a free savings calculator, an email/SMS waitlist, and (for signed-in members) a dashboard for finding programs, managing enrollments, and tracking spending against a monthly budget.
2. Information We Collect
2.1 Anonymous calculator
When you use the public savings calculator without creating an account, we collect the medications you enter, your current monthly out-of-pocket cost for each, your insurance status, and your state of residence. We do not collect your name, email, address, date of birth, or any clinical or insurance identifiers in this flow.
2.2 Waitlist sign-ups
If you join our waitlist, we collect your name, email address, and optionally a mailing address and mobile phone number. Email and phone are both optional — you may provide either, both, or neither.
2.3 Member accounts
If you create an account, we collect:
- Account info — email, name, password (stored only as a one-way hash by our identity provider), and authentication metadata.
- Health profile — diabetes type, diagnosis date, insurance status, state, ZIP code, and (optionally) your preferred pharmacy.
- Medications and costs — the medications you take, dosages, monthly quantities, and your reported monthly out-of-pocket costs.
- Enrollments — the cap card / copay / patient assistance programs you tell us you're enrolled in, plus optional handoff details for the pharmacy counter (BIN, PCN, RxGroup, Member ID), renewal dates, expected price, and notes.
- Savings card images — if you upload a copy of a savings card (PDF or image), we store the file privately and use an AI service to read the four handoff fields off the card. See Section 2.6.
- Pharmacy transactions — if you opt in to Plaid, the merchant name, amount, and date of pharmacy charges only. See Section 2.5.
- Budget — your monthly diabetes-care target and tracked spending.
2.4 Technical and device info
Our server logs (provided by Vercel) capture IP address, user agent, and request paths in the ordinary course of operating the Service. We do not run third-party advertising trackers, behavioral analytics scripts, or social-media pixels on any page that contains health-related information. We do not use Facebook Pixel, Google Analytics, Google Ads, or similar advertising tools on the member dashboard.
2.5 Plaid pharmacy transaction verification (optional)
If you opt in, A1cHero uses Plaid in read-only mode to monitor pharmacy transactions on a bank or card account you connect, solely so we can help you confirm that cap card discounts are being applied at the register. For each pharmacy transaction we filter to, we store the merchant name as reported by Plaid (e.g. "CVS Pharmacy"; when Plaid's cleaned name is unavailable, we fall back to the raw transaction descriptor), the amount, the date, Plaid's transaction identifier, and the matching/scoring metadata we derive when comparing the charge to your enrollments. When you have not yet set a preferred pharmacy and we observe a consistent pharmacy chain in your transactions, we may auto-set it on your profile and you can change it at any time. We do not store non-pharmacy transactions, account numbers, or balances. Plaid is never used to move money or initiate payments. You can disconnect Plaid at any time from your account settings; doing so revokes our token and stops further transaction sync.
2.6 Savings card images and AI extraction
When you upload an image or PDF of a savings card, we store the file in a private bucket (Google Firebase Storage) scoped to your account. Only you can view it, via short-lived signed URLs that we generate on demand. We use OpenAI's API to read the BIN, PCN, RxGroup, and Member ID off the card so you don't have to type them. We send only the file you uploaded — no account identifier or health profile context — to OpenAI. We use OpenAI's standard API terms with no model-training opt-in; OpenAI may retain inputs for up to 30 days for abuse monitoring and then deletes them. OpenAI does not train its models on your data.
You can delete the uploaded image at any time from the Manage screen. Doing so removes the file from Firebase Storage; the four handoff fields stay because you may have edited them after upload.
3. How We Use Your Information
- To operate the Service — match medications to programs, render your dashboard, generate savings estimates, send renewal reminders.
- To communicate with you — transactional email and SMS related to your account, waitlist status, product updates, and security notifications.
- To improve the Service — anonymized aggregate analysis of which programs match well, which pages are visited, and where the matching logic falls short.
- To prevent fraud and abuse, debug errors, and comply with law.
We do not sell consumer health data. We do not share your information with advertising networks or data brokers. We do not use your data to build profiles for targeted advertising, credit scoring, insurance underwriting, or employment screening.
4. Sub-Processors
We rely on the following third parties ("sub-processors") to operate the Service. Each is bound by its own terms and privacy policy and processes your data only on our behalf and only for the purposes listed below.
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Google Firebase / Google Cloud | Authentication, database (Firestore), file storage (Cloud Storage), hosting infrastructure | All member-account data, encrypted at rest |
| Vercel | Web hosting, edge network, server runtime, server logs | All HTTP requests; logs include IP, user agent, request path |
| OpenAI | Reading BIN/PCN/RxGroup/Member ID off uploaded savings card images | Only the file you upload. No training, 30-day max abuse-monitoring retention. |
| Plaid | Read-only pharmacy transaction monitoring (opt-in only) | Bank account credentials handled by Plaid; we receive pharmacy transactions only |
| Stripe | Payment processing for paid features (currently unused; gated behind feature flags) | Email, billing address, and the last four digits of card; full card details handled by Stripe |
| Resend | Transactional and product email | Email address, name, and the body of any email we send |
| Twilio | Transactional SMS (waitlist updates, launch notice) | Mobile phone number and message body, only when you have opted in |
| Sentry | Error monitoring and performance tracking | Error type and stack trace only. Identifiers, health data, request bodies, IP addresses, and cookies are stripped before any event is sent. Sentry retains data for 30 days on our plan. |
We may update this list when we add or remove a service. Material additions will be reflected here before they go live.
5. SMS / Text Messaging
If you provide a mobile phone number on our waitlist form, you opt in to transactional text messages from A1cHero relating to your waitlist signup, our product launch, and shipment of any promised welcome gift. Message frequency is low — typically 1 to 3 messages total per user. Message and data rates may apply per your mobile carrier's plan.
Reply STOP at any time to opt out; reply HELP for assistance. Your phone number and mobile opt-in data are not sold, rented, or shared with third parties for their marketing purposes under any circumstance.
6. Data Retention
- Active member account data — kept until you delete your account or otherwise request deletion.
- Anonymous calculator submissions — kept indefinitely in aggregated form for product improvement; not associated with any identified person.
- Waitlist email and phone — kept until you unsubscribe or ask us to delete them.
- Server logs (Vercel) — retained per Vercel's default retention policy (currently up to ~30 days for request logs).
- Uploaded card images — kept while the corresponding enrollment is active or until you delete the image.
- Deleted accounts — when you delete your account, we deactivate sign-in immediately, then hard-delete all health-related records (medications, expenses, enrollments, pharmacy transactions, uploaded files) within 30 days. We retain a minimal audit record (date of deletion, reason if provided) for breach-investigation and compliance purposes only.
7. Security
We encrypt your data in transit (TLS 1.2+) and at rest using Google-managed keys on Firebase. Uploaded files (such as savings card images) live in a private Storage bucket and are served only via short-lived signed URLs scoped to the requesting account; they are never publicly readable. Authentication and per-user data isolation are enforced by Firebase Security Rules. Access to production data by A1cHero personnel is limited to a small number of people and is used only for support, debugging, and security investigations.
No system is 100% secure, but we follow industry-standard practices, review our security posture regularly, and disclose breaches promptly (see Section 8). If you discover a security issue, please email john@terra-bate.com.
8. Breach Notification
We comply with the FTC Health Breach Notification Rule. If we experience a breach of unsecured identifiable health information, we will notify you and the FTC within 60 days of discovery. If 500 or more people are affected, we will also notify major media outlets. Notifications will describe what happened, what data was involved, what we have done in response, and what steps you can take.
9. Your Rights
Regardless of where you live, you can access, correct, delete, or export your information at any time. From your account, you can edit your profile, enrollments, medications, and uploaded card images directly. To request a full export or a deletion of a specific category of data, email john@terra-bate.com. We respond within 30 days.
If you live in California, the CMIA and the CCPA/CPRA give you rights to access, delete, correct, and limit how your information is used, and the right to be free from discrimination for exercising those rights. If you live in Washington, the My Health My Data Act gives you additional rights around consumer health data, including the right to withdraw consent and obtain a list of third parties with whom your data has been shared. If you live in Colorado, Connecticut, Nevada, Oregon, or Texas, you have analogous rights under your state's consumer privacy law. To exercise any of these, email john@terra-bate.com with the subject "Privacy Request."
10. Children
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, email john@terra-bate.com and we will delete it.
11. International Users
The Service is operated from and intended for use within the United States. If you access it from elsewhere, you do so on your own initiative and consent to your information being processed in the U.S.
12. Changes to this Policy
We may update this Privacy Policy. When we do, we will revise the "Last updated" date above. Material changes — particularly those adding a sub-processor, changing the categories of data we collect, or changing how we share data — will be communicated to active members by email or in-product notice before they take effect.
13. Contact
Privacy questions, requests, and complaints: john@terra-bate.com. General questions: john@terra-bate.com.