← Back to Helen

Privacy Policy

For Helen LLC · Effective March 13, 2026

The short version: Helen is designed to be stateless. We do not store your insurance card images, the information extracted from them, or any personal information. Your data exists only during your active session and is deleted when your session ends.

1. Introduction

For Helen LLC (“Helen,” “we,” “us,” or “our”) operates the insurance card scanner service at forhelen.com (“Site” or “Service”). This Privacy Policy explains how we handle information when you use our Service.

2. Information We Process

Information You Provide During a Session

When you use Helen, you upload or photograph an insurance card. This card may contain insurance company name and plan details, member name and member ID, group number, copay, deductible, and coinsurance amounts, provider network information, and other benefit details printed on the card.

This information is processed only during your active session to provide the Service. It is not stored, saved, logged, or retained by Helen after your session ends.

Information We Do NOT Collect

  • We do not require or collect your name, email address, or any account information
  • We do not use cookies for tracking or analytics
  • We do not use advertising trackers or pixels
  • We do not collect device fingerprints or persistent identifiers
  • We do not build user profiles
  • We do not store or retain insurance card images after your session ends

3. How Your Information Is Processed

When you scan a card:

  1. Your browser captures or uploads the card image.
  2. The card image is sent to our service for processing during your session.
  3. The card text is sent to Anthropic’s Claude API (our AI processing provider) to generate a plain-English explanation of your benefits.
  4. The explanation is returned to you in your browser.
  5. When your session ends, all data is discarded. No card images, extracted text, or explanations are retained.

4. Third-Party AI Processing

Helen uses the Anthropic Claude API to process insurance card text and generate plain-English explanations. When your card text is sent to Anthropic for processing:

  • Anthropic’s data handling and privacy practices apply to that processing
  • Anthropic’s API usage policy is available at anthropic.com/policies
  • We use Anthropic’s API in a configuration that does not retain your data for model training

5. Data Retention

We do not retain your data. Helen’s architecture is stateless:

  • No database stores your information
  • No server logs capture your card images or extracted data
  • No backups contain your session data
  • When your session ends, your data ceases to exist on our systems

6. Data Security

Although we do not store your data, we take reasonable measures to protect it during your active session:

  • Data is transmitted using HTTPS encryption
  • Session processing uses secure, isolated environments
  • We follow industry-standard security practices for web applications

7. Children’s Privacy

The Service is not directed at children under 13. We do not knowingly process information from children under 13. Since we do not collect or store any personal information, we do not have a mechanism to identify the age of our users.

8. Your Rights

Because Helen does not store personal data, traditional data rights (access, deletion, correction, portability) are satisfied by design — there is no stored data to access, delete, correct, or port.

State Consumer Health Data Laws

Certain states, including Washington (My Health My Data Act), Connecticut, and Nevada, have enacted consumer health data privacy laws that apply to all entities handling consumer health data, not just HIPAA-covered entities. Under these laws, you have rights including:

  • Right to know what consumer health data is collected and how it is used
  • Right to withdraw consent for the collection or processing of your health data
  • Right to deletion of your consumer health data
  • Right to be free from discrimination for exercising your privacy rights

Helen’s stateless architecture means these rights are satisfied by design: no consumer health data is retained after your session ends. If you wish to withdraw consent, simply stop using the Service — no data persists that requires deletion.

Other Jurisdictions

If you are a resident of California, the European Economic Area, or another jurisdiction with specific privacy rights, please note that our stateless architecture means we do not hold any personal data that would be subject to these rights after your session ends.

9. Do Not Track

Helen does not track users across sessions or across websites. We honor Do Not Track signals by default because we do not engage in tracking.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new “Last Updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. HIPAA Notice

Helen is designed as a consumer tool that helps individuals understand their own insurance cards. Helen does not function as a covered entity or business associate under HIPAA. We do not store, transmit, or maintain protected health information (PHI) beyond the duration of your active session.

For institutional or enterprise use cases, separate compliance arrangements would be required. Contact us for more information.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

For Helen LLC
Email: legal@forhelen.com
Website: forhelen.com

13. Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Pennsylvania.

Terms of Service →Try Helen →