NSAidr

Privacy Policy

Last updated: 2026-05-11

Data controller

The data controller for NSAidr is Desymphony EOOD, a Bulgarian limited liability company (eднолично дружество с ограничена отговорност / EOOD), with its registered office in Sofia, Bulgaria. Contact: info@desymphony.com.

What we collect from the decoder

Nothing at identifying granularity. The decoder runs entirely in your browser. The inputs you provide — service type, payer type, state, INN/OON status, notice-and-consent, bill dates, GFE and actual bill amounts — are never transmitted to our server.

If, in the future, we add aggregate analytics (e.g., counts of dispute-path verdicts by state bucket), we will collect only aggregated, non-identifying data — never bill amounts, never EOB dates, never payer names, never anything that could re-identify a transaction.

What we collect when you visit the site

  • Server access logs: IP address, user-agent, request path, response status, timestamp. Retained for 30 days for security and operational reasons.
  • Cookies: Strictly-necessary cookies only by default. If you opt in via the consent banner, optional analytics cookies (Google Analytics 4) load. Default is OPT-OUT for ad-storage / ad-personalization; analytics-storage is opt-in.

Third-party services

We use Cloudflare for DNS, CDN, and DDoS protection — Cloudflare may process IP addresses and log entries on our behalf. If you opt into analytics, we use Google Analytics 4 for aggregate traffic measurement.

Your rights (GDPR / CCPA)

Because we do not collect personally identifying information through the decoder, there is no personal record for us to access, correct, or delete. If you contact us by email, you can request deletion of that email at any time by writing to info@desymphony.com. Under GDPR, you may also lodge a complaint with the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни).

Children

NSAidr is intended for adults navigating their own (or a family member's) medical bills. We do not knowingly collect data from children under 13.

Changes to this policy

We update this policy as our infrastructure or compliance posture changes. The "Last updated" date above reflects the most recent material change.