MyCareCost

Compare and Negotiate Healthcare Pricing

Legal

Consumer Health Data Privacy Notice

Last updated: April 18, 2026

This notice supplements our Privacy Policy and applies specifically to consumer health data regulated by the Washington My Health My Data Act, Nevada SB 370, and the New York Health Information Privacy Act. If you reside in another state, the same protections apply to your data as a matter of MyCareCost policy.

1. Why this notice exists

MyCareCost is not a healthcare provider, health plan, or healthcare clearinghouse, and we are not subject to HIPAA. However, certain state laws — the Washington My Health My Data Act (RCW 19.373), Nevada SB 370 (NRS 603A.400–490), and the New York Health Information Privacy Act (NYHIPA) — regulate “consumer health data” or “regulated health information” collected by non-HIPAA entities. This notice explains, in one place, what consumer health data we collect, why we collect it, who we share it with, and how you can exercise your rights.

2. What we consider “Consumer Health Data”

For purposes of this notice, “Consumer Health Data” means information that you voluntarily enter into the Service that could reveal your past, present, or future interest in physical or mental health care or services. On MyCareCost, that includes:

  • The medical procedures you search for, including procedure names and CPT/HCPCS codes you enter or click on.
  • Items you save to your cart for later comparison.
  • Price alerts you create for specific procedures.
  • Manually entered dollar amounts in our bill-comparison tool (we do not accept uploads of bills, EOBs, insurance cards, or any document that could contain Protected Health Information).
  • Total Care Cost search inputs and the resulting cost-estimate outputs that we store in your account history.
  • Approximate location (state or ZIP) you provide so we can rank nearby hospitals.

3. What we do NOT collect

  • We do not access medical records, diagnoses, treatment plans, prescriptions, or insurance claims.
  • We do not collect biometric data, precise geolocation, or genetic information.
  • We do not infer health conditions from your searches; we use them only to deliver pricing and comparison results.
  • We do not buy consumer health data from third parties or data brokers.

4. How we use Consumer Health Data

  • To run the procedure search, comparison, alert, and bill-review features you request.
  • To produce, deliver, and store Total Care Cost estimates that you have purchased.
  • To debug, secure, and improve the Service in aggregate, anonymized form.
  • To respond to your support requests and to fulfill our legal obligations.

5. Sharing Consumer Health Data

We do not sell Consumer Health Data and we do not use it for targeted advertising. We share Consumer Health Data only with the operational service providers required to run the platform, each bound by a written contract that limits their use of the data to providing services to MyCareCost:

  • Hetzner Cloud — application and database hosting (Ashburn, VA).
  • Neon — managed PostgreSQL hosting for the database that stores your account.
  • Stripe — payment processing for Pay-Per-Use purchases (Stripe receives transaction metadata, not your search history).
  • Mailgun — transactional email delivery (e.g., Total Care Cost result confirmations).
  • Upstash — rate-limiting and session management.
  • Cloudflare — reverse proxy, DDoS protection, and privacy-preserving web analytics.

6. Consent

When you create an account and use a feature that processes Consumer Health Data (e.g., performing a search, saving a procedure to your cart, creating a price alert, or running a bill comparison), you affirmatively consent to that specific processing. We do not collect Consumer Health Data in the background and we do not use it for any purpose beyond the feature you asked us to perform.

7. Your rights

  • Right to confirm and access: you may request confirmation of whether we are processing your Consumer Health Data and a copy of that data.
  • Right to delete: you may request deletion of your Consumer Health Data. The fastest way is to delete your account from Settings, which removes all associated search history, cart items, price alerts, and bill-comparison data within 30 days.
  • Right to withdraw consent: you may withdraw consent for the collection or sharing of Consumer Health Data at any time. Once consent is withdrawn, we will stop the relevant processing within 15 business days and will not retroactively use previously collected data.
  • Right to non-discrimination: we will not deny you the Service, charge a different price, or provide a different level of quality because you exercised any of these rights.
  • Right to appeal: if we decline a request, we will give you a written explanation and you may appeal to [email protected] with the subject line “Consumer Health Data Appeal.” We will respond within 45 days.

8. How to make a request

  • Email [email protected] with the subject line “Consumer Health Data Request.”
  • Include the email address on your MyCareCost account and a description of the right you wish to exercise.
  • We may need to verify your identity (e.g., by confirming you control the account email) before fulfilling the request.
  • We will respond within 45 days. We may extend this deadline by an additional 45 days where reasonably necessary, with written notice to you.
  • There is no cost to make a request, except that we may charge a reasonable fee for manifestly unfounded or excessive repeated requests.

9. Security

We protect Consumer Health Data with encryption in transit (TLS) and at rest, hashed authentication credentials, scoped API keys, role-based database access, infrastructure-level firewalls, and audit logging. While no system is perfectly secure, we apply controls consistent with HIPAA’s Security Rule even though we are not a HIPAA-covered entity.

10. Data retention

  • Account data and Consumer Health Data are retained for the lifetime of your account.
  • Total Care Cost search results that you have purchased remain available in your account history for as long as your account is active so you can re-open them.
  • When you delete your account or your Consumer Health Data, the data is purged within 30 days from production systems and within 90 days from encrypted backups.
  • Aggregated and anonymized usage statistics that cannot be linked to you may be retained indefinitely for analytics.

11. Children

The Service is not directed to children under 13, and we do not knowingly collect Consumer Health Data from children. Where applicable state law sets a higher age threshold for sensitive or health data (for example, Connecticut and certain other states require opt-in consent for processing the data of minors under 16), we apply that higher threshold.

12. Changes to this notice

We may update this notice periodically. The “Last updated” date below reflects the latest revision. For material changes, we will notify registered users by email or in-app notice at least 30 days before the changes take effect.

13. Contact

  • For Consumer Health Data questions or requests: [email protected] (subject line “Consumer Health Data Request”).
  • My Darling Decoy Games LLC d/b/a MyCareCost, 307 Wickliffe St, Troy, IL 62294.