Privacy Policy

1. Overview

Appelo, Inc. (“Appelo,” “we,” “us”) provides software that helps medical practices prepare appeals, prior-authorization packets, and documentation checks, with every output reviewed and approved by the practice's own staff. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our websites (including appelo.ai) and to the Appelo service.

One distinction matters more than any other in this policy: the difference between protected health information (PHI) we process on behalf of our healthcare customers, and the business and website information we collect for ourselves. They are governed differently, and we treat them differently.

2. PHI: information we process for our customers

When a medical practice uses Appelo, we process patient information — such as claims, denial details, clinical documentation, and payer correspondence — solely on that practice's behalf. In HIPAA terms, the practice is the covered entity and Appelo acts as its business associate.

• We process PHI only as permitted by the Business Associate Agreement (BAA) we sign with each customer, and only to provide the service. See our BAA overview for details.
• We never sell PHI, and we never use it for advertising.
• We never use PHI to train machine-learning models — ours or anyone else's.
• We apply the “minimum necessary” principle: our systems and personnel access only the PHI needed to perform the work.
• Patients seeking access to, or correction of, their health records should contact their healthcare provider directly — the practice, not Appelo, controls those records. If a request reaches us, we will route it to the relevant practice.

3. Business information we collect directly

Information you give us

• Contact details — name, work email, organization, and anything you include when you email us, request a demo, or submit a form.
• Account information — name, email address, and profile details (including those provided by your sign-in provider, such as Google) when you log in to the product.

Information collected automatically

• Usage and device data — pages visited, approximate region, browser and device type, and similar technical logs used to operate and secure the service.
• Cookies — we use strictly necessary cookies (for example, to keep you signed in). We do not use third-party advertising cookies.

4. How we use business information

• To provide, secure, and improve our websites and the Appelo service.
• To respond to inquiries and demo requests, and to manage customer relationships.
• To send service communications, and marketing you can opt out of at any time.
• To comply with law and enforce our agreements.

We do not sell personal information.

5. How we share information

• Service providers (subprocessors) — vendors that host infrastructure or provide supporting services under contracts that restrict their use of the data. Vendors that may touch PHI are bound by subcontractor BAAs, as HIPAA requires.
• Legal — when required by law, or to protect the rights, safety, and security of Appelo, our customers, or others.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to the commitments in this policy and our BAAs.

6. Security

We maintain administrative, physical, and technical safeguards appropriate to the sensitivity of the data we handle, including encryption in transit and at rest, role-based and least-privilege access controls, and logging of every AI draft and human approval in the product. Read more on our Security page. No system is perfectly secure; if a breach affects your information, we will notify you and our customers as required by law and by our BAAs.

7. Data retention

We keep PHI for as long as our customer's agreement requires, and return or destroy it as the BAA directs when the relationship ends. We keep business information for as long as needed for the purposes above, then delete or de-identify it.

8. Your choices and rights

• You may opt out of marketing emails at any time using the unsubscribe link.
• Depending on where you live, you may have rights to access, correct, or delete personal information we hold about you. Email us and we will honor applicable requests.
• For health-record requests, contact your healthcare provider, who controls those records.

9. Changes to this policy

We will post any changes here and update the “Last updated” date above. For material changes affecting customer PHI obligations, we will notify customers directly.

10. Contact us

Questions, requests, or concerns about privacy: [email protected].