Consumer Health Data Privacy Policy
Last updated: April 4, 2026
Estimated reading time: ~5 minutes
1. Why this policy exists
Washington State's My Health My Data Act (MHMDA) requires businesses that collect consumer health data from Washington residents to publish a separate, prominent consumer health data privacy policy. This page satisfies that requirement.
ClaimSire is an independent, AI-powered eligibility guidance service that helps family caregivers discover Medicaid self-direction programs. During our free conversation, we collect information about your family member's health and care needs to assess potential program eligibility. That information qualifies as "consumer health data" under the MHMDA.
This policy applies to all Washington residents who use ClaimSire. It supplements our general Privacy Policy, which covers all users.
2. What health data do we collect?
During the eligibility conversation, you may share the following types of health-related information about your family member (the care recipient):
| Category | Examples |
|---|---|
| Health conditions | Dementia, diabetes, arthritis, heart disease, mobility limitations |
| Activities of Daily Living (ADL) needs | Bathing, dressing, eating, toileting, transferring, walking |
| Instrumental ADL (IADL) needs | Meal preparation, housekeeping, transportation, medication management, finances |
| Diagnoses | Medical diagnoses relevant to care needs and program eligibility |
| Medications | Medications that indicate care complexity or program requirements |
We do not collect Social Security numbers, Medicaid card numbers, insurance policy numbers, or financial account information.
3. Why do we collect it?
We collect health-related information for one purpose: to assess which Medicaid self-direction programs your family may qualify for based on the care recipient's needs. This information is used to:
- Match your family's situation to relevant state programs
- Estimate potential caregiver compensation ranges
- Generate your personalized Benefits Blueprint (if purchased)
We do not use health data for advertising, marketing to third parties, or any purpose unrelated to providing our eligibility guidance service.
4. Who receives your health data?
Health data from your conversation is shared with the following service providers. It is not sold to any third party.
| Recipient | Purpose | Retention |
|---|---|---|
| Anthropic (Claude API) | Powers the AI conversation | Up to 7 days, then deleted. Not used for AI training. |
| Supabase (database) | Stores conversation and assessment data | Until you request deletion |
Stripe (payment processor) and Resend (email service) do not receive health data. They only process payment and email information respectively.
5. How do we get your consent?
The My Health My Data Act requires that we obtain your consent before collecting consumer health data. This consent must be freely given, specific, informed, and unambiguous.
Before your conversation begins, we present a clear disclosure explaining that (a) the conversation collects health-related information, (b) that information is processed by AI (Claude by Anthropic), and (c) how it will be used. You must affirmatively consent before health data collection begins.
You may withdraw your consent at any time by emailing hello@claimsire.com. When you withdraw consent, we will stop collecting your health data and delete existing health data within 30 days.
6. Your rights under the My Health My Data Act
As a Washington resident, you have the following rights regarding your consumer health data:
- AccessYou may request a copy of the health data we have collected about you, including the specific data points and the purposes for which they were collected.
- DeleteYou may request that we delete all health data we have collected about you. We will also direct our service providers (Anthropic, Supabase) to delete your health data.
- Withdraw consentYou may withdraw your consent for health data collection at any time. Withdrawal does not affect the lawfulness of data processing that occurred before withdrawal.
To exercise any of these rights, email hello@claimsire.com. We will respond within 30 days.
7. How do we protect your health data?
- All data transmitted between your browser and our servers is encrypted using TLS (256-bit encryption).
- Our database (Supabase) uses encryption at rest and row-level security policies.
- Access to health data is restricted to the systems that need it to provide the service.
- We do not sell, rent, or trade your health data to anyone.
In the event of a data breach involving your health information, we will notify you within 60 days as required by the FTC Health Breach Notification Rule and Washington state law.
8. Contact us
Questions about this policy or your health data rights? Contact us:
We will respond within 30 days. For general privacy questions, see our full Privacy Policy.