Privacy Policy

MediNav is a free, neutral Medicare plan-comparison tool operated by the founder out of Wisconsin. You can reach us at privacy@medinav.care.

Only what the comparison actually needs. We do not sell your data and we do not run ad trackers.

• Questionnaire answers. Your situation, county, doctors, prescriptions, chronic conditions, and cost trade-offs.
• Uploaded photos / PDFs of plan documents, pill bottles, or your Medicare card — only when you upload them yourself.
• Blue Button 2.0 claims (Part A/B/D coverage and Explanation-of-Benefit records) — only if you click the CMS consent button and authorize it on Medicare.gov.
• Email address — only if you request a written summary or ask to be contacted by a licensed broker partner.
• Minimal server logs (request timestamps, IP, user agent, request path) for debugging and abuse prevention. No health details are written to logs.

• Your Social Security Number.
• Your full Medicare Beneficiary Identifier (MBI) outside of the active comparison session. Any MBI you enter or extract is masked in the UI after capture.
• Banking or payment information — MediNav never charges you.
• Third-party ad tracking identifiers. There are no Meta, Google Ads, or TikTok pixels on this site.

• Questionnaire answers live in your browser (sessionStorage) and in a short-lived server-side match-store keyed by an opaque session ID. We do not link this to your identity unless you give us your email.
• Photos and PDFs you upload are sent to our vision model (see next section), and the extracted text is kept in your session. The image bytes themselves are not saved to disk or object storage — they are discarded after the model call returns.
• Blue Button claim data is summarized into aggregate totals (spend categories, top providers, top drugs) and stored in an HttpOnly cookie tied to your browser for up to 12 hours, then discarded. The raw claim records themselves are not persisted.
• Email + broker requests are sent via Resend and retained so we can follow up. You can ask us to delete them at any time.

To read plan documents, Medicare cards, and pill bottles, we send the uploaded file to Anthropic's Claude model through the Vercel AI Gateway. The gateway is configured with zero data-retention — prompts and responses are not stored by the model provider for training or otherwise. We pass only the file and a short instruction; we do not attach your name, ZIP, or any questionnaire context.

The CMS Blue Button 2.0 integration is opt-in. When you click Connect your Medicare, you are redirected to Medicare.gov to log in and expressly authorize MediNav to receive your claims. CMS (not MediNav) verifies your identity. We never see your Medicare.gov password.

Under HIPAA's individual access right (45 CFR 164.524) you are authorizing a direct data transfer to MediNav as your personal-representative app. You can revoke access at any time on Medicare.gov; revocation takes effect immediately for future calls.

• Infrastructure providers we operate on — Vercel (hosting), Resend (transactional email), and the AI model provider accessed through Vercel AI Gateway. Each only receives what it needs.
• A licensed broker, but only if you ask.MediNav does not pre-share your details with any broker. If you click “Talk to a licensed broker,” we will, with your explicit consent at that step, send your contact info and selected priorities to the partner you chose. Today this hand-off is paused; in the future it will require your signed Prior Express Written Consent.
• No one else. We do not sell, rent, or share your data for advertising or analytics. We do not share health information with data brokers.

We are voluntarily adopting HIPAA-style safeguards even though MediNav is not a HIPAA-covered entity:

• TLS 1.2+ in transit.
• Cookies holding session or claim data are marked HttpOnly, Secure, and SameSite=Lax so browser-side scripts can't read them.
• Health details are kept out of server and analytics logs.
• Uploaded photos are never written to persistent storage. MBI is masked in the UI after it is captured.

• Session questionnaire answers: up to 180 days server-side, then purged.
• Uploaded photos / PDFs: not retained — discarded after processing.
• Blue Button claim summary: up to 12 hours in your browser cookie.
• Email threads and broker-request records: kept while the matter is open; deletable on request.
• Server logs: 30 days.

• Leave optional questions blank. The comparison still runs.
• Clear session data by clicking “Start over” or by closing your browser tab.
• Revoke Blue Button access at Medicare.gov.
• Email privacy@medinav.care to request deletion of an email or broker-request record.

If your state grants rights to access, correct, delete, or port personal data, email us and we will honor the request even though MediNav is a Wisconsin-only v1. We do not sell personal information and we do not process it for targeted advertising.

MediNav is built for adults, primarily Medicare-eligible adults (generally 65+). It is not directed to children under 13 and we do not knowingly collect their information.

When this policy changes meaningfully we will update the effective date and, for material changes, post a banner on the site.

Privacy questions: privacy@medinav.care.