Legal
Privacy Policy
This policy describes what information RateScope collects through the public site and authenticated workspace, how it is used, which service providers support the platform, how exact payer-contracted economics are stored and protected as org-confidential product data, and the architecture of the optional advanced zero-knowledge vault.
Effective date
May 21, 2026
Contact
Scope of this policy
This Privacy Policy applies to information collected through the RateScopepublic site and subscription platform. It covers the public benchmark preview pages, programmatic payer-rate reference pages, the subscriber account and workspace, subscription billing and commerce flows, and all related features and APIs.
This policy does not create a patient-data or clinical-record service. The platform is a benchmark information product and should not be used to submit treatment records, patient charts, insurance member numbers, or other protected health information.
When you submit your email address through a waitlist or notify-me form, we collect that address to send you the notification you signed up for — for example, when subscriptions open or when coverage you asked about becomes available. We do not share waitlist email addresses with third parties and do not use them for marketing beyond the notifications you requested. To remove your address from the waitlist at any time, email support@ratescope.co.
Information we collect
We collect information in the following categories:
- Account and authentication data. When you create an account, authentication is handled by Clerk. We receive account identifiers, email address, and profile metadata needed to operate the subscription service.
- Subscription and billing data. Subscription state, plan tier, billing cadence, and transaction identifiers are managed through Stripe. We do not store full payment card numbers; payment data is handled by Stripe as merchant of record.
- Practice profile data. Subscriber-provided practice information such as credential type, state, payer panels, and practice structure — used to personalize benchmark context and workspace features.
- Rate-band contribution data. If you opt in to contribute your payer-rate position to cohort benchmarks, only a discrete position bucket (for example, whether your contracted rate falls in a certain percentile range) is transmitted into our cohort benchmark dataset. The exact dollar amount you contribute is never aggregated into shared benchmarks, never published, and never used to coordinate or recommend pricing across practices. See the Exact payer-contracted economics section below for how your exact rates are stored as org-confidential product data, and the Zero-knowledge vault section for the optional advanced client-side encryption mode.
- Usage and interaction data. Page views, workspace navigation, feature engagement, and related analytics events — used to measure product performance and improve the service.
- Error and diagnostic data. When the site or browser reports a failure, diagnostic information such as page URLs, browser context, and technical debugging information may be sent to our error-monitoring provider.
- Support communications. Content of emails, support requests, and other communications you send to us.
Exact payer-contracted economics — standard storage
Paid subscribers can save their exact payer-contracted rates and related economics in the RateScope workspace to compare, plan, model, and review their reimbursement position. This section describes how those exact values are stored, who can access them, and the protections that apply by default.
Storage model — org-confidential product data. Exact payer-contracted economics are stored on RateScopeservers as org-confidential product data, scoped to your organization. Each value is bound to your organization’s scope through row-level access controls (RLS) so that only authenticated, authorized members of your organization can read or write it.
Access protections. Reading or writing exact payer-contracted economics requires an authenticated session that has satisfied multi-factor authentication (MFA). Access events are written to audit logs that record the actor, the organization scope, the timestamp, and the operation, but never the exact dollar value. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Telemetry and log redaction. Exact payer-contracted rate values are structurally excluded from product telemetry, application logs, error-monitoring payloads, and any other diagnostic surface. The redaction is enforced by an architectural guard at the event-emission layer, not by an after-the-fact policy. The exact dollar amount of a payer-contracted rate does not appear in PostHog, Sentry, or any internal log stream.
No pooling, benchmarks, or cross-customer outputs. Exact payer-contracted values you save are never aggregated into shared benchmarks, never published in cohort statistics, never visible to other subscribers, and never used to coordinate, suggest, or recommend pricing across practices. The benchmark dataset uses only the discrete position buckets described in the Information we collect section, and only when you opt in to contribute. RateScopeoperates as a unilateral-analytics platform: each subscriber receives independent analysis based on public benchmark distributions and its own data, not coordinated outputs derived from other subscribers’ exact rates.
Subpoena and legal process. Because exact payer-contracted economics are stored on our servers as org-confidential product data, RateScopemay be compelled to produce them in response to a valid subpoena, court order, or other lawful legal demand directed to your organization’s data. Where permitted by law, we will notify the affected organization before disclosure. Subscribers who require a strictly non-recoverable custody model may elect the optional advanced zero-knowledge vault described in the next section.
Retention. Exact payer-contracted economics are retained for as long as your subscription is active. If you cancel, they are retained for 90 days in case you reactivate, then permanently deleted. You may delete individual values or the full org-confidential dataset at any time through account settings.
Zero-knowledge vault data (optional advanced custody)
An optional advanced custody mode (a zero-knowledge vault) is being developed for users who require client-side encryption of their exact payer-contracted economics; this section describes that mode, not the default product behavior. The default storage model for exact payer-contracted economics is the org-confidential server-side storage described in the section above.
When available, Pro and higher subscribers may opt into the RateScope zero-knowledge vault to store exact payer-contracted rate values as ciphertext only. This section describes the vault’s data architecture and what RateScope can and cannot access in that mode.
Architecture.The vault uses client-side encryption. When you save an exact rate to the vault, your browser derives an encryption key from your vault passphrase using a key-derivation function (PBKDF2-SHA256). Your data is encrypted in your browser before it is sent to our servers. Our servers store only the encrypted ciphertext; the encryption key is derived and held in your browser’s memory and is never transmitted to us.
What RateScope can and cannot access in vault mode. Because we hold only ciphertext for values stored in the optional advanced vault, RateScopecannot read, export, or produce a vault record’s plaintext contents — including in response to a subpoena, legal demand, or law enforcement request. We can confirm that a vault record exists for your account and we can delete vault records at your request, but we cannot decrypt them. This is an architectural property of the vault mode and applies only to values you have stored in the vault; it does not apply to exact economics stored under the default org-confidential model.
Retention. Vault records are retained for as long as your subscription is active. If you cancel, vault records are retained for 90 days in case you reactivate, then permanently deleted. You may delete vault records at any time through account settings. If your subscription downgrades below Pro, vault ciphertext is preserved but inaccessible until you re-upgrade; it is not deleted on downgrade.
Audit events. We log operational vault events (vault setup completed, vault locked, recovery code used, passphrase rotated, vault deleted) for audit and compliance purposes. These event logs contain account identifiers and timestamps but never ciphertext, exact rates, partition keys, or decrypted values. Vault event logs are retained for 24 months.
Passphrase loss. If you lose your vault passphrase and all vault recovery codes, your vault contents are permanently inaccessible. RateScope cannot recover vault contents. Support can verify your account and offer only a destructive reset: deletion of your encrypted vault records so you can start a new vault.
How we use information
We use information to operate and improve the service, including to:
- authenticate your account and maintain your subscription;
- process billing, manage plan upgrades and downgrades, and handle cancellations;
- personalize benchmark context based on your practice profile;
- compute and display rate-position analytics in your workspace (using public TiC data and your rate-band position where you have opted in to contribute);
- measure which platform features, benchmark pages, and content are useful;
- debug site failures, prevent abuse, and maintain operational logs;
- send transactional emails such as subscription confirmations, payment receipts, and support responses; and
- respond to support, deletion, correction, or legal notice requests.
Server-side telemetry never carries exact payer-contracted rates. Any exact rate you enter into the platform follows one of four persistence paths: (1) it stays in your browser for unsubmitted session use, (2) it is held in device-local storage where you have opted into local persistence, (3) it is stored as org-confidential product data on RateScope servers under the access protections described in the Exact payer-contracted economics section, or (4) it is encrypted in your browser before transmission and stored as ciphertext only in the optional advanced zero-knowledge vault. For cohort benchmark contribution, the exact dollar amount is converted to a coarse position bucket before transmission. The exclusion of exact payer-contracted rates from telemetry, application logs, error-monitoring payloads, shared benchmarks, and cross-customer outputs is an architectural constraint, not merely a policy.
Service providers and systems
The platform uses third-party tools and hosted services, including:
- Vercel for site hosting, application infrastructure, and blob storage.
- Clerk for account authentication, session management, and organization features.
- Stripe for subscription billing, payment handling, and merchant-of-record responsibilities.
- PostHog for product analytics, interaction measurement, and feature-flag support.
- Sentry for error monitoring and diagnostic telemetry.
- Resend for transactional emails such as subscription confirmations, payment receipts, and support responses.
- Vercel Blob and Supabase for operational data storage and infrastructure.
Each provider processes data only as needed to deliver the described function and is subject to its own privacy and security terms. We share with service providers only the data they need to perform their services on our behalf.
Retention and security
We retain subscriber account data — profile, practice metadata, roster, and subscription state — for as long as your subscription is active. If you cancel, your account data is retained for 90 days to allow reactivation, then deleted within 30 days of the retention window closing.
For public-site interactions, analytics events, and support communications, we retain information as reasonably needed for platform operations, troubleshooting, abuse prevention, and legal compliance.
Aggregate, de-identified benchmark data — stripped of your name, email, practice identity, and NPI — is retained indefinitely. It underpins RateScope’s cohort comparisons and benchmarks and does not identify you.
Exact payer-contracted economics stored as org-confidential product data are governed by the separate retention rules in the Exact payer-contracted economics section above. Records stored in the optional advanced zero-knowledge vault are governed by the separate retention rules in the Zero-knowledge vault section above.
You can request deletion of your account data at any time by emailing support@ratescope.co. We honor deletion requests within 30 days, except where retention is required by law or is necessary for an active fraud or legal matter.
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is logged and access reviews are conducted as needed. No internet-connected service can guarantee absolute security, but we use commercially reasonable measures to protect operational data.
Your choices and requests
Privacy and support requests are handled through support@ratescope.co.
- You can ask to access, correct, or delete account information associated with your subscription.
- You can delete exact payer-contracted economics stored as org-confidential product data at any time through account settings; deletion is permanent.
- You can delete records stored in the optional advanced zero-knowledge vault at any time through account settings; vault records you delete cannot be recovered.
- You can cancel your subscription at any time through the account portal.
- You can withdraw any rate-band contribution consent at any time; withdrawal stops future contributions but does not retroactively remove anonymized aggregate data already incorporated into cohort statistics.
- You can send support questions, legal notices, or privacy concerns to the same address.
Children and sensitive data
The service is not directed to children and is not intended to collect data from minors. We also do not want patient records, diagnosis information, treatment notes, insurance member numbers, clinical identifiers, or other protected health information submitted through the platform.
Changes and contact
We may revise this Privacy Policy over time as the platform, analytics stack, or legal posture changes. If we make material changes, we will notify active subscribers by email before the changes take effect and post the revised version here with an updated effective date.
- Brand/operator name: RateScope
- Legal entity: Hyboria, Inc., a Delaware corporation
- Notice address: 8063 Challis Rd. #1054, Brighton, MI 48116
- Governing law: Delaware
Contact support@ratescope.co for privacy requests, deletion requests, support questions, or legal notices.