Equipoise does not collect, store, or process protected health information (PHI) as defined under HIPAA.
All inputs are aggregate plan-level operational metrics — denial rates, turnaround times, provider ratios, and criteria descriptions. No individual patient, member, or beneficiary data is requested, accepted, or stored.
Account registration: When you create an account, we collect your email address. Authentication is handled via magic link through Supabase. We do not store passwords.
Plan-level inputs: When you run an NQTL analysis, we collect and store the plan-level data you enter: plan name, plan type, member count, state of operation, and NQTL operational metrics — including denial rates, prior authorization turnaround times, provider ratios, and criteria source descriptions. This is aggregate operational data about a health plan. It is not clinical data about individuals.
Analysis results: The outputs generated by your analyses — compliance findings, gap narratives, regulatory citations, and remediation recommendations — are stored to your account so you can retrieve them later.
Usage data: We may collect basic technical data such as browser type, device type, and pages visited for the purpose of improving the application. We do not use third-party analytics or tracking pixels at this time.
The analysis Equipoise performs is a plan-to-plan comparison of operational practices — not a review of any individual's care or coverage history.
We use the data you provide exclusively to operate the Equipoise tool and deliver the NQTL comparative analysis you requested. Specifically: to run the federal six-element comparison framework against your inputs, store your analyses for retrieval, and provide support when you request it.
We do not use your plan data to train machine learning models, benchmark against other clients without your consent, or share with third parties for any commercial purpose.
Account data and analysis results are stored in Supabase (PostgreSQL, SOC 2 Type II compliant, hosted on AWS). Authentication is managed by Supabase with row-level security policies applied to all user data. All data is transmitted over TLS/HTTPS. Your analyses are accessible only to authenticated users with permissions to your account.
No cookies are used beyond the session token required to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or persistent identifiers across sessions.
Your analyses are stored until you delete them or your account is terminated. You may delete individual analyses at any time from within the application. Upon account termination, all associated data is deleted from active storage within 30 days. You may request deletion at any time by contacting us at the address below.
Equipoise uses the following third-party infrastructure: Supabase (authentication and database hosting). No advertising networks, social media trackers, remarketing pixels, or third-party analytics tools are present.
You may request access to, correction of, or deletion of your account data at any time by contacting us through our contact form. We will respond within 30 days.
Equipoise is a compliance tool for health plan administrators, general counsel, and benefits professionals. It is not directed at individuals under 18. We do not knowingly collect information from minors.
We may update this policy as our practices evolve. Material changes will be noted on this page with a revised effective date.
Questions about this policy: contact form
equipoise.health