MyCareCost

Compare and Negotiate Healthcare Pricing

Legal

Privacy Policy

Last updated: April 30, 2026

MyCareCost is a product of My Darling Decoy Games LLC, an Illinois limited liability company (“we,” “our,” or “us”). We respect your privacy. This policy explains what information we collect, how we use it, who we share it with, and the choices you have. We collect only what is needed to operate the transparency platform and provide your account and subscription services. We do not collect Protected Health Information (PHI) and are not subject to HIPAA (see Section 10).

1. Information We Collect

  • Account data: when you register, we collect your email address and a securely hashed password. If you sign in via a third-party provider (e.g., Google), we receive a limited profile (name, email, avatar URL) from that provider.
  • Subscription & payment data: if you subscribe to Ultra, our payment processor (Stripe) collects your payment method details. MyCareCost does not store full credit card numbers. We receive from Stripe: a customer ID, subscription status, plan tier, and billing history metadata.
  • Health-adjacent usage data: when you search for medical procedures, save items to your cart, set price alerts, use the bill-comparison tool, or perform a Total Care Cost search, we store those selections and results in association with your account so we can provide the Service. This data reflects your interest in pricing information and is not a medical record, diagnosis, or treatment history (see Section 10 below).
  • General usage data: pages viewed, device type, and aggregate interaction patterns. These analytics do not contain personally identifiable health information.
  • Contact data that you voluntarily provide when submitting corrections, partner requests, or other forms (name, email, organization, message, and any attachments).
  • Technical data automatically logged by our infrastructure (IP address or a hashed/pseudonymous identifier, browser type, timestamps) for security, abuse prevention, and debugging.
  • Click-through and referral tracking data when you use outbound links (for example, a session identifier, hashed IP, user agent, and the destination type such as “website” or “directions”).
  • Login and session metrics: timestamps of your sign-ins, session counts, session duration, sign-in frequency, and aggregate counts of activity (for example, the number of searches you performed in a 30-day window or whether you have used a given feature). These metrics describe how you use the Service; they do not include the contents of your searches, cart, bills, or Total Care Cost results when used for marketing, growth, or retention analytics (see Section 11).
  • Marketing attribution data: when you arrive at the Service through a marketing link, we record the UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term), the HTTP referrer (e.g., “news.ycombinator.com”), and the landing page path so we can measure which channels drive sign-ups. If you have accepted advertising cookies, we may also record click identifiers provided by ad platforms (e.g., gclid for Google Ads, fbclid for Meta) for the same purpose.
  • Device, browser, and locale signals: device class (mobile, tablet, or desktop), browser family, operating system family, language, and timezone, derived from your browser when you sign in. We use these to format the Service correctly and to choose appropriate times to send you transactional and (if opted in) marketing emails.
  • Email engagement events: when we send you a transactional or marketing email through our email provider (Mailgun), we record delivery, open, click, bounce, spam complaint, and unsubscribe events tied to your account so we can measure deliverability, optimize send times, and honor unsubscribe requests.
  • Lifetime account metrics: cumulative subscription revenue, plan tier history, dates of first paid conversion, plan upgrades and downgrades, and date of cancellation or reactivation. We use these to understand product performance and to surface relevant offers to you.
  • Experiment assignments: when we test product, content, or pricing variations, we record which variant your account was assigned to so we can measure the outcome of the test.
  • Social media interactions: if you message, comment on, mention, tag, follow, or otherwise engage with our official accounts on third-party platforms (Facebook, Instagram, Threads, X, LinkedIn, YouTube), we receive the information you choose to share through those platforms (e.g., your platform username, your message, and any profile information that platform makes visible to us).

2. Cookies, Sessions & Local Storage

  • Strictly necessary (always on): authentication cookies/tokens used to keep you signed in across pages and sessions; short-lived session identifiers used for rate limiting and abuse prevention (powered by Upstash Redis); CSRF tokens; and the cookie-consent record itself. These are required to operate the Service and cannot be disabled.
  • Saved preferences (always on, stored in browser only): theme, last-viewed items, and cart contents may be stored in browser local storage on your device. This data does not leave your browser unless you sign in.
  • Analytics cookies (opt-in): when you accept analytics cookies via our cookie banner, we load Google Analytics 4 (GA4) to measure aggregate traffic, page performance, and conversion funnels. GA4 sets first-party cookies (e.g., _ga, _ga_*) and transmits pseudonymous event data to Google LLC as a processor on our behalf. We do not enable Google Signals or cross-device tracking. If you decline, GA4 is never loaded.
  • Advertising & conversion-tracking cookies (opt-in): when you accept advertising cookies via our cookie banner, we may load conversion-tracking and audience-building tags from one or more advertising platforms we are running campaigns on, which currently may include: Meta Pixel and Conversions API (Facebook, Instagram, Threads), TikTok Pixel, LinkedIn Insight Tag, X (Twitter) Pixel, and the Google Ads conversion tag (which also covers YouTube ad campaigns). These tags allow each platform to measure ad performance, attribute conversions, and build remarketing audiences. They set their own cookies and may match your visit to your account on the corresponding platform. If you decline, none of these tags are loaded.
  • We do not embed social media share widgets, like buttons, or social login on the Service.
  • You can change your cookie choice at any time via the "Cookie Preferences" link in the site footer. We honor Global Privacy Control (GPC) browser signals as an automatic opt-out of all non-essential cookies (analytics and advertising), and as a valid opt-out of any "sale" or "sharing" of personal information for residents of states whose laws recognize GPC (currently California, Colorado, and Connecticut, with others adopting similar requirements).
  • Hard rule for health-related pages: regardless of your cookie choices, we do not load advertising or conversion-tracking tags on pages that display medical-procedure search results, cart contents, price alerts, bill-comparison data, or Total Care Cost results. Consumer health data (see Section 11) is never transmitted to any advertising platform, never used to build advertising audiences, and never uploaded for matching to third-party ad accounts.

3. How We Use Information

  • Operate, maintain, and improve the Service.
  • Authenticate your identity and manage your account and subscription.
  • Process payments via Stripe and enforce subscription entitlements.
  • Provide personalized features such as search history, saved carts, price alerts, bill-comparison tools, and stored Total Care Cost search results.
  • Respond to corrections, partner inquiries, and support requests.
  • Send transactional emails (account verification, password reset, subscription receipts, Total Care Cost search results, and auto-renewal confirmations).
  • Send optional product updates, price-alert notifications, and newsletters if you opt in. You may unsubscribe at any time via the link in any marketing email or from your account settings.
  • Measure the effectiveness of our marketing channels and campaigns (channel attribution, conversion rates, cost-per-acquisition) using the attribution and engagement data described in Section 1.
  • Identify accounts that have been dormant or that have not converted to a paid plan so we can send re-engagement, onboarding, or product-update emails (subject to your marketing-email opt-in).
  • Compute lifetime value, retention cohorts, and feature-adoption funnels for internal product and growth analytics. These analyses operate on aggregate counts and do not include the contents of consumer health data (see Section 11).
  • Optimize the timing and content of our emails based on your past open and click engagement and your timezone, and improve email deliverability (handling bounces and spam complaints).
  • Run product, pricing, and content experiments (A/B tests) to evaluate proposed changes to the Service.
  • Monitor compliance coverage, detect abuse, and ensure platform reliability.

4. Legal Basis

We process information on the basis of: (a) performance of a contract (providing the Service and fulfilling your subscription); (b) legitimate interests (operating, securing, and improving the Service); (c) consent (when you submit forms, opt in to marketing, or accept cookies); and (d) compliance with legal obligations.

5. Sharing of Information

  • Infrastructure & hosting: Hetzner Cloud (application servers and self-hosted PostgreSQL database, Hillsboro, Oregon). Encrypted database backups are stored on Cloudflare R2 (object storage). Cloudflare also provides our DNS, CDN, and load balancing.
  • Payments: Stripe processes subscription payments and stores payment method details on our behalf.
  • Email: Mailgun delivers transactional and marketing emails and reports delivery, open, click, bounce, spam-complaint, and unsubscribe events back to us as a processor on our behalf (see Section 1).
  • Rate limiting & caching: Upstash (Redis) provides rate limiting and session management.
  • Analytics: Cloudflare Web Analytics (privacy-focused, cookieless aggregate metrics) is loaded for all visitors. Google Analytics 4, operated by Google LLC, is loaded only after you opt in via our cookie banner.
  • Advertising platforms (only with your opt-in consent): when we run paid campaigns, we may share pseudonymous event data (such as page views, button clicks, sign-ups, and purchases) with Meta Platforms, Inc. (Facebook/Instagram), TikTok, LinkedIn Corporation, X Corp., and Google LLC (Google Ads/YouTube) for ad measurement, conversion tracking, and remarketing. We may also upload hashed (SHA-256) email addresses to these platforms to (a) suppress existing customers from acquisition campaigns and (b) build lookalike audiences. Consumer health data is excluded from all of the above (see Sections 2 and 11).
  • We may also disclose information if required by law, subpoena, or court order, or to protect the rights, property, or safety of MyCareCost and its users.
  • We do not sell your personal information for money. Use of advertising-platform pixels and the upload of hashed email addresses to those platforms may constitute "sharing" of personal information for cross-context behavioral advertising under California, Colorado, Connecticut, Texas, and other state privacy laws. We treat declining advertising cookies, sending GPC, or using the "Do Not Sell or Share My Personal Information" link in the site footer as a valid opt-out of all such "sharing." See Section 8.

6. Data Retention

  • Account data: retained for the lifetime of your account. When you delete your account, personal data is purged within 30 days (some anonymized usage records may remain for analytics).
  • Payment records: Stripe retains transaction records per its own data retention policies and legal obligations. MyCareCost retains subscription metadata and legacy purchase/transaction records for billing history and audit purposes.
  • Search history, cart items, price alerts, and Total Care Cost search results: retained for the lifetime of your account. Deleted when you delete your account or remove individual items. Total Care Cost search results (including the cost estimate and any generated tools) are stored while your account is active so you can access past results.
  • Usage analytics events: retained for 180 days in identifiable form, then aggregated or anonymized.
  • Login and session metrics, marketing attribution data, email engagement events, lifetime account metrics, device/locale signals, and feature-adoption aggregates: retained for up to 24 months in identifiable form, then aggregated or anonymized for longer-term trend analysis. Marketing-email opt-out and unsubscribe records are retained for the lifetime of your account so we can continue to honor your choice.
  • Experiment assignments: retained for the duration of the experiment plus 12 months for outcome analysis, then anonymized.
  • Contact submissions: retained as long as necessary to fulfill the request and maintain an audit trail of transparency corrections.
  • Technical/server logs: automatically purged after 90 days.
  • You may request deletion of your personal data at any time by emailing [email protected] or by deleting your account in settings.

7. Security

We implement technical, administrative, and physical safeguards to protect information, including encrypted connections (TLS), hashed passwords (bcrypt), scoped API keys, database access controls, and infrastructure-level firewalls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Choices & Rights

  • Access & portability: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate personal data.
  • Deletion: request deletion of your account and associated personal data.
  • Opt out of marketing emails: unsubscribe from non-essential emails via the link in any marketing message or from your account settings.
  • Opt out of "sale" or "sharing" for advertising: MyCareCost does not sell personal information for money. We may "share" personal information with advertising platforms via opt-in conversion-tracking pixels and through hashed-email Custom/Matched Audience uploads (see Section 5). You can opt out at any time by: (a) declining or revoking advertising cookies via the "Cookie Preferences" link in the footer; (b) sending a Global Privacy Control (GPC) browser signal, which we honor automatically; (c) using the "Do Not Sell or Share My Personal Information" link in the footer; or (d) emailing [email protected] with the subject line "Do Not Sell or Share." We will also stop including your hashed email in any Custom/Matched Audience upload to advertising platforms within 30 days of any of the above.
  • Opt out of targeted advertising: handled the same way as opt-out of "sharing" above. We do not perform targeted advertising based on consumer health data under any circumstance (see Section 11).
  • Opt out of profiling: MyCareCost does not use personal data for profiling that produces legal or similarly significant effects about you.
  • Cookie controls: change your analytics or advertising cookie choices at any time using the "Cookie Preferences" link in the site footer. You may also limit browser-stored identifiers by clearing cookies/site data in your browser settings (note: this may affect sign-in or saved preferences). Global Privacy Control (GPC) browser signals are honored as an automatic opt-out of all non-essential cookies and as a valid opt-out of "sale" or "sharing" in jurisdictions that recognize GPC.
  • To exercise any of these rights, email [email protected] or use the controls in your account settings and the cookie-preferences and "Do Not Sell or Share" links in the footer. We will respond within 30 days (or the period required by your state’s law).

9. Appeal Process

If we deny or are unable to fully fulfill a privacy request, we will provide a written explanation. You may appeal our decision by emailing [email protected] with the subject line “Privacy Appeal.” We will review and respond to your appeal within 45 days. If you are unsatisfied with the outcome, you may contact your state’s Attorney General or applicable data protection authority.

10. HIPAA Disclaimer & Health Data Notice

  • MyCareCost is not a healthcare provider, health plan, or healthcare clearinghouse. We are not a “covered entity” or “business associate” under the Health Insurance Portability and Accountability Act (HIPAA).
  • We do not collect, store, or process Protected Health Information (PHI) as defined by HIPAA. We do not access medical records, insurance claims, diagnoses, treatment plans, or prescription information.
  • The procedure searches, saved cart items, price alerts, and bill-comparison entries you create on MyCareCost are consumer-generated pricing research—not medical records. This data is created by you for cost-comparison purposes and is not received from or transmitted to any healthcare provider or insurer on your behalf.
  • Our bill-comparison tool does not accept file uploads of medical bills, Explanation of Benefits (EOB) documents, or any documents that could contain PHI. Users manually enter dollar amounts only.
  • Although HIPAA does not apply to MyCareCost, we voluntarily apply security best practices consistent with HIPAA’s Security Rule, including encryption in transit and at rest, access controls, audit logging, and employee access restrictions.

11. Consumer Health Data (Washington, Nevada & New York)

  • If you are a resident of Washington (My Health My Data Act, RCW 19.373), Nevada (SB 370 / NRS 603A.400-490), or New York (Health Information Privacy Act, S929/A2141): the searches you perform for medical procedures, the procedures you save or set alerts for, and bill amounts you enter for comparison may constitute “consumer health data” or “regulated health information” under those laws.
  • We collect this data solely to provide the price-comparison and cost-tracking features you request. We do not sell consumer health data, and we do not share it with third parties except as necessary to operate the Service (see Section 5).
  • Strict no-advertising rule for consumer health data: we do not load advertising or conversion-tracking tags (such as Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, X Pixel, or the Google Ads tag) on any page that displays consumer health data, including procedure search results, procedure cost pages, the bill-comparison tool, the cart, price-alert pages, and Total Care Cost results. Consumer health data is never included in audience uploads to advertising platforms (Custom/Matched Audiences, lookalikes, or otherwise), is never used to target ads to you, and is never used to train advertising models. This rule applies regardless of any consent you have given to advertising cookies elsewhere on the Service.
  • Aggregate engagement metrics versus consumer health data: the login, session, feature-adoption, lifetime-value, and email-engagement metrics described in Section 1 may be used for internal product, retention, and growth analytics, and (for users who have opted in to marketing email) to send re-engagement and lifecycle communications. These aggregate metrics describe how often and in what general manner you use the Service — not what you searched for, what you saved to your cart, what you set price alerts on, what bill amounts you entered, or what Total Care Cost results you generated. We do not combine the aggregate engagement metrics with the contents of consumer health data when sharing data with, or building audiences on, any advertising platform.
  • You may request deletion of your consumer health data at any time by deleting your account or by emailing [email protected] with the subject line “Consumer Health Data Request.”
  • You have the right to withdraw consent to the collection of consumer health data by deleting your account, which removes all associated search history, cart items, price alerts, and bill-comparison data within 30 days.
  • For full details, see our separate Consumer Health Data Privacy Notice at /legal/consumer-health-data.

12. State Privacy Rights

  • California (CCPA/CPRA): You have the right to know what personal information we collect, use, and disclose; request deletion; correct inaccurate information; and opt out of the “sale” or “sharing” of personal information. MyCareCost does not sell personal information for money. We may "share" personal information with advertising platforms via opt-in conversion pixels and hashed-email Custom Audience uploads (see Section 5); you can opt out of such "sharing" at any time using the "Cookie Preferences" or "Do Not Sell or Share My Personal Information" links in the site footer, by sending Global Privacy Control (GPC), or by emailing [email protected] with the subject line "California Privacy Request." We honor GPC as a valid opt-out request. We do not discriminate against you for exercising your rights. We will verify your identity and respond within 45 days.
  • Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA): You have the right to access, correct, delete, and obtain a portable copy of your data, and to opt out of the sale of personal data, targeted advertising, and profiling. We do not sell personal data for money; targeted-advertising opt-out is handled via the cookie banner, the footer "Cookie Preferences" link, GPC (which we honor in Colorado and Connecticut), or by emailing [email protected]. We will respond within 45 days. You may appeal a denied request per Section 9.
  • Utah (UCPA): You have the right to access, delete, and obtain a portable copy of your data, and to opt out of the sale of personal data and targeted advertising. Targeted-advertising opt-out is handled via the cookie banner. We will respond within 45 days.
  • Texas (TDPSA): You have the right to access, correct, delete, and obtain a portable copy of your data; opt out of the sale of personal data, targeted advertising, and profiling. MyCareCost does not sell personal data for money. Targeted-advertising opt-out is handled via the cookie banner, the footer "Cookie Preferences" link, or by emailing [email protected]. We will respond within 45 days. You may appeal per Section 9.
  • Oregon (OCPA): You have the right to access, correct, delete, and obtain a portable copy of your data, plus the right to receive a list of specific third parties to whom we have disclosed your data. We will respond within 45 days. You may appeal per Section 9.
  • Florida (FDBR): To the extent we meet the law’s applicability thresholds, Florida residents have rights to access, correct, delete, and opt out of the sale of personal data and targeted advertising. We will respond within 45 days.
  • Montana (MTCDPA), Iowa (ICDPA), Delaware (DPDPA), New Hampshire (NHPA), New Jersey (NJDPA), Tennessee (TIPA), Minnesota (MCDPA), Rhode Island (RIDTPPA), Kentucky (KCDPA), and Indiana (ICDPA): Residents have substantially the same rights described above for Virginia, Colorado, and Connecticut residents (access, correction, deletion, portability, and opt-out of sale, targeted advertising, and profiling). Where applicable state law provides additional rights (e.g., Minnesota’s right to question profiling decisions, Oregon’s third-party-disclosure list, New Jersey’s sensitive-data restrictions), we honor those rights as well. We will respond within 45 days (extendable by 45 additional days where legally permitted).
  • Maryland (MODPA): You have the right to access, correct, delete, and restrict processing of your data. We practice data minimization and do not process sensitive data (including health data) for purposes beyond what is necessary to provide the Service. We will respond within 45 days.
  • Illinois (home state): Illinois residents have rights under the Illinois Personal Information Protection Act (815 ILCS 530). You may request information about our data practices and receive breach notifications as required by Illinois law. My Darling Decoy Games LLC is registered in Illinois at 307 Wickliffe St, Troy, IL 62294.
  • Other states: If you reside in a state with a consumer privacy law not listed above, you may exercise applicable rights by emailing [email protected]. We will comply with the requirements of your jurisdiction.

13. Data Breach Notification

In the event of a data breach involving your personal information, we will notify affected individuals and applicable state attorneys general or regulators as required by law. Notification will be made as expeditiously as practicable and without unreasonable delay, consistent with the needs of law enforcement and any measures necessary to determine the scope of the breach. Our internal incident response procedure is documented separately.

14. Children’s Privacy

The Service is not directed to children under 13 (or under 16 in jurisdictions that set a higher threshold). We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

15. International Users

If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States, where privacy laws may differ from those in your jurisdiction. If you are located in the European Economic Area (EEA) or United Kingdom, we rely on Standard Contractual Clauses or equivalent safeguards for such transfers.

16. Social Media Profiles & Third-Party Platforms

  • We maintain official accounts on Facebook, Instagram, Threads, X (formerly Twitter), LinkedIn, and YouTube to share product updates, educational content, and respond to questions. Links to these profiles appear in the site footer.
  • These platforms are operated by third parties (Meta Platforms, Inc.; X Corp.; LinkedIn Corporation; Google LLC) and are governed by their own terms of service and privacy policies, not this Privacy Policy. When you visit, follow, or interact with our profiles, those platforms collect data about you (such as device information, IP address, in-platform activity, and cookies) under their own privacy practices.
  • When you interact with our content on a social platform (likes, comments, shares, follows, direct messages, mentions, or tags), we may see and retain that interaction—including your platform username and any message you send us—for community management, customer support, and recordkeeping purposes.
  • As the operator of these accounts, we receive aggregate, de-identified analytics from the platforms (for example, Facebook Page Insights, YouTube channel analytics, LinkedIn Page analytics). These insights show overall reach, follower demographics, and engagement trends; they do not identify individual visitors to us.
  • Paid advertising on these platforms: when we run paid campaigns, we may install each platform’s conversion-tracking tag on the MyCareCost website (Meta Pixel and Conversions API for Facebook/Instagram/Threads; LinkedIn Insight Tag; X Pixel; TikTok Pixel; Google Ads conversion tag for YouTube). These tags load only after you opt in via our cookie banner (see Section 2) and are blocked entirely on consumer-health-data pages (see Section 11). They allow each platform to measure ad performance, attribute conversions, and build remarketing audiences.
  • Custom / Matched Audiences: we may upload hashed (SHA-256) email addresses to advertising platforms to (a) suppress current customers from acquisition campaigns and (b) build lookalike audiences for new-customer acquisition. We do not include consumer health data, search history, cart contents, or bill-comparison data in any uploaded audience. You can opt out at any time using the "Do Not Sell or Share My Personal Information" link in the footer or by emailing [email protected]; we will remove your hashed identifier from active audiences within 30 days.
  • Outbound links from social platforms to MyCareCost may include UTM parameters (e.g., utm_source=facebook) so we can measure which channels drive traffic. UTM tags identify the channel, not the individual user.
  • For more information on what each platform collects, see: Facebook/Instagram/Threads (Meta) at https://www.facebook.com/privacy/policy/, X at https://x.com/privacy, LinkedIn at https://www.linkedin.com/legal/privacy-policy, and YouTube/Google at https://policies.google.com/privacy.

17. CAN-SPAM Compliance

All commercial emails sent by MyCareCost include a clear unsubscribe mechanism. Unsubscribe requests are honored within 10 business days. Emails include accurate sender information and our physical mailing address. We do not use deceptive subject lines or false header information.

18. Changes to this Policy

We may update this Privacy Policy periodically. The “Last updated” date reflects the latest revision. For material changes, we will notify registered users via email or an in-app notice at least 30 days before the changes take effect.

19. Contact & Physical Address

  • For privacy questions, data requests, or concerns, email [email protected].
  • My Darling Decoy Games LLC (d/b/a MyCareCost), 307 Wickliffe St, Troy, IL 62294.