Privacy Policy

This policy describes how NPI Finder (“we,” “us”) collects, uses, and protects information when you use npi-finder.com and app.npi-finder.com (the “Service”). The short version: we collect what's needed to run the Service and bill for it, we use your uploaded data only to resolve it, and we don't sell anything to anyone.

Account information. Your name, email address, and password authentication details. Your credit balance and billing ledger are keyed to your verified email.

Uploaded data. The CSV rows you upload — provider and organization names, practice addresses, phone numbers, specialties, and whatever other columns your file carries — together with the results the Service produces for them (NPIs, confidence ratings, reasoning, source URLs).

Billing information. Payments are processed entirely by Stripe. We receive confirmation of your top-ups and a customer reference; your card number never touches our servers.

Usage data. Standard operational logs — request metadata, error reports, and rate-limit counters — used to keep the Service fast and reliable.

• to resolve your rows: each row is sent through our resolution pipeline, which includes large-language-model and web-search providers, strictly for the purpose of finding and verifying its NPI;
• to store your batches and results so you can return to them, rerun rows, and export;
• to operate your credit balance, ledger, and receipts;
• to respond when you contact support;
• to monitor for abuse and keep the Service available.

• We never sell your data.
• We never share it for advertising.
• We never use your files to market to the providers named in them.
• We never use your uploaded data to build products for other customers.

The Service is built for provider identity — business information of the kind that appears in public provider directories. Do not upload patient data or any protected health information (PHI). NPI Finder is not designed to process PHI, and we do not enter into business associate agreements. If you believe PHI was uploaded by mistake, delete the batch and contact us at support@npi-finder.com so we can confirm removal.

We rely on a small set of providers to run the Service, each receiving only what their role requires:

• Email providers — verification and password reset messages;
• Stripe — payment processing and receipts;
• LLM and web-search providers — receive row contents transiently to perform the resolution research;
• Cloud hosting — runs the application and stores your batches and ledger.

Public registry lookups go to the CMS NPPES Registry API, which is a public government service.

Your batches and results stay in your account until you delete them — batch deletion is available directly in the app. Billing ledger entries are retained for accounting purposes. To delete your account and its data entirely, email support@npi-finder.com from your account address and we'll confirm when it's done.

Traffic is encrypted in transit. Passwords are hashed before storage, session cookies are httpOnly, and payments are delegated to Stripe, so card numbers are handled by specialists rather than by us. Access to production data is restricted to operating the Service. No system is perfectly secure — if we learn of a breach affecting your data, we'll notify you without undue delay.

If we change this policy in a material way, we'll update the effective date above and, where practical, notify you in the app or by email before the change takes effect.

Privacy questions or requests: support@npi-finder.com.