Is Themis a substitute for a lawyer or medical billing advocate?

No. Themis gives you the analysis and documentation tools that advocates use — so you can do it yourself for a fraction of the cost. For complex legal disputes, consult a licensed professional.

What file types does Themis accept?

PDF, JPG, PNG, and TIFF for bills and EOBs. Most insurance portals and hospital billing departments provide PDF downloads.

Does Themis store my medical documents?

No. Your documents are processed locally on your device. We store your account information and analysis metadata, not the documents themselves.

What's the difference between Plus and Family plans?

Plus covers one person on one insurance plan. Family supports multiple people under a single insurance policy, with individual tracking that rolls up to a shared family deductible and out-of-pocket maximum.

Virgil is Themis's Pro-tier AI assistant. It answers questions about billing codes, insurance terms, and your specific charges in plain language — like having a knowledgeable friend who actually reads your EOBs.

Can I cancel anytime?

Yes. Monthly plans cancel at the end of the current billing period. Annual plans are non-refundable after 7 days but can be cancelled to prevent renewal.

What if I have multiple insurance plans?

Themis currently supports one insurance plan per subscription. Multi-plan support is on the roadmap.

Privacy Policy

Effective Date: April 10, 2026 | Last Updated: April 10, 2026

Themis by Lonia AI ("Themis," "we," "us," or "our") is a self-service medical bill reconciliation platform operated by Lonia AI (admin@lonia.ai). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

We built Themis with a local-first architecture because we believe your medical documents are nobody's business but yours. This policy reflects that principle.

What We Collect

Account Information

When you sign in to Themis, we collect the information provided by your Google account through OAuth authentication:

Your name
Your email address
Your profile photo (if available)

We use this information solely to create and manage your Themis account. We do not collect or store passwords — Themis uses Google OAuth exclusively for authentication.

Subscription and Payment Data

When you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not collect, store, or have access to your credit card number, bank account details, or other payment instruments. Stripe provides us with:

Your subscription status (active, canceled, past due)
Your plan tier
Transaction history (dates and amounts)
The last four digits of your payment method (for your reference in the dashboard)

For Stripe's own privacy practices, see Stripe's Privacy Policy.

Your Medical Documents

Themis does not store your medical documents on our servers.

All document processing — including bill parsing, EOB analysis, reconciliation, and discrepancy detection — happens locally in your browser using IndexedDB. Your medical bills, Explanation of Benefits documents, and insurance information remain on your device unless you explicitly choose to enable cloud sync (a future feature that will be clearly disclosed and opt-in only).

This means:

We cannot see your medical documents.
We cannot access your billing data.
We do not transmit your documents to any server for processing.
If you clear your browser data, your locally stored documents are deleted.

Analysis Results and Preferences

Your reconciliation results, saved preferences, accessibility settings, and application state are stored locally in your browser's IndexedDB. If you are on a plan that includes cloud backup (future feature), this data would be encrypted before transmission and stored in encrypted form.

Usage Analytics

We may collect anonymized, non-personally-identifiable usage data to improve the platform, such as:

Pages visited within the application
Features used (e.g., reconciliation, dispute letter generation)
Browser type and screen size
Error reports (which do not contain document content)

We do not use third-party advertising trackers. We do not sell, share, or monetize your usage data.

How We Use Your Information

We use the information we collect to:

Authenticate your identity and manage your account
Process your subscription and manage billing through Stripe
Provide customer support when you contact us
Improve the platform's functionality and fix bugs
Send transactional emails related to your account (subscription confirmations, billing receipts, critical service updates)

We do not use your information for:

Advertising or ad targeting
Selling to third parties
Training AI models on your personal data
Profiling or behavioral tracking beyond basic analytics

Third-Party Services

Themis integrates with the following third-party services:

Service	Purpose	Data Shared
Google OAuth	Authentication	Name, email, profile photo — provided by your Google account
Supabase	Account management, subscription status	Account metadata (name, email, plan tier). No medical documents.
Stripe	Payment processing	Payment method details (handled directly by Stripe — we never see full card numbers)
Cloudflare	Hosting and CDN	Standard web request data (IP address, browser type) — subject to Cloudflare's privacy policy

We do not share your data with any other third parties. We do not use data brokers, advertising networks, or analytics platforms that sell user data.

Data Retention and Deletion

Account Data

We retain your account information (name, email, subscription status) for as long as your account is active. If you cancel your subscription and request account deletion, we will delete your account data within 30 days.

Local Data

Your medical documents and analysis results stored in your browser's IndexedDB are under your control. You can delete them at any time by clearing your browser data or using the data management tools within Themis.

Payment Records

Stripe retains transaction records according to their own retention policy and applicable financial regulations. We retain subscription status records for accounting and legal compliance purposes.

Right to Deletion

You can request deletion of your account and all associated data by emailing support@lonia.ai. We will confirm deletion within 30 days. Note that locally stored data (in your browser) must be cleared by you directly, as we do not have access to it.

Data Security

Authentication: OAuth-only (Google). No passwords are stored — ever.
Encryption in Transit: All data transmitted between your browser and our services uses TLS encryption.
Encryption at Rest: Account metadata stored in Supabase is encrypted at rest.
Local Processing: Medical documents are processed entirely in your browser and are never transmitted to our servers.
Access Controls: Row-level security (RLS) is enforced on all database tables, ensuring users can only access their own data.
Audit Logging: Significant account actions (login, subscription changes, data export, account deletion) are logged for security purposes.

HIPAA Disclosure

Themis is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). However, we have built Themis to meet or exceed HIPAA-grade safeguards as a matter of principle:

Medical documents are processed locally and never stored on our servers
Account data is encrypted at rest and in transit
Access controls enforce strict data isolation between users
Audit trails track significant account actions

We believe that handling medical billing data responsibly should not require a legal mandate — it should be the default.

Children's Privacy

Themis is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@lonia.ai and we will delete it promptly.

Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Correct inaccurate personal data
Delete your account and associated data
Export your data in a portable format
Object to certain processing of your data

To exercise any of these rights, contact us at support@lonia.ai. We will respond within 30 days.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we will notify you via email or through a notice in the application.

Contact

If you have questions about this Privacy Policy or your data:

Email: support@lonia.ai

Website: https://lonia.ai

Product: https://themis.lonia.ai