Privacy Policy
Effective February 28, 2026
Contract X-Ray is a service of Nautilus Health Institute, a 501(c)(3) nonprofit dedicated to improving transparency, accountability, and fiduciary standards in employer-sponsored health plans. This Privacy Policy explains how we collect, use, and protect your information when you use the Contract X-Ray analysis service.
1. Information we collect
When you submit a contract for analysis, we collect contact information (email, company name), contract details (PBM name), and the uploaded contract document in PDF form. For Full Assessment submissions, payment is processed securely through Stripe. We do not store your credit card details.
2. How we use the information
We use the information solely to generate your analysis report, deliver it to your email, respond to questions you may have about the analysis, and improve our scoring methodology using anonymized aggregated data that does not identify you or your contract.
3. Who has access to your contract
Access is strictly limited to Nautilus analysts and the secure AI systems used in the analysis process. We do not sell, share, or disclose your contract to third parties, PBMs, competitors, or any external organizations.
4. Data security
We use encrypted transmission for all data, access controls limiting who can view contracts, and secure cloud storage with encryption at rest.
5. Data retention
Contracts and analysis are retained for 12 months to support follow-up questions and version comparisons. After this period, contracts are securely deleted unless you request a different retention term.
6. Your rights
You may request a copy of your data, request deletion of your data, or ask questions about how your information is handled. Contact .
7. Changes to this policy
Material changes will be communicated via email to active users. The effective date at the top of this page indicates when it was last revised.
8. Contact
Nautilus Health Institute.