Overview
NPI Enricher ("the Extension", "our Service") is a Chrome browser extension and web application that helps healthcare sales professionals look up publicly available information about healthcare providers using their National Provider Identifier (NPI) number. We are committed to protecting your privacy and being transparent about what data we access and how we use it.
What Data We Access
Data We DO Access:
- Provider names you search for — when you type a provider name into the search box, we send that query to our backend API to look up NPI records.
- LinkedIn page content (limited) — when you visit a LinkedIn profile, the extension may read the profile name displayed on the page to auto-fill the search box. We only read the visible name text, nothing else.
- Lookup history — your recent searches are stored locally in your browser's localStorage. This data never leaves your device.
- Account information — if you create a paid account, we store your email address and subscription status.
Data We DO NOT Access:
- Your LinkedIn login credentials
- Your LinkedIn connections, messages, or private data
- Your browsing history on any site other than LinkedIn profile pages
- Any personal health information (PHI) — all data we display is publicly available from government registries
- Your location, contacts, camera, microphone, or any other device data
Data Sources
All provider data displayed by NPI Enricher comes from publicly available U.S. government datasets:
- NPPES NPI Registry (npiregistry.cms.hhs.gov) — provider name, NPI number, specialty, practice address, phone number, active status
- CMS Medicare Provider Data (data.cms.gov) — Medicare claims volumes, procedure codes, patient demographics, payment amounts
- CMS Open Payments / Sunshine Act (openpaymentsdata.cms.gov) — industry payments to physicians from device and pharmaceutical companies
All of this data is public record, published by the Centers for Medicare & Medicaid Services (CMS), and freely accessible to anyone. We do not access, store, or display any protected health information (PHI).
Data Storage & Security
- Search queries are processed in real-time and not permanently stored on our servers.
- Lookup history is stored locally in your browser only (localStorage). Clearing your browser data removes it.
- Account data (email, subscription status) is stored securely in our database with encryption at rest.
- Payment processing is handled entirely by Stripe. We never see or store your credit card number.
- We use HTTPS encryption for all data in transit.
Chrome Extension Permissions
Our extension requests the following browser permissions:
- activeTab — to detect if you're on a LinkedIn profile page and read the displayed name
- storage — to save your lookup preferences and history locally in Chrome
- tabs — to check the current tab URL to determine if LinkedIn auto-fill should activate
- host_permissions (linkedin.com) — to inject the content script that reads profile names on LinkedIn
- host_permissions (our API domain) — to communicate with our backend for NPI lookups
Third-Party Services
- Stripe — payment processing. See Stripe's Privacy Policy.
- Railway — backend hosting infrastructure.
- Supabase — database and authentication services.
Your Rights
- You can delete your local data at any time by clearing your browser's localStorage.
- You can uninstall the extension at any time through Chrome's extension manager.
- You can request account deletion by emailing us (see contact below).
- You can cancel your subscription at any time through your account settings or by contacting us.
HIPAA Compliance Note
NPI Enricher does not access, store, transmit, or display any Protected Health Information (PHI) as defined by HIPAA. All provider data we display is publicly available from government registries. NPI numbers, practice addresses, Medicare billing summaries, and Open Payments data are all public records. Our service is a research and sales intelligence tool, not a healthcare application.
Changes to This Policy
We may update this privacy policy from time to time. We will notify users of any material changes by updating the "Last updated" date at the top of this page.