Privacy Policy

Last Updated: November 2024

1. Introduction

Gimble ("we," "our," or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our patient-facing healthcare application.

Please read this privacy policy carefully. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Health Information

When you authenticate through your healthcare provider's patient portal, you authorize us to access certain health information on your behalf, including:

• Medication requests and prescription information
• Account and billing information
• Claims and explanation of benefits
• Basic patient demographic information

2.2 Technical Information

We may automatically collect certain technical information, including:

• Browser type and version
• Device type
• IP address
• Pages visited and time spent on pages
• Error logs for troubleshooting

3. How We Use Your Information

We use the information we collect to:

• Display your medication and billing information to you
• Authenticate your identity through your healthcare provider
• Maintain and improve the Service
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns
• Ensure the security of the Service

4. Data Storage and Retention

Gimble is designed with privacy in mind:

• Session-based access: Your health information is accessed in real-time from your healthcare provider's systems and is not permanently stored on our servers.
• Temporary session data: Authentication tokens are stored temporarily in encrypted sessions and are deleted when you log out or your session expires.
• Technical logs: We may retain technical logs for up to 30 days for security and troubleshooting purposes.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal health information. We may share information only in the following circumstances:

• With your consent: When you explicitly authorize us to share information.
• Service providers: With trusted third-party service providers who assist in operating our Service, subject to confidentiality agreements.
• Legal requirements: When required by law, court order, or governmental authority.
• Safety: To protect the rights, property, or safety of Gimble, our users, or others.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• TLS/SSL encryption for all data in transit
• Secure authentication through OAuth 2.0 with PKCE
• Regular security assessments
• Access controls and authentication requirements
• Secure session management

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

You have the following rights regarding your information:

• Access: You can view your health information through the Service.
• Revoke authorization: You can revoke Gimble's access to your health information at any time through your healthcare provider's patient portal.
• Logout: You can end your session at any time, which clears your session data.
• Contact: You can contact us with questions about your data.

8. HIPAA Compliance

Gimble accesses Protected Health Information (PHI) through Epic's SMART on FHIR platform. We are committed to handling this information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable healthcare privacy regulations.

9. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@gimble.app

13. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). Please contact us for more information about exercising these rights.