Legal agreements

Nibble Health Privacy Policy

Effective Date: July 5, 2023

I.          About this Privacy Policy

This Privacy Policy describes how Nibble Health, Inc. (“Nibble Health,” “we,” or “us”) and its subsidiaries collect and use your personal information that you provide in connection with our products and services, including without limitation (a) our service for facilitating healthcare financing or managing healthcare payments in connection with your employment, (b) the Nibble Health website available at, and (c) any other services related to the services described above.

In this Privacy Policy, the above are referred to collectively as the “Services.” This policy describes the choices available to you regarding our use of your personal information and how you can access and update this data. Services include software and services that we own and operate directly, as well as software and services that we market or provide from or on behalf of third parties.

If you have any questions regarding this Privacy Policy, please contact us at By using any of the Services you agree to be bound by this policy. If you do not agree to the terms of this Privacy Policy, please do not provide us with any personal information and do not use the Services.

Individuals residing in the United States may also refer to the Nibble Health U.S. Consumer Privacy Notice, which provides additional details about our collection, use, and sharing of your personal information in connection with the financial services that we provide to individuals, and associated rights you may have under federal law.

The Services are intended for a general audience. We do not knowingly collect personal information from children under the age of 13. We will delete any personal information collected that we later determine to be from a user younger than the age of 13. If you are a parent or guardian of a child under the age of 13 and you believe he or she has disclosed personal information to us, please contact Customer Service using the contact information below.

The Services are provided to users from systems in the United States. If you are from outside the United States and use the Services, please be aware that the data protection laws in the United States may differ from those of the country where you are located, and your personal information may be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States. In addition, such data may be stored on servers located outside your resident jurisdiction and in jurisdictions that may have less stringent privacy practices than your own. By using the Services or providing us with any information, you consent to the transfer, processing, usage, sharing, and storage of your information, including personal information, in the United States as set forth in this Privacy Policy.


The categories of personal information we collect depend on how you interact with us and our Services, and the requirements of applicable law. We collect different types of information about you depending on how you interact with us and how you use our Services. As further described below, we may collect information that you provide to us and information that we obtain automatically when you use our Services, and we may additionally obtain information about you from third parties. In order to provide our Services, we partner with or otherwise use third-party companies to perform certain business-related functions on our behalf (“Service Providers”), which may also collect personal information from or about you. In addition to the information below, please see “How We Share Your Information,” for more information about our Service Providers.

Please note that under our agreements with employers, we may collect less information in particular cases than as described in this Privacy Policy.  If you have specific questions about how your employer transfers information to us, please contact your employer.
A.  Information that You Provide to Use
  • Contact information, such as your name, address, phone number, email address, and social security number;
  • Information about your employer and employment as provided to us by your employer pursuant to a contract or other arrangement with that employer;
  • Information about services ordered or provided;
  • Information about your medical bills, healthcare providers and transactions with those providers;
  • Demographic data, such as gender, income level, and information about your prior experiences with our services;
  • Other transaction-related data, such as information you provide when you contact us with questions about our Services, for customer support, to let us know your ideas for new products or modifications to existing products, etc.
B. Information that is Passively or Automatically Collected About You
When providing the Services we, or our Service Providers or other third party vendors, may also collect information about you and your devices, including:
  • Device information, such as the operating system version, processor type, memory space, and the like;
  • Information about software on your device, including the version of certain software programs and when they were installed and/or upgraded;
  • Unique identifiers and browser information, such as preferences, internet addresses, device types, device location, and other similar information;
  • System or software-level information, such as derived from logs, configuration files, and other system or software-level information.
C. Information Collected Using Cookies and Similar Technologies
We and our marketing partners, affiliates, analytics providers or Service Providers may use technologies such as cookies, beacons, tags, browser and device fingerprinting, network traffic monitoring, active scripting, recognition technologies, and scripts to analyze trends, administer the Services, track users’ behavior while using the Services, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

For example, we use Google Analytics on our website, which allows us to view information about traffic to our webpage and helps us understand how website visitors use our Services. For more information on Google Analytics (including how it uses data for its own purposes) please visit the Google Analytics Terms of Use, the Google Analytics' Privacy and Data Protection Guidelines and in the Google Privacy Policy.

We may not control these types of tracking technologies and are not responsible for them. However, by using our Services, you understand that you may potentially encounter third-party tracking technologies, and accept that our statements under this Privacy Policy do not apply to the tracking technologies or practices of such third parties.

You may stop or restrict the placement of some types of cookies on your device or remove them by adjusting your preferences as your browser or device permits. You can also consult the “Help” section of your browser for more information (e.g. Internet Explorer, Google Chrome, Mozilla Firefox, or Apple Safari). However, please note that cookie-based opt-outs are typically not effective on mobile applications. You may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.

We may partner with one or more third parties to either display advertising via the Services or to manage our advertising on other sites or services. Our third-party partner(s) may use tracking technologies to gather information about your use of the Services and other websites or services to provide you targeted advertising based upon your browsing activities and interests. If you wish not to have this information used for the purpose or serving you targeted ads, you may be able to opt-out by visiting: http:/ or http:/

Please note that we do not recognize nor respond to browser-initiated do-not-track (“DNT”) signals, which are a privacy preference that users can set in certain web browsers, as the Internet industry is currently still working toward defining exactly what DNT means, what it means to comply with DNT, and developing a common approach to responding to DNT. To learn more about Do Not Track, you can do so here.

Statements regarding our practices do not apply to the methods for collecting information used by these third parties or the use of the information that such third parties collect. We do, however, work with third parties to make efforts to have you provided with information on their practices and any available opportunity to exercise choice. We make no representations regarding the policies or practices of third party advertisers or advertising networks or exchanges or related third parties.
D. Information Relating to Third Parties
You can choose to provide us with information relating to third parties, but only to the extent that such sharing does not violate this Policy or our Terms of Use  (collectively, “Third-Party Data”). If you use any feature of the Services that allows you to communicate with or about third parties, either by submitting Third-Party Data to the Services or otherwise permitting the Services to automatically access Third-Party Data in your possession, you acknowledge, represent, and agree (a) that you have the authority of the relevant third party for us to access and use the relevant Third-Party Data, (b) that you have notified these third parties and informed them how their information is collected and used by Nibble to provide the Services, and (c) your sharing of the Third-Party Data complies with our Terms of Use and this Policy. 


You can choose to provide us with information relating to third parties, but only to the extent that such sharing does not violate this Policy or our Terms of Use  (collectively, “Third-Party Data”). If you use any feature of the Services that allows you to communicate with or about third parties, either by submitting Third-Party Data to the Services or otherwise permitting the Services to automatically access Third-Party Data in your possession, you acknowledge, represent, and agree (a) that you have the authority of the relevant third party for us to access and use the relevant Third-Party Data, (b) that you have notified these third parties and informed them how their information is collected and used by Nibble to provide the Services, and (c) your sharing of the Third-Party Data complies with our Terms of Use and this Policy. 


We may use the personal information you submit in order to:
  • Communicate With You About Your Use of the Services. We may use the information we collect to contact you for administrative purposes (e.g. to provide services and information that you request or to respond to comments and questions).
  • Tell You About Other Products and Services. Subject to your preferences regarding marketing communications, we may also use the information we collect to send you communications such as updates on events, communications relating to products and services offered by us and by third parties, and communications about aspects of the Service we believe will be of interest to you. If you have chosen to provide us with your mobile number and have opted in to these types of communications, we may communicate with you to provide information regarding your Nibble account by phone or text message. You may opt out of these communications by following the instructions in each message, or by contacting us at; however, you may continue to receive informational messages from us such as service updates, announcements, and alerts related to the Services. If you do not wish to receive these informational messages, you have the option of deactivating your account and ceasing your use of the Services.
  • Provide the Services and Accomplish Our Business Purposes. We use the information we collect to operate, maintain, and provide our Services, such as enabling access to the Services, customer support, or to complete transactions, and to establish or maintain customer and business relationships, improve the Services, provide access to Internet-based and e-commerce activities, perform accounting functions, and conduct other activities as necessary or appropriate in connection with the Services
  • Ensure Security and Combat Fraud. We use the information we collect to secure our Services and to verify identity, prevent fraud, and to continually improve these aspects of our Services.
  • Perform Analytics, Research and Product Development. We use the information we collect to analyze data usage trends and preferences in order to improve the accuracy, effectiveness, security, usability or popularity of our Services. We further use data in connection with our research on our customer demographics, interests and behavior.
  • Customize the Services. We use the information we collect, such as device identifiers, to learn how users interact with our Services in order to personalize the content of our Services.
  • Comply with Legal Obligations and Enforce Our Rights. We use information we collect to defend our legal rights, comply with national, state, local, federal, regional or international laws, and to enforce our Terms of Service and this Policy.
  • Use of Aggregated Data. We may aggregate, anonymize and/or de-identify information collected from or about you so that the information no longer identifies you (“Aggregated Data”). We use Aggregated Data only as allowed by applicable law.
D. How We Disclose Your Information
There are certain circumstances in which we share information collected through the Services with third parties, as set forth below. Nibble does not sell your personal information, including your Health Data.
  • With our Successors-in-interest. We will share your information with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings) and, in each case, any due diligence relating thereto.
  • With our Service Provides and Other Third Parties. We provide access to or share your information with our Service Providers so they can perform services for us. Examples of such functions include marketing, mailing information, data storage, security, identity verification, fraud prevention, payment processing, legal services, and maintaining databases. We limit the personal information provided in this context to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information.
  • With your Employer. We may share some Aggregated Data about the use of our Services with your employer. This information does not personally identify you.
  • To Meet our Legal Requirements. We may disclose your information when we have a good faith belief that doing so is necessary to: (i) comply with the law including with subpoenas, search warrants, court orders, and other legal process; and respond to inquiries or requests from government, regulatory, law enforcement, public authorities, or content protection organizations; (ii) protect and defend the legal rights, privacy, safety or property of Nibble Health, its affiliates, subsidiaries, employees, agents, contractors, or its users; (iii) permit us to pursue available remedies, commence, participate in, or defend litigation, or limit the damages we may sustain; (iv) to prevent harm or to ensure the physical safety of any person, or (v) enforce this Policy or any applicable Terms of Service.
  • Your Consent. In certain situations, we may share your information in the event that you consent to or authorize the sharing of your information, such as if you agree to the privacy policies and terms of use of third parties that are integrated with our Services.
  • Aggregated Data. We may share Aggregated Data with our affiliates, agents, business partners, research facilities, or other third parties, including your employer.
  • Cookies and Other Electronic Technologies. Information is shared as stated in the Section of this Policy entitled “Cookies and Third Party Integrations.”
  • Other Users of Our Services. We provide your information to other users of our Services if you choose to make your information publicly available in a publicly accessible area of the Services.


Your data is of the utmost importance to us. We implement and maintain commercially reasonable administrative, technical, and physical data security practices that are intended to protect the confidentiality, integrity, and accessibility of your personal information, including Health Data, and that are appropriate to the volume and nature of the personal information that we process.  For example, we use Transport Layer Security (TLS) and other transmission technologies to encrypt your personal information so it cannot be read in transit. In addition, we use secure technology, privacy protection controls, and restrictions on employee access to safeguard your personal information in storage.

Please note, however, that although we employ industry-standard security measures to safeguard the security of your personal information, no transmissions made on or through the Internet are guaranteed to be secure. Therefore, we cannot ensure the absolute security of any information you transmit to us, and you use our Services and provide us with your information at your own risk.


We retain your information for as long as we deem necessary for the purpose for which that information was collected, including as long as your account is active, and for our legitimate business operations; provided, however, that your information is only retained to the extent permitted or required by applicable laws. When we no longer need to retain your information, we will take reasonable steps to remove it from our systems and records and/or take steps to anonymize it so that you can no longer be identified from it in accordance with our internal document retention policies.

When determining the retention period for your information, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our Services, the impact on the Services we provide to you if we delete some information about you, and mandatory retention periods provided by law and associated limitations periods.

There may be other tracking technologies now and later devised and used by us in connection with the Services. Further, third parties may use tracking technologies in connection with our Services, which may include the collection and storing of information about your online activities over time and across third-party websites or online services.

To close an account that you have created with us, please contact us at Closure or deletion of your account may mean that you lose access to the personal information and data associated with the account. Certain personal information or de-identified information associated with your account may nonetheless remain on systems owned or maintained by us when required to comply with the law, our contractual obligations, or in carrying out legitimate business functions.    


The Services may contain features supported by, links to, or integrations with third party content. For example: 
  • We use Twillio to help us in communicating with you, which may collect some personal information about you. 
  • If you click on a link to a third-party site while using our Services, you will leave the site you are visiting and be redirected to the site you selected. Nibble is not responsible for the privacy practices of these third parties. 
  • Our Services may include social media features, such as the “Share This” button that allows you to like us on Facebook or share our content on Twitter. These features may collect your IP address and information regarding your use of the Services. 
Because we cannot control the activities of third parties, we do not accept responsibility for any use of your personal information by such third parties, and we do not guarantee that they will adhere to the same privacy policies as described in this Privacy Policy. Instead, your interactions with these features are governed by the privacy statement of the applicable third party. We encourage you to review the privacy policies of any third parties from whom you request services, or that are otherwise integrated with or supporting our Services.


You can access, update or correct your information, or otherwise ask us questions about this Privacy Policy by contacting us as follows:

Nibble Health, Inc.
33 Irving Place
New York, NY 10003

We may update this Privacy Policy from time to time to reflect changes to our information practices. When we make changes to this Privacy Policy, we will revise the “Effective Date” at the beginning of this Privacy Policy. If the changes to the Privacy Policy are material, we will notify you a notice within the Services or via email if we have your email address on file.