Nibble Health, Inc. Privacy Policy

Effective Date: May 19, 2022
This Privacy Policy describes how Nibble Health, Inc. (“Nibble Health,” “we,” or “us”) and its subsidiaries collect and use your personal data that you provide in connection with our products and services, including without limitation (a) our service for facilitating healthcare financing or managing healthcare payments in connection with your employment, (b) the Nibble Health website available at www.nibblehealth.com, and (c) any other services related to the services described above.

In this Privacy Policy, the above are referred to collectively as the “Services.” This policy describes the choices available to you regarding our use of your personal data and how you can access and update this data. Services include software and services that we own and operate directly, as well as software and services that we market or provide from or on behalf of third parties.

If you have any questions regarding this Privacy Policy, please contact us at [email protected]. By using any of the Services you agree to be bound by this policy. If you do not agree to the terms of this Privacy Policy, please do not provide us with any personal information and do not use the Services.

The Services are intended for a general audience. We do not knowingly collect personal information from children under the age of 13. We will delete any personal information collected that we later determine to be from a user younger than the age of 13. If you are a parent or guardian of a child under the age of 13 and you believe he or she has disclosed personal information to us, please contact Customer Service using the contact information below.

The Services are provided to users from systems in the United States. If you are from outside the United States and use the Services, please be aware that the data protection laws in the United States may differ from those of the country where you are located, and your personal information may be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States. In addition, such data may be stored on servers located outside your resident jurisdiction and in jurisdictions that may have less stringent privacy practices than your own. By using the Services or providing us with any information, you consent to the transfer, processing, usage, sharing, and storage of your information, including personal information, in the United States as set forth in this Privacy Policy.

If you are a California resident, you may have certain rights as provided in the California Consumer Privacy Act (“CCPA”).  For the CCPA-specific provisions of this Privacy Policy, please see Section VI below.

I.            INFORMATION COLLECTED VIA THE SERVICES

We may obtain various types of personal data about users of the Services and non-customer website visitors. This data may include:
  • Contact information (name, address, phone number, email address, social security number);
  • Information about your employer and employment as provided to us by your employer pursuant to a contract or other arrangement with that employer;
  • Information about services ordered or provided;
  • Information about your healthcare providers and transactions with those providers (but not including diagnosis information);
  • Information collected through Internet-based and e-commerce activities such as information obtained from log files, cookies, clear gifs (i.e., web bugs), images, and scripts;
  • Customer service and demographic data such as gender, income level, and information about your prior experiences with our services;
  • Other transaction-related data.
When providing the Services we may also collect the following non-personally identifiable information about your devices, including:
  • Device information, such as the operating system version, processor type, memory space, and the like;
  • Information about software on your device, including the version of certain software programs and when they were installed and/or upgraded;
  • Browsing history, preferences, internet addresses, unique identifiers, device types, device location, and other similar information;
  • Information collected from logs, configuration files, and other system or software-level information.
We will retain your information for as long as your account is active and as needed to provide the Services. We will retain and use your information as reasonably necessary to conduct our business, comply with our legal obligations, resolve disputes, and enforce our agreements.

Please note that under our agreements with employers, we may collect less information in particular cases than as described in this Privacy Policy.  If you have specific questions about how your employer transfers information to us, please contact your employer.

II.          INFORMATION USAGE

You hereby agree that we may use the personal data you submit in order to:
  • Accomplish our business purposes, including to deliver or provide the Services, establish or maintain customer and business relationships, improve the Services, provide access to Internet-based and e-commerce activities, perform accounting functions, and conduct other activities as necessary or appropriate in connection with the Services.
  • Market our products and services to you, and the products and services of our third-party partners, including to send you information about products, services, or promotions.
  • Opt-Out:  You may opt out of these promotional communications by following the instructions in each message, or by contacting us at [email protected].
  • Send you service updates, announcements, and alerts related to the Services, including notices of security incidents, downtime, or planned maintenance. You may not opt-out of these service communications. If you do not wish to receive them, you have the option of deactivating your account and ceasing your use of the Services.
In addition, we may sell, transfer, or disclose personal data to our service providers under written contracts as needed for such service providers to perform services on our behalf, including to fulfill our obligations to you. Service providers and business partners that are provided information under this section will not use personal data for any other purposes. If we have actual knowledge that a business partner or service provider is processing your personal data in a way that is contrary to this Privacy Policy, we will take reasonable steps to prevent or stop such processing. In such case, you agree that we will not be held liable for the misuse of your data.

We may sell, transfer, or disclose personal data, including your contact information, to its affiliates, licensees, partners, and other third parties as appropriate in accordance with the terms of written agreements for legitimate business or marketing purposes.

We will, in our sole discretion, disclose your personal data to third parties in certain additional limited cases:  (1) when we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with our rights or the rights of our customers and vendors; (2) when we believe in good faith that the law requires us to do so; (3) to a subsequent owner, co-owner, or operator of a website or service or in connection with a merger, consolidation, or restructuring, or the sale of substantially all of our interests and/or assets, or other corporate change, including during the course of any due diligence process; and (4) in situations involving threats to the physical safety of any person.

III.        INFORMATION SECURITY

Your data is of the utmost importance to us. We use Transport Layer Security (TLS) and other transmission technologies to encrypt your personal data so it cannot be read in transit. In addition, we use secure technology, privacy protection controls, and restrictions on employee access to safeguard your personal information in storage.

Please note, however, that although we employ industry-standard security measures to safeguard the security of your personal information, no transmissions made on or through the Internet are guaranteed to be secure. Therefore, we cannot ensure the absolute security of any information you transmit to us, and you use our Services and provide us with your information at your own risk.

IV.         TRACKING TECHNOLOGIES

We and our marketing partners, affiliates, or analytics or service providers may use technologies such as cookies, beacons, tags, browser and device fingerprinting, network traffic monitoring, active scripting, recognition technologies, and scripts to analyze trends, administer the Services, track users’ behavior while using the Services, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

We may not control those tracking technologies and are not responsible for them. However, you consent to potentially encountering third-party tracking technologies in connection with use of our Services and accept that our statements under this Privacy Policy do not apply to the tracking technologies or practices of such third parties.

There may be other tracking technologies now and later devised and used by us in connection with the Services. Further, third parties may use tracking technologies in connection with our Services, which may include the collection and storing of information about your online activities over time and across third-party websites or online services.

We may partner with one or more third parties to either display advertising via the Services or to manage our advertising on other sites or services. Our third-party partner(s) may use tracking technologies to gather information about your use of the Services and other websites or services to provide you targeted advertising based upon your browsing activities and interests. If you wish not to have this information used for the purpose or serving you targeted ads, you may be able to opt-out by visiting:  http:/www.networkadvertising.org/managing/opt-out or http:/www.aboutads.info/choices.

Statements regarding our practices do not apply to the methods for collecting information used by these third parties or the use of the information that such third parties collect. We do, however, work with third parties to make efforts to have you provided with information on their practices and any available opportunity to exercise choice. We make no representations regarding the policies or practices of third party advertisers or advertising networks or exchanges or related third parties.

V.            OTHER SERVICES

If you click on a link to a third-party site, you will leave the site you are visiting and be redirected to the site you selected. Because we cannot control the activities of third parties, we do not accept responsibility for any use of your personal data by such third parties, and we do not guarantee that they will adhere to the same privacy policies as described in this Privacy Policy. We encourage you to review the privacy policies of any other service provider from whom you request services. If you visit a third-party site that is linked to a Service, you should read that third-party site’s privacy statement before providing any personal data.

Our Services may include social media features, such as the “Share This” button that allows you to like us on Facebook or share our content on Twitter. These features may collect your IP address and information regarding your use of the Services. Social media features are either hosted by a third party or hosted directly on our systems. Your interactions with these features are governed by the privacy statement of the applicable company.

VI.         CALIFORNIA CONSUMER PRIVACY ACT

A. Categories of Personal Information We Collect
Along with the information in the Privacy Policy as a whole, the CCPA requires us to describe the information we collect in certain “categories.”  The categories we collect may include: 
  • Identifiers (such as real name, alias, postal address, unique personal identifier, social security number, online identifier, internet protocol address, email address, account name, or other similar identifiers);
  • Commercial information (such as transaction data);
  • Internet or other network or device activity (such as browsing history and information on interaction with a website, application, or advertisement);
  • Geolocation data (at an IP-based or city/state/zip level);
  • Inference data about you drawn from the data in this section (based on user profile information);
  • Legally protected classifications (such as age and gender);
  • Other information that identifies or can be reasonably associated with you (e.g., information you voluntarily provide as you use the Services, such as additional profile information or user-generated content).
B. The Sources From Which the Categories of Personal Information Are Collected
We collect personal data directly from information you provide to us; indirectly from our affiliates, service providers, and other vendors; and indirectly through your interactions with websites or advertisements.
C. Business Purposes for Our Collection of Personal Information
  • The following is a list of the business purposes for our collection of information.
  • Provide the Services you have requested, including invoicing and accounting;
  • Respond to your requests for information and provide you with more effective and efficient customer service;
  • Provide you with updates and information about the Services;
  • Contact you by email, postal mail, or phone regarding our Services and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you;
  • Customize the advertising and content you see via the Services;
  • Help us better understand your interests and needs, and improve the Services, including through research and reports, and test and create new products, features, and services;
  • Secure our websites and applications, and resolve technical issues being reported;
  • Comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others; and
  • Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.
D. Sharing of Categories of Personal Information
We may share categories of personal information to accomplish the various business purposes above and as described throughout this Privacy Policy.
E. CCPA Rights Disclosur
If you are a California resident, the CCPA may allow you to make certain requests about your personal information. Specifically, the CCPA may allow you to request us to:
  • Inform you about the categories of personal information we collect or disclose about you and the categories of sources of such information;
  • Inform you about the business or commercial purpose for collecting personal information and the categories of third parties with whom we share/disclose personal information (which is also disclosed in this Privacy Policy);
  • Provide you with the specific pieces of personal information we collect about you;
  • Delete personal information we have about you.
Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you. You may only make such a request twice within a twelve-month period. Requests are generally free; however, we may charge a reasonable fee or deny your request if it is manifestly unfounded, excessive, or repetitive.

To make a CCPA request, please contact us at [email protected]. We will request information, which at a minimum will include your name and email address, to verify your identity. We may request additional information to verify your identity before responding to a request. Under the CCPA, you may have an authorized agent submit a request on your behalf, and we will collect certain authorization and verification information from the agent and you in such circumstances.

The CCPA further provides you with the right to receive information about the financial incentives that we offer to you, if any, and the right not to be discriminated against for exercising your rights under applicable law.

If you would like further information regarding your legal rights under California law, please contact us at [email protected].
F. California Do Not Sell Notice and Information Request
If you are a California resident, the CCPA provides you with the right to opt out of the "sale" of your "personal information." We may allow some of our advertising partners to collect certain pieces of information from our site visitors, such as device identifiers, cookies, advertising IDs, IP addresses, and usage activity, so that we and our partners can deliver ads that are more relevant to you. This type of information sharing with our advertising partners may be considered a "sale" under the CCPA. If you want to opt out of these activities, please contact us at [email protected]  Please note that some or all of the Services may not function if you choose to opt out of such activities.

If you are a California resident, California Civil Code Section 1798.83 allows you to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for the third parties’ direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding twelve calendar months. If you are a California resident and would like to make such a request, please submit your request in writing to:

Nibble Health, Inc.
33 Irving Place
New York, NY 10003

VII.         MISCELLANEOUS

You can access, update or correct your information, or otherwise ask us questions about this Privacy Policy by contacting us as follows:

Nibble Health, Inc.
33 Irving Place
New York, NY 10003

We may update this Privacy Policy from time to time to reflect changes to our information practices. When we make changes to this Privacy Policy, we will revise the “Effective Date” at the beginning of this Privacy Policy. If the changes to the Privacy Policy are material, we will notify you a notice within the Services or via email if we have your email address on file.