For individuals For organizations Our approach Blog Get started
Legal

privacy policy

This notice explains how nymble collects, uses, discloses, and protects personal information in our services.

Effective date: April 8, 2025

overview

Thank you for reading our Privacy Notice. Together with our Terms of Service, this establishes the legal relationship of individuals like you with Nymble Health Inc. ("nymble", "us", "we"). This policy applies to information collected through our nymble AI-powered chat services (the "Services"). By accessing or using the Services, you consent to the practices described here.

how we make money

  • nymble is a paid service funded by subscriber organizations that authorize your access.
  • nymble does not rely on advertising and does not sell your personal information to third parties.
  • Where clinical trials or optional initiatives exist, we apply opt-in consent and additional disclosure.
  • Patient safety, including privacy, is prioritized over commercial interests.

responsible AI

nymble aligns its responsible AI approach with the World Health Organization guidance in Ethics and Governance of Artificial Intelligence for Health. Our guardrails evolve with user safety as the primary objective.

privacy and consent by design

  • We follow Privacy by Design and embed privacy controls through the software lifecycle.
  • We de-identify phone numbers in account records and segregate identifying data.
  • We follow Consent by Design: where use cases differ from baseline commitments, we explain and request explicit opt-in.
  • You can update consent preferences in account settings; some features may be limited if you opt out.

personal information we collect

  • Information you give us: account setup details (at minimum, phone number) and chat content you submit.
  • Automatically generated information: technical usage data such as IP address and operational telemetry.
  • Information from other sources: eligibility and access confirmation from subscriber organizations.

how we use personal information

  • De-identification: we mask and segregate identifiers to reduce direct identifiability risk.
  • Messaging operations: we process contact data to deliver SMS/WhatsApp communications.
  • Account management: personalization, account administration, and legal compliance.
  • Research and analysis: internal analytics, product development, and service improvement.
  • Anonymization: in some use cases, data may be irreversibly anonymized.
  • AI training: anonymized data may be used to improve models.

how we share personal information

We do not sell personal information. We disclose data only as needed for service delivery and lawful operations.

  • Affiliates within our corporate group.
  • Third-party service providers (subprocessors) under contractual safeguards.
  • Business transfers (for example, merger or acquisition), subject to notice.
  • Applicable law and lawful requests by public authorities.

data storage and retention

We disclose service provider locations for transparency. We retain information only as long as needed for the stated purpose and legal obligations. Where retention requirements are defined by subscriber organizations, those terms apply.

security safeguards

  • Data masking and segregation for de-identification at rest.
  • Encryption in transit and at rest.
  • Least-privilege access controls.
  • Security management practices aligned with industry standards.
  • Confidentiality obligations for employees and contractors.
  • Privacy and security training for personnel.
  • Vendor due diligence and contractual controls for subprocessors.

incident management

nymble maintains incident response procedures for unauthorized access scenarios and supports subscriber organizations with investigation and legally required notification.

information for minors

We do not knowingly collect personal information from users under 18 years of age.

privacy rights

  • Access and correction: request details and corrections to your data.
  • Opt-out: manage optional data collection in settings and specific workflows.
  • Deletion requests: request deletion, subject to legal and operational obligations.
  • Appeals: where applicable, you may appeal rights-related decisions.

accountability and contact

nymble has a designated Privacy Officer within executive leadership. Questions can be sent to [email protected].

Mailing address:
Nymble Health Inc.
329 Howe St #1021
Vancouver, BC V6C3N2
Canada

changes to this policy

We may update this notice from time to time. For material changes, we provide at least 30 days notice via website update or email.

jurisdiction-specific commitments

In the prior 12 months, personal information categories processed for business purposes include identifiers (for example name, contact details, IP address) and electronic activity information (for example chat logs and messages). We do not sell personal information and do not discriminate for exercising privacy rights.

Where GDPR applies, processing is based on legitimate interests, contractual necessity with subscriber organizations, and legal obligations, depending on the purpose of use.

third-party service providers (subprocessors)

Name Description of processing Data residency Corporate residency
Azure (Microsoft) Cloud infrastructure and data hosting Canada United States
GitHub (Microsoft) Code management and version control United States United States
Squarespace Website hosting United States United States
Twilio Transactional messaging APIs United States United States
OpenAI Generative AI service provider United States United States

cookies

nymble uses cookies for secure account authentication. For the current operational cookie inventory, contact [email protected].