This Supplemental California Privacy Notice provides additional information for California residents and supplements the information contained in the NimbleRx Privacy Policy.
This Notice is provided pursuant to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and explains how Nimble Rx, Inc. (“NimbleRx,” “we,” “our,” or “us”) collects, uses, discloses, and shares personal information relating to California residents.
This Notice applies to personal information collected through our website, mobile application, and related services, including interactions with participating pharmacies and other business relationships, except where specific information is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or other applicable health privacy laws.
Certain health-related information processed by NimbleRx may be protected health information (“PHI”) under HIPAA when we act as a business associate to a covered entity, such as a pharmacy. In those circumstances, HIPAA may govern the use and disclosure of that information instead of certain provisions of the CCPA.
We do not sell protected health information (“PHI”) or other identifiable health information in exchange for monetary consideration.
However, certain uses of personal information described in our Privacy Policy—including the use of cookies, analytics tools, personalization technologies, sponsored communications, and certain advertising-related activities—may be considered “sharing” under California law.
We may also use or disclose de-identified or aggregated information for any lawful purpose, including research, analytics, product development, and commercial purposes, as permitted by applicable law.
The chart below summarizes the categories of personal information we may collect, the sources of that information, the purposes for which it is used, the categories of third parties to whom it may be disclosed, and whether such activities may be considered “sold” or “shared” under California law.
This Supplemental California Privacy Notice should be read together with our Privacy Policy, which provides additional information regarding how we collect, use, disclose, and protect personal information across our Services.
To review our full Privacy Policy, please click here.
Privacy Policy Table
| Category of Personal Information |
Examples |
Sources |
Business Purposes |
Categories of Third Parties Disclosed To |
Sold or Shared |
| Identifiers |
Name, email, phone, DOB, delivery address, account ID, IP address, device identifiers |
Directly from user; automatically collected; pharmacies; third-party services |
Provide services, account management, communications, fraud prevention, analytics |
Pharmacies, service providers, analytics providers, business partners |
May be considered 'shared' for analytics/personalization |
| Commercial Information |
Prescription purchases, OTC purchases, order history, payment activity |
Directly from user; pharmacies; payment processors |
Order fulfillment, payments, service delivery, reporting |
Pharmacies, payment processors, service providers |
Generally not sold; limited sharing for personalization/sponsored communications |
| Health / Medical Information |
Prescription data, refill history, insurance details, pharmacy interactions, inferred conditions, enriched claims information |
Pharmacies; healthcare partners; user; healthcare-related data providers and service providers |
Prescription fulfillment, healthcare support, personalization, authorized communications |
Pharmacies, service providers, covered partners |
No sale of PHI; disclosures only as permitted by law/authorization |
| Internet / Network Activity |
Cookies, pixels, browsing activity, app engagement, referral source, landing page behavior, personalization and activity |
Automatically collected |
Analytics, personalization, performance measurement, security, relevant experiences |
Analytics vendors, personalization vendors, advertising tools |
May be considered 'shared' under applicable state law |
| Geolocation Data |
Approximate location from IP; device location if enabled |
Automatically collected; device settings |
Service delivery, fraud prevention, personalization |
Service providers, analytics providers |
Generally not sold or shared |
| Inferences |
Preferences, engagement patterns, health topics of interest, and other relevant service personalization insights |
Derived internally from interactions and third-party data |
Personalization, analytics, service improvement, relevant communications |
Internal operations; limited partners supporting programs/services |
May be considered 'shared' depending on use |
| User Content |
Messages, posts, comments, feedback, forum participation, reviews, survey responses |
Directly from user |
Operate services, improve services, analytics, de-identified research/commercial uses |
Service providers; business partners in de-identified/aggregated form |
Generally not sold; de-identified use permitted |
| Professional / Employment Information |
Resume, cover letter, employer, qualifications, demo requests |
Directly from user |
Recruiting, HR administration, business relationship management |
HR providers, service providers, internal operations |
Not sold or shared |
| Sensitive Personal Information |
Health information, account credentials, payment data, precise location where enabled |
User; pharmacies; service providers |
Provide services, security, compliance, operations |
Pharmacies, processors, service providers |
Not used for purposes requiring separate right to limit, except as permitted by law |
This Supplemental California Privacy Notice provides additional information for California residents and supplements the information contained in the NimbleRx Privacy Policy.
This Notice is provided pursuant to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and explains how Nimble Rx, Inc. (“NimbleRx,” “we,” “our,” or “us”) collects, uses, discloses, and shares personal information relating to California residents.
This Notice applies to personal information collected through our website, mobile application, and related services, including interactions with participating pharmacies and other business relationships, except where specific information is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or other applicable health privacy laws.
Certain health-related information processed by NimbleRx may be protected health information (“PHI”) under HIPAA when we act as a business associate to a covered entity, such as a pharmacy. In those circumstances, HIPAA may govern the use and disclosure of that information instead of certain provisions of the CCPA.
We do not sell protected health information (“PHI”) or other identifiable health information in exchange for monetary consideration.
However, certain uses of personal information described in our Privacy Policy—including the use of cookies, analytics tools, personalization technologies, sponsored communications, and certain advertising-related activities—may be considered “sharing” under California law.
We may also use or disclose de-identified or aggregated information for any lawful purpose, including research, analytics, product development, and commercial purposes, as permitted by applicable law.
The chart below summarizes the categories of personal information we may collect, the sources of that information, the purposes for which it is used, the categories of third parties to whom it may be disclosed, and whether such activities may be considered “sold” or “shared” under California law.
This Supplemental California Privacy Notice should be read together with our Privacy Policy, which provides additional information regarding how we collect, use, disclose, and protect personal information across our Services.
To review our full Privacy Policy, please click here.
Privacy Policy Table
| Category of Personal Information |
Examples |
Sources |
Business Purposes |
Categories of Third Parties Disclosed To |
Sold or Shared |
| Identifiers |
Name, email, phone, DOB, delivery address, account ID, IP address, device identifiers |
Directly from user; automatically collected; pharmacies; third-party services |
Provide services, account management, communications, fraud prevention, analytics |
Pharmacies, service providers, analytics providers, business partners |
May be considered 'shared' for analytics/personalization |
| Commercial Information |
Prescription purchases, OTC purchases, order history, payment activity |
Directly from user; pharmacies; payment processors |
Order fulfillment, payments, service delivery, reporting |
Pharmacies, payment processors, service providers |
Generally not sold; limited sharing for personalization/sponsored communications |
| Health / Medical Information |
Prescription data, refill history, insurance details, pharmacy interactions, inferred conditions, enriched claims information |
Pharmacies; healthcare partners; user; healthcare-related data providers and service providers |
Prescription fulfillment, healthcare support, personalization, authorized communications |
Pharmacies, service providers, covered partners |
No sale of PHI; disclosures only as permitted by law/authorization |
| Internet / Network Activity |
Cookies, pixels, browsing activity, app engagement, referral source, landing page behavior, personalization and activity |
Automatically collected |
Analytics, personalization, performance measurement, security, relevant experiences |
Analytics vendors, personalization vendors, advertising tools |
May be considered 'shared' under applicable state law |
| Geolocation Data |
Approximate location from IP; device location if enabled |
Automatically collected; device settings |
Service delivery, fraud prevention, personalization |
Service providers, analytics providers |
Generally not sold or shared |
| Inferences |
Preferences, engagement patterns, health topics of interest, and other relevant service personalization insights |
Derived internally from interactions and third-party data |
Personalization, analytics, service improvement, relevant communications |
Internal operations; limited partners supporting programs/services |
May be considered 'shared' depending on use |
| User Content |
Messages, posts, comments, feedback, forum participation, reviews, survey responses |
Directly from user |
Operate services, improve services, analytics, de-identified research/commercial uses |
Service providers; business partners in de-identified/aggregated form |
Generally not sold; de-identified use permitted |
| Professional / Employment Information |
Resume, cover letter, employer, qualifications, demo requests |
Directly from user |
Recruiting, HR administration, business relationship management |
HR providers, service providers, internal operations |
Not sold or shared |
| Sensitive Personal Information |
Health information, account credentials, payment data, precise location where enabled |
User; pharmacies; service providers |
Provide services, security, compliance, operations |
Pharmacies, processors, service providers |
Not used for purposes requiring separate right to limit, except as permitted by law |
.svg)
