we take privacy seriously.

Effective Date: May 13, 2026

This Privacy Policy applies to the Rabble Health website, the MyRabble platform, related applications, communications, patient and care partner services, and other services provided by Rabble Health, Inc. This Privacy Policy applies to individuals who visit our websites, access or use the Services, communicate with us, or otherwise interact with Rabble Health. Certain information processed through MyRabble may be controlled by healthcare organizations, employers, benefits organizations, or other client entities that use the Services. In those situations, Rabble Health may process information on behalf of such organizations pursuant to contractual obligations and applicable law.

“Rabble Health,” “Rabble,” “we,” “our,” or “us” means Rabble Health, Inc., a California-based company providing digital health and care coordination services throughout the United States. “MyRabble” means Rabble Health’s digital platform, applications, patient and care partner tools, portals, communications, and related services. “Services” means the Rabble Health website, MyRabble platform, applications, communications, and related services provided by Rabble Health. “Personal Information” means information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual. “Protected Health Information” or “PHI” means health information protected under the Health Insurance Portability and Accountability Act (“HIPAA”), where applicable. “Sensitive Personal Information” includes categories of information such as account credentials, health information, racial or ethnic origin, precise geolocation data, and other categories defined by applicable privacy laws. “Service Provider” means a vendor, contractor, or provider that processes information on behalf of Rabble Health for business purposes. “Business Associate” has the meaning assigned under HIPAA. “User,” “you,” or “your” means any individual or organization that accesses or uses the Services.

We collect only information reasonably necessary to provide, secure, improve, and support the Services. We collect information directly from users, automatically through use of the Services, from healthcare organizations and partners, and from third parties. Categories of information we may collect include: Information You Provide Directly: name, email address, phone number, mailing address, username and password, profile information, communications and correspondence, uploaded documents, forms or files, survey responses, and feedback. Health and Care Information: Depending on how the Services are used, we may collect health-related information, care coordination information, appointment information, support needs, care preferences, and related information provided by users or healthcare organizations. Information Collected Automatically: We may automatically collect IP address, device identifiers, browser type, operating system, usage activity and interactions, login history, pages viewed, referring URLs, session information, analytics information, and diagnostic information. Information From Third Parties: We may receive information from healthcare providers, employers, benefits organizations, referral partners, analytics providers, identity verification providers, and publicly available sources. Mobile Device Permissions: If enabled by the user, our applications may request access to device features such as camera, notifications, photo storage, or location information in order to support platform functionality. Users may disable these permissions through their device settings.

Depending on how the Services are used, Rabble Health may collect or process certain categories of Sensitive Personal Information, including health-related information, account credentials, demographic information, or precise geolocation information where necessary to provide and support the Services. Rabble Health uses Sensitive Personal Information only for legitimate business, operational, security, legal, and care coordination purposes consistent with applicable law. Rabble Health does not use Sensitive Personal Information for unrelated advertising purposes.

Rabble Health may process health-related information on behalf of healthcare organizations, employers, care providers, and other authorized entities. In certain circumstances, Rabble Health may act as a service provider, processor, or “Business Associate” under HIPAA and process Protected Health Information (“PHI”) in accordance with applicable agreements and legal requirements. Where Rabble Health acts as a Business Associate, our collection, use, disclosure, and safeguarding of PHI are governed by applicable Business Associate Agreements and HIPAA requirements. Healthcare organizations and other covered entities using the Services are responsible for determining whether HIPAA applies to their use of the Services and for obtaining any necessary authorizations, consents, or notices required under applicable law. Rabble Health does not sell PHI or use PHI for advertising purposes.

We use Personal Information and health-related information for legitimate business and operational purposes, including to provide, operate, maintain, and improve the Services; create and manage accounts; facilitate care coordination and communication; respond to support requests and inquiries; authenticate users and secure accounts; monitor system performance and troubleshoot issues; conduct analytics and improve user experience; send administrative communications and service notices; comply with legal, regulatory, and contractual obligations; prevent fraud, misuse, unauthorized access, and security incidents; enforce our Terms of Service and policies; and conduct internal reporting, auditing, and operational analysis. We may aggregate or de-identify information for analytics, operational improvement, reporting, and research purposes in accordance with applicable law.

We may disclose Personal Information in the following circumstances: Service Providers and Vendors: We may share information with carefully selected vendors and contractors that help us operate the Services, including providers of hosting, analytics, authentication, communications, customer support, infrastructure, and security services. Such providers are subject to contractual confidentiality and security obligations. Healthcare Organizations and Clients: We may share information with healthcare providers, employers, benefits organizations, and other authorized entities that use the Services in connection with care coordination, support, or authorized services. Legal Compliance and Protection: We may disclose information where required to comply with applicable laws, regulations, subpoenas, court orders, legal process, or governmental requests, or where necessary to protect the rights, property, safety, or security of Rabble Health, users, or others. Corporate Transactions: Information may be transferred in connection with a merger, acquisition, financing, asset sale, bankruptcy, or other corporate transaction. With Consent: We may disclose information where users direct us to do so or otherwise provide consent. Rabble Health does not sell Personal Information or Protected Health Information.

We retain Personal Information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and operational integrity. Retention periods may vary depending on the nature of the information, the type of relationship involved, applicable legal requirements, contractual obligations, and operational needs. When information is no longer required, we may securely delete, anonymize, or de-identify it in accordance with applicable law and internal retention practices.

Rabble Health maintains administrative, technical, and physical safeguards designed to protect Personal Information and health-related information from unauthorized access, disclosure, misuse, alteration, or destruction. Our security measures may include encryption in transit and at rest, role-based access controls, authentication procedures, monitoring systems, workforce confidentiality obligations, vendor security reviews, and incident response procedures. Although we use reasonable safeguards designed to protect information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. Users are responsible for maintaining the confidentiality of account credentials and for notifying Rabble Health of any suspected unauthorized account activity.

Rabble Health maintains policies and procedures designed to identify, investigate, contain, and respond to suspected security incidents involving Personal Information or Protected Health Information. Where required by applicable law, Rabble Health will provide notifications regarding certain security incidents or data breaches in accordance with applicable legal and regulatory requirements.

Depending on your location and applicable law, you may have rights regarding your Personal Information, including the right to access information we maintain about you, request correction of inaccurate information, request deletion of certain information, request portability of your information, object to or restrict certain processing activities, opt out of certain communications, and appeal certain privacy rights decisions where permitted by law. To exercise applicable rights, please contact us using the contact information provided below. We may take reasonable steps to verify identity before processing requests. Rabble Health will respond to verified requests within timeframes required by applicable law. Where permitted by law, individuals may appeal certain privacy rights decisions by contacting us using the information provided below.

Rabble Health may use cookies, session technologies, analytics tools, and similar technologies to operate the Services, authenticate users, remember preferences, analyze usage patterns, improve functionality, maintain security, and support operational performance. Users may control cookies and tracking technologies through browser or device settings. Disabling certain technologies may affect functionality or availability of portions of the Services.

Individuals located outside the United States may have certain rights under applicable privacy and data protection laws, including rights related to access, correction, deletion, restriction, objection, and portability of Personal Information. Where applicable, Rabble Health processes Personal Information based on legitimate business interests, contractual necessity, consent, legal obligations, or other lawful bases recognized under applicable law. Rabble Health may process and store information in the United States or other jurisdictions where our service providers operate, subject to appropriate safeguards and protections where required by law.

Residents of certain U.S. states, including California, Virginia, Colorado, Connecticut, and Utah, may have specific privacy rights under applicable laws. These rights may include the ability to request access to Personal Information, request correction or deletion, request portability, opt out of certain processing activities, and appeal certain decisions. Rabble Health does not sell Personal Information. To exercise applicable rights, please contact us using the information provided below. We may verify identity before processing requests. Rabble Health will not discriminate against individuals for exercising applicable privacy rights.

Rabble Health does not sell Personal Information or Protected Health Information. Rabble Health does not knowingly share Personal Information for cross-context behavioral advertising purposes as defined under applicable California privacy laws.

The Services are intended to support communication, care coordination, education, and administrative activities. Content provided through the Services is not intended to replace professional medical advice, diagnosis, or treatment. Users should seek the advice of qualified healthcare professionals regarding medical conditions or treatment decisions.

The Services are not directed to children under the age of 13, and Rabble Health does not knowingly collect Personal Information directly from children under 13 without appropriate authorization where required by law. If we become aware that information has been collected from a child in violation of applicable law, we will take reasonable steps to delete such information.

Rabble Health may update this Privacy Policy from time to time to reflect operational, legal, regulatory, or technological changes. When updates are made, we will revise the effective date of the Privacy Policy and post the updated version on our website or within the Services. Continued use of the Services following the effective date constitutes acceptance of the updated Privacy Policy where permitted by law.

Rabble Health is committed to making this Privacy Policy accessible to individuals with disabilities. Individuals who require this Privacy Policy in an alternative format may contact us using the information provided below.

If you have questions about this Privacy Policy or would like to exercise applicable privacy rights, please contact: Rabble Health, Inc., 107 N Reino Rd #1045, Thousand Oaks, CA 91320

Email: connect@rabblehealth.com