Privacy

Privacy Policy

How Growing Higher LLC collects, uses, discloses, and protects information for Pebble websites, applications, software, patient portal features, and related services.

Last updated: June 7, 2026

Privacy Policy

Last updated: June 7, 2026

Privacy Policy

This Privacy Policy explains how Growing Higher LLC (“Growing Higher,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when people use Pebble websites, applications, software, patient portal features, and related services that link to this Privacy Policy (the “Services”).

Please read this Privacy Policy carefully before using the Services.

This Privacy Policy is not a medical provider Notice of Privacy Practices. When we process protected health information (“PHI”) for a customer practice, we generally do so as that practice’s business associate under our Business Associate Agreement. The practice remains responsible for its own Notice of Privacy Practices, clinical care, medical records, patient consents, and responses to patient requests about treatment records.

1. Scope

This Privacy Policy applies to information we collect through the Services, our websites, account registration, customer support, product communications, and related business operations.

Some Services or pages may include additional notices. If another notice applies to a specific feature or service, that notice will control for that feature or service to the extent of any conflict.

2. Information We Collect

The information we collect depends on how you use the Services.

Account and Contact Information

We may collect names, email addresses, phone numbers, mailing addresses, usernames, authentication identifiers, organization names, account roles, and similar contact or account information.

Practice and Professional Information

We may collect practice legal name, entity type, jurisdiction, tax and billing information, provider names, credentials, license information, specialties, locations, scheduling settings, organization settings, and other information related to a customer practice.

Patient and Client Information

Customers and authorized users may enter patient or client information into the Services. This may include demographics, contact information, appointments, messages, documents, medication/profile details, intake responses, clinical notes, treatment information, billing information, insurance information, claims data, and related records.

When this information is PHI handled for a customer practice, our handling of it is governed by our agreements with the customer practice, including the Business Associate Agreement where applicable.

Billing and Payment Information

We may collect subscription, invoice, payment, tax, billing-contact, and transaction information. Payment card and payment processing information may be handled by third-party payment processors.

Device, Usage, and Log Information

We may collect information about devices, browsers, operating systems, IP addresses, pages viewed, links clicked, authentication events, error events, timestamps, usage activity, and security or audit metadata.

Communications

We may collect information you provide when you contact us, submit support requests, respond to surveys, participate in product research, or communicate with us.

Cookies and Similar Technologies

We may use cookies, local storage, pixels, SDKs, and similar technologies for authentication, security, preferences, analytics, performance, and service operation. We do not intend to use advertising pixels or cross-context behavioral tracking on PHI-bearing patient or clinical workflow pages without appropriate safeguards and authorization.

3. How We Use Information

We use information to:

  • provide, operate, maintain, secure, and support the Services;
  • create and manage accounts;
  • authenticate users and manage roles, permissions, and portal access;
  • process subscriptions, billing, payments, and related transactions;
  • support scheduling, records, documents, messaging, billing, claims, patient portal, and practice workflows;
  • respond to support requests and administrative communications;
  • monitor service performance, troubleshoot issues, and improve reliability;
  • detect, prevent, and respond to security incidents, fraud, misuse, and illegal activity;
  • maintain audit logs and compliance records;
  • develop, test, improve, and analyze the Services;
  • send service, administrative, legal, security, and account notices;
  • send marketing or product communications where permitted, with opt-out options where required;
  • comply with legal, contractual, and regulatory obligations; and
  • carry out any other purpose disclosed at the time of collection or with consent.

We do not sell PHI. We do not use PHI to train third-party or general-purpose artificial intelligence models unless the applicable customer separately agrees in writing.

4. How We Disclose Information

We may disclose information:

  • to the customer practice that controls the relevant account, workspace, or patient record;
  • to authorized users configured by the customer practice;
  • to service providers and subprocessors that help us host, secure, operate, support, analyze, or improve the Services;
  • to payment processors, billing services, clearinghouses, payers, or other integration providers when the customer enables or uses those workflows;
  • to professional advisors, such as lawyers, accountants, auditors, insurers, and security advisors;
  • to comply with law, subpoenas, court orders, government requests, legal process, or regulatory obligations;
  • to protect rights, safety, security, service integrity, and users;
  • in connection with a merger, acquisition, financing, restructuring, bankruptcy, sale of assets, or similar transaction; and
  • with consent or at the direction of the applicable customer or user.

When PHI is involved, disclosures are subject to the applicable Business Associate Agreement, HIPAA, customer instructions, and applicable law.

5. Service Providers and Subprocessors

We use third parties to help provide the Services. These may include hosting, storage, authentication, infrastructure, security, monitoring, payment, billing, claims, communication, analytics, support, and professional-service providers.

Potential PHI-relevant vendors may include cloud hosting and infrastructure providers, authentication providers, payment processors, billing or clearinghouse providers, communication providers, and other vendors used to operate the Services.

6. HIPAA and Patient Requests

If you are a patient or client of a practice that uses Pebble, your practice generally controls your health information in the Services. Requests to access, amend, restrict, receive an accounting of disclosures, or otherwise exercise rights concerning your medical record should generally be directed to your practice.

We may assist a practice in responding to those requests when required by law or contract. If we receive a request directly from a patient about PHI controlled by a practice, we may redirect the request to the practice.

7. Cookies, Analytics, and Choices

Most browsers let you remove or block cookies. Blocking cookies may affect Service functionality, including login, security, preferences, and account access.

Marketing emails, if any, will include an unsubscribe or opt-out method where required. We may still send non-marketing emails, including account, security, legal, transactional, and service communications.

8. Data Retention

We retain information for as long as needed to provide the Services, maintain accounts, comply with legal and contractual obligations, resolve disputes, maintain security and audit records, and enforce agreements.

Retention periods may vary by record type, customer configuration, legal requirements, backups, audit logs, and account status. Customer data export, cancellation, deletion, and retention are further described in the Terms of Service and applicable agreements.

9. Security

We use administrative, technical, and physical safeguards designed to protect information. These safeguards may include authentication, access controls, tenant scoping, encryption, private storage, audit logging, monitoring, backup practices, secure development practices, and incident response procedures.

No method of transmission or storage is completely secure. Customers and users are responsible for protecting their credentials, devices, local networks, user access, and account configurations.

10. Children and Minors

The Services are provided to customer practices and authorized users. Patient portal access for minors, parents, guardians, and personal representatives is controlled by the customer practice and applicable law.

The Services are not directed to children under 13 for direct account registration with Growing Higher. If we learn that a child under 13 has provided information directly to us without appropriate authorization, we will take appropriate steps consistent with applicable law.

11. State Privacy Rights

Depending on where you live, privacy laws may provide rights to access, correct, delete, or receive a copy of certain personal information, or to opt out of certain uses or disclosures. These rights may be limited where information is PHI handled for a health care practice, where retention is required by law, or where another exception applies.

To submit a privacy request concerning information controlled by Growing Higher, contact us using the information below. To submit a request concerning medical records or patient information controlled by a practice, contact the practice directly.

12. Information Outside the United States

The Services are operated from the United States. If you access the Services from outside the United States, your information may be processed in the United States or other countries where we or our vendors operate.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated policy will be posted with a new “Last updated” date. If changes are material, we will provide notice as required by law or contract.

14. Contact

Privacy contact: privacy@pebblepm.com

Security contact: security@pebblepm.com

Support contact: support@pebblepm.com

Mailing address: 5473 Blair Rd, Ste 100, Dallas, TX 75231