Marble Health App — Privacy Policy

Last updated: April 30, 2026

Effective date: April 30, 2026

This Privacy Policy explains what information the Marble Health mobile app (“Marble Health,” “the app”) collects from you, how Marble Health, Inc. uses it, and the choices you have. The app is provided by Marble Health, Inc. (“Marble Health,” “we,” “us”) to students and adults who are receiving therapeutic care from a Marble Health clinician. The app is intended to supplement that therapeutic care between sessions — it is not a replacement for therapy and is not available to the general public.

This policy covers the Marble Health mobile app specifically. For information about how Marble Health handles your Protected Health Information (PHI) in our clinical services more broadly, please also read our Notice of Privacy Practices.

1. Who this app is for, and what Marty is

The Marble Health app is provided to students and adults who are receiving therapeutic care from a Marble Health clinician. Access is provisioned only after a person has been enrolled in Marble Health services through our clinical onboarding process; the app is not available for download by the general public.

Inside the app, you’ll interact with Marty — an AI companion directed by your clinician to help keep you engaged with your therapy between sessions, encourage practice of the skills you and your clinician are working on, and check in on how you’re doing. Marty is a feature of the Marble Health app, not a separate product.

If you are a student under the age of 18, your parent or guardian provided the required consent to Marble Health before you were given the option to download or use the Marble Health app. That consent covers your use of the app, including the data practices described in this policy. If you have questions about the consent your parent or guardian provided, please contact your clinician or email us at the address below.

2. What the app keeps

What you save in the app

• Your phone number — kept so we can sign you back in next time using a one-time SMS code.
• What you write or save — the messages you exchange with Marty, your check-ins, and any notes are saved so you can come back to them, and so Marty can respond with context from what you’ve talked about before. They are not combined with other users’ data to build profiles, and they are not shared with advertisers.
• In-app preferences — your personalization choices and notification settings.

Information needed to run the app

• Push notification token — if you allow notifications, your device provides a token so we can deliver in-app reminders.
• App usage signals — basic signals about when you are using the app. We use these to power features like check-in reminders and to understand, in aggregate, which parts of the app are useful.
• Basic device info — operating system, app version, and similar technical details needed to deliver the app and diagnose issues.

What the app does not do

• We do not track your precise location.
• We do not show advertising in the app and we do not share information with advertisers.
• We do not use third-party analytics SDKs that follow you across other apps or websites.
• We do not access your contacts, photos, microphone, or camera.

3. How we use your information

We use this information to:

• Provide the app — let you log in, save your progress, and keep your activity in sync across sessions.
• Generate Marty’s responses — your chat messages are processed so Marty can respond appropriately. Marty’s replies are generated using AI technology operated on our behalf (see Section 5).
• Send reminders — deliver the in-app reminders and notifications you’ve opted into.
• Support your clinical care — the app supplements the work you do with your Marble Health clinician. When information is shared with your clinician — either because you choose to share it or because sharing happens as part of your clinical care — we make that information available through Marble Health’s clinical tools.
• Improve the app — understand, in aggregate, which features are helpful so we can make the Marble Health app better over time.
• Keep things safe — detect misuse, debug problems, and protect both you and Marble Health.

We do not sell your information to anyone.

4. How information is shared

We share information only in these limited situations:

• With your Marble Health clinician. Notes, mood check-ins, and other activity that you mark as shared, or that are shared automatically as part of your clinical care, are visible to your clinician through Marble Health’s clinical platform. This sharing is governed by our Notice of Privacy Practices.
• With service providers we trust to run the app. We use vendors to host our servers, send SMS messages and push notifications, and provide the AI technology that powers Marty’s chat responses (see Section 5). These vendors are contractually required to handle your information with the same level of care we do, and to use it only for the purposes we direct. Where required, our vendors have signed HIPAA Business Associate Agreements with us.
• When required by law. We may disclose information if required by a court order, law enforcement request, or other legal obligation, or if we believe in good faith that disclosure is necessary to prevent serious harm.
• In connection with a business change. If Marble Health is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We’ll let you know before this happens.

We will never sell your personal information.

5. AI and your chat with Marty

Marty’s responses are generated using artificial intelligence. Specifically, the Marble Health app uses Amazon Web Services’ Amazon Bedrock to run the AI models that produce Marty’s replies. Amazon has signed a HIPAA Business Associate Agreement (BAA) with Marble Health, which contractually requires AWS to protect your information at the same level we do, to use it only to provide the Bedrock service to us, and to not use your conversations to train any public AI models.

To produce a response, your messages and a small amount of related context (like recent conversation history and instructions provided by your clinician) are sent to Bedrock, which returns Marty’s reply.

Marty supplements your therapy — it does not replace it. Marty is designed to keep you engaged with the work you’re doing with your Marble Health clinician between sessions; it is not a therapist and it cannot diagnose or treat any condition. If you are in crisis or need immediate help, please contact a trusted adult, call or text 988 (in the U.S.), or go to your nearest emergency room.

6. How long we keep your information

We keep your information for as long as you have an active Marble Health account associated with your care. After your clinical relationship with Marble Health ends, we may retain information for the period required by clinical recordkeeping laws (typically several years, depending on your state) and then delete or de-identify it.

You can request deletion of your Marble Health app account data at any time — see Section 8 below.

7. How we protect your information

Marble Health is a HIPAA-regulated provider of clinical services, and we apply HIPAA-grade safeguards to information collected through the Marble Health app:

• All data is sent between your device and our servers over encrypted connections (HTTPS / TLS).
• Data stored on our servers is encrypted at rest.
• Access to your information is limited to staff and clinicians who need it to support your care.
• We have signed HIPAA Business Associate Agreements with the vendors who help us deliver the app, including Amazon Web Services for the AI that powers Marty.
• We regularly review our security practices.

No system is perfectly secure, but we work hard to protect your information.

8. Your choices and rights

You can:

• Turn off push notifications at any time in your device’s Settings or in the Marble Health app’s Settings screen.
• Choose what you share with your clinician. In most cases, you decide whether something you save in the app stays private to you or is shared with your clinician.
• Ask to see, correct, or delete the information the Marble Health app has about you. Email us using the contact below and we’ll respond within a reasonable time. (Note: information that is part of your clinical record may be subject to additional rules under our Notice of Privacy Practices.)
• Stop using the app at any time. If you’d like your account fully removed, contact us.

9. Students under 18

Many users of the Marble Health app are students under the age of 18, including some under 13. The Marble Health app is not offered to the general public and cannot be downloaded without prior enrollment in Marble Health services.

For every student under 18, a parent or guardian completes Marble Health’s consent process before the student is given access to download the Marble Health app. That consent specifically covers the student’s use of the app and the information practices described in this policy. For students under 13, this satisfies the verifiable parental consent requirement of the U.S. Children’s Online Privacy Protection Act (“COPPA”).

We collect from students only the information described in this policy, only for the purposes described in this policy, and we do not condition a student’s participation in the app on collecting more information than is reasonably necessary to use it.

If you are a parent or guardian and have questions about your student’s information, or want to review or delete it, please email us using the contact below.

10. Changes to this policy

If we make material changes to this policy, we’ll update the “Last updated” date at the top and, when appropriate, notify you in the app or by other means before the changes take effect.

11. Contact us

If you have questions about this Privacy Policy or about how the Marble Health app handles your information, please contact:

For questions about your Protected Health Information specifically, please refer to our Notice of Privacy Practices.