GLP-1 programs, subscriptions, add-ons. One flow, any offer structure.
Patients see every plan option in a single, branded experience. Apple Pay, Google Pay, Klarna, and FSA/HSA cards accepted out of the box.
Upsells, bundles, and add-ons slot in without touching the core flow. Launch new offers in hours, not weeks. Your monthly, quarterly, and annual plans live side-by-side under one cart.
- Apple Pay, Google Pay, Klarna
- FSA/HSA card acceptance
- Upsell & bundle configuration
- Branded checkout experience
- New offer structures, no engineering
Formsort, Embeddables, Heyflow, Typeform, JotForm, or custom. We normalize and route the data.
Your intake form feeds directly into patient records and provider encounters with auto-normalization across any HIPAA-compliant form provider.
No CSVs, no copy-pasting. Data arrives clean, validated, and ready for clinical review the moment checkout completes. Field mapping is configured once and applied uniformly across every form vendor on your stack.
- Formsort, Embeddables, Heyflow
- Typeform, JotForm, custom builds
- Auto field normalization & mapping
- Validation rules with error surfacing
- Direct feed to patient records
Automatic encounter creation with any provider network.
When a patient checks out, their encounter is created in your provider network automatically, complete with intake data, plan details, and consent records.
Your ops team never touches it. Configure provider-specific routing rules, set fallback networks, and split traffic by product or geography. The dispatch layer is provider-agnostic and reconfigurable without an engineering ticket.
- Any provider network
- Auto encounter creation on checkout
- Intake data & consent passthrough
- Provider-specific routing rules
- Fallback provider configuration
Server-side conversion data with hashed PII. Your ad spend is finally accountable.
Browser-side pixels are unreliable. ThimbleCart fires server-side conversion events to Meta CAPI and Google Ads using SHA-256 hashed PII.
iOS changes, cookie restrictions, and ad blockers kill attribution before it starts. Server-side firing means clean, matched, privacy-compliant signal regardless of what happens in the browser. UTMs, lead source, and full funnel analytics persist from first click to completed checkout. Know exactly which ad drove each patient and prove it to your media buyer.
- Meta CAPI server-side events
- Google Ads enhanced conversions
- SHA-256 hashed PII (email, phone)
- UTM persistence end-to-end
- Lead source & multi-touch attribution
- Conversion funnel tracking
- Privacy-compliant by design
Your Stripe account, your data. White-labeled with bidirectional sync.
We connect directly to your Stripe account, not ours. White-labeled per-company Stripe with bidirectional sync.
You own the customer relationship, the payment data, and the billing history. Subscription changes, failed payments, and refunds are handled automatically. Built to process any volume, from your first patient to your hundred-thousandth.
- White-labeled per-company Stripe
- Bidirectional data sync
- Automatic failed payment recovery
- Subscription lifecycle management
- Scales to any transaction volume
Run checkout variants. Test offer structures. Ship winners without engineering.
Test pricing, plan configurations, offer copy, and flow variants simultaneously across live traffic with per-variant conversion tracking.
Run multiple checkout experiences under a single brand simultaneously: different products, different price points, different patient segments, all managed from one admin panel. When you find a winner, it ships in hours. No engineering ticket, no sprint cycle.
- Live traffic split testing
- Variant-level conversion tracking
- Pricing & offer structure testing
- Multi-checkout from one panel
- Segment by product, plan, patient type
- No-code variant deployment
A patient checks out. Their account is live. Their automation has already started.
Checkout completion triggers a full provisioning chain into ThimblePortal: account, encounter, welcome email, and automation sequence, all before your ops team sees the order.
The direct feed into the portal’s automation engine means checkout is not the end of the funnel. It is the beginning of retention. Onboarding flows, refill reminders, subscription nudges, and churn-risk sequences all start from the moment payment clears. Every step is logged with a full audit trail.
- Instant patient account creation
- Auto encounter dispatch
- Branded welcome email delivery
- Portal automation triggered on checkout
- Onboarding, refill & retention flows
- Full audit trail, payment to provisioning
Pause, skip, resume, plan changes with proration, and payment failure recovery.
Patients manage their own subscriptions: pause, skip a month, resume, or change plans with automatic proration.
Failed payments trigger smart recovery sequences. Your ops team handles exceptions, not the routine. Dunning emails, churn-risk escalations, and proration previews are wired in. Patients stay in control, your queue stays clean.
- Self-service pause, skip, resume
- Plan change with proration preview
- Smart payment failure recovery
- Dunning email sequences
- Churn-risk escalation to ops
The full stack.
Not the highlight reel.
Every feature ships with every plan. Nothing gated, nothing hidden behind an “Enterprise” wall.
Any provider network.
70+ integrations.
All pre-built.
Each product works standalone. Together, they eliminate every seam between marketing, checkout, and patient operations.
Checkout, Portal, Provider. Instantly connected.
A patient checks out. Their account is live. Their encounter is dispatched. You touched nothing.
One Brand, Every Touchpoint.
Your domain, your colors, your logo, from the marketing site through checkout into the patient portal. Patients never see a seam.
HIPAA Across the Stack.
AES-256-GCM encryption, audit trails, and field-level PHI protection are not features you enable. They are the foundation everything runs on.
Your Dev Team, On Call.
Need a custom integration, a new workflow, or a feature built just for you? Our engineering team works directly with your operations. No ticket queue, no waiting.
Scope it Monday.
Ship it Friday.
A development team at your fingertips.
Need a custom workflow, a new provider integration, or a feature built specifically for your operation? Our engineering team works directly with you. No ticket queues, no support tiers, no waiting.
- Custom integrations
- Dedicated engineering
- Direct access, no ticket queue
Built in,
not bolted on.
Not a checkbox. A foundation.
AES-256-GCM Encryption
All data encrypted at rest and in transit using AES-256-GCM. No plaintext PHI touches disk.
Field-Level PHI Protection
PHI guardian test suite enforces field-level encryption across every model and migration.
HIPAA BAA Included
Business Associate Agreement included with every plan. No add-on fees, no separate negotiation.
MFA + SSO
Multi-factor authentication enforced for admin and clinical roles. SSO available for enterprise.
6-Year Audit Retention
Every action logged in an immutable audit trail. Retained for 6 years per HIPAA requirements.
Breach Incident Tracking
Built-in breach incident management with severity classification, timeline, and notification workflows.
Rate Limiting
16 tiered rate limiters across API, auth, and webhook endpoints. CSRF protection on every form.
Zero-Trust Architecture
Role-based access at every layer. 4-tier hierarchy with per-company data isolation and audit scoping.