thimblehub
Build your stack →
// THIMBLEPORTAL · FEATURES08 SURFACES · 70+ INTEGRATIONS

The patient experience that increases LTV. The admin layer that runs your operation.

White-labeled, HIPAA-compliant, and built to scale. Eight surfaces working as one - from the moment a patient logs in to the moment your CFO checks cohort retention.

See features ↓
01/ 08Patient Dashboard

Everything a patient needs. Nothing that sends them to your support inbox.

Patients see their prescriptions, appointments, documents, orders, and care plan the moment they log in.

When patients can answer their own questions, your CS team stops fielding them. Retention goes up. Refill rates go up. Support costs go down.

  • Treatment timeline & tracking
  • Prescription status updates
  • Appointment management
  • Secure messaging & documents
FIG. 01.0 · PATIENT DASHBOARD
portal.calderclinic.com / home● LIVE
Patient Dashboard - treatment timeline and refill status
02/ 08Clinical Workflows

Route to any provider. Fulfill through any pharmacy. Change either without touching code.

Multi-provider routing across Wizlo, OpenLoop, MDI, and CareValidate with a configurable dispatch layer.

Switch networks, add a fallback provider, or split by product - all through configuration. The pharmacy engine handles fulfillment end-to-end with automated refills that keep patients on therapy without manual intervention.

  • Wizlo, OpenLoop, MDI, CareValidate
  • Prescription lifecycle management
  • Configurable pharmacy routing
  • Automated refills & retries
FIG. 02.0 · CLINICAL WORKFLOWS
admin / clinical / refills● LIVE
Clinical Workflows - refill queue and provider routing
03/ 08HIPAA-Compliant

Not a checkbox. A foundation every other layer runs on.

PHI is encrypted at rest and in transit with AES-256-GCM. Field-level access controls ensure only authorized roles see sensitive data.

The PHI guardian test suite validates encryption on every deployment. Every action is logged in an immutable audit trail with 6-year retention. Breach incident tracking and CSRF protection are built in.

  • AES-256-GCM at rest & in transit
  • PHI guardian automated test suite
  • 6-year immutable audit retention
  • CSRF protection & rate limiting
FIG. 03.0 · HIPAA-COMPLIANT
admin / patients / maya-rodriguez● LIVE
Patient detail - HIPAA-compliant record view
04/ 08Built-in CRM

A CRM that actually fits telehealth. No third-party tool required.

Track every contact from first intake through active patient.

Activity timelines, smart lists, custom tags, tasks, and a unified inbox across SMS, email, and notes - all in the same system managing their prescriptions and refills. One source of truth. One less vendor.

  • 3-stage funnel (intake, lead, patient)
  • Activity timelines per contact
  • Smart lists with dynamic criteria
  • Unified inbox (SMS, email, notes)
FIG. 04.0 · BUILT-IN CRM
admin / patients / lauren-johnson● LIVE
Built-in CRM - patient detail and activity timeline
05/ 08Automation Engine

30+ trigger/action types. Visual builder. No developer required.

Build the workflows your operation runs on without writing a line of code.

Trigger a shipping notification when a prescription dispatches. Send an SMS reminder before an appointment. Auto-tag a patient when they downgrade. Escalate an overdue task to a supervisor. If it happens in your operation, you can automate it here.

  • Visual DAG builder
  • 30+ trigger & action types
  • Delay and branching logic
  • Consent-aware SMS / email
  • Revenue-linked triggers
  • Auto-tagging & task escalation
FIG. 05.0 · AUTOMATION ENGINE
admin / communications● LIVE
Automation Engine - visual workflow builder and comms
06/ 08Multi-Tenant Admin

One platform. Unlimited brands. Zero infrastructure duplication.

Launch a new telehealth brand in under 2 weeks without standing up new infrastructure.

Each tenant gets its own domain, branding, Stripe account, and isolated patient data. Switch between companies instantly. Scale from one brand to ten - or a hundred - from the same panel.

  • Custom domains with DNS verification
  • Per-company Stripe accounts
  • 4-tier role hierarchy
  • Isolated patient data per tenant
FIG. 06.0 · MULTI-TENANT ADMIN
admin / settings / workspace● LIVE
Multi-Tenant Admin - workspace settings and branding
07/ 08Analytics Suite

Every metric that affects LTV, churn, and growth. In one place.

Eight dashboards built for telehealth operators: MRR and churn, cohort retention heatmaps, provider performance, conversion funnels, and churn risk scoring.

Filter by company, provider, or date range. Export anything to CSV. Know exactly where patients drop off, which providers perform, and which cohorts retain.

  • MRR, churn & LTV tracking
  • Cohort retention heatmaps
  • Provider performance comparison
  • Churn risk scoring & CSV export
FIG. 07.0 · ANALYTICS SUITE
admin / analytics / overview● LIVE
Analytics Suite - MRR, cohort retention, and churn metrics
08/ 08Pharmacy Platform

Plug in any pharmacy. Route by any rule. Automate every refill.

A configurable fulfillment engine with pluggable pharmacy adapters.

Route based on provider type, drug category, patient state, or any rule you define. Real-time status tracking via webhook and polling. Automated refills trigger without manual intervention - patients stay on therapy, your team stays out of it.

  • Provider-agnostic fulfillment
  • Configurable routing rules
  • Pluggable pharmacy adapters
  • Real-time webhook / polling
FIG. 08.0 · PHARMACY PLATFORM
admin / clinical / pharmacy● LIVE
Pharmacy Platform - fulfillment queue and routing rules
// ALSO INCLUDED

The full stack.
Not the highlight reel.

Every feature ships with every plan. Nothing gated, nothing hidden behind an “Enterprise” wall.

01Unified inbox (SMS, email, notes)
02Twilio SMS with TCPA consent tracking
03Public REST API
04Subscription management (pause, skip, change plan)
05Multi-provider support (Wizlo, OpenLoop, MDI, CareValidate)
06Healthie / GraphQL integration
► READY?

Ready to see thimbleportal in action?

See a live build. Ask anything. We'll mock your real data and show how it behaves end-to-end.

30 MIN · NO SLIDES · LIVE BUILD
// INTEGRATIONS & PARTNERS

4 provider networks.
70+ integrations.
All pre-built.

01Stripe
02Wizlo
03OpenLoop
04Healthie
05MDI
06CareValidate
07Twilio
08Resend
09SendGrid
10Formsort
11Typeform
12JotForm
13Google Calendar
14Greenwich RX
+56 MORE →
70+
Integrations
HIPAA + BAA
Included
4
Provider Networks
30+
Automation Actions
// BETTER TOGETHER · POWERFUL ALONE04 PRINCIPLES

Each product works standalone. Together, they eliminate every seam between marketing, checkout, and patient operations.

01// THIMBLECART → PORTAL → ADMIN

Checkout, Portal, Provider. Instantly connected.

A patient checks out. Their account is live. Their encounter is dispatched. You touched nothing.

02// WHITE-LABEL · MULTI-TENANT

One Brand, Every Touchpoint.

Your domain, your colors, your logo - from the marketing site through checkout into the patient portal. Patients never see a seam.

03// COMPLIANCE · AUDIT · BAA

HIPAA Across the Stack.

AES-256-GCM encryption, audit trails, and field-level PHI protection are not features you enable. They are the foundation everything runs on.

04// SCOPE MONDAY · SHIP FRIDAY

Your Dev Team, On Call.

Need a custom integration, a new workflow, or a feature built just for you? Our engineering team works directly with your operations. No ticket queue, no waiting.

// NOT JUST SOFTWARE

Scope it Monday.
Ship it Friday.

A development team at your fingertips.

Need a custom workflow, a new provider integration, or a feature built specifically for your operation? Our engineering team works directly with you. No ticket queues, no support tiers, no waiting.

  • Custom integrations
  • Dedicated engineering
  • Direct access, no ticket queue
thimble.eng · sprint-board
MON 09:14
Slack thread → scoped
Eng + Ops on call
SCOPED
TUE 11:02
PR opened
Branch · feat/mdi-fallback
IN REVIEW
WED 16:48
Staging deploy
Greenwich RX adapter v2
STAGING
THU 10:30
Customer UAT
Approved by Calder Clinic
UAT ✓
FRI 14:20
Shipped to prod
Auto-routing live
● LIVE
// SECURITY

Built in,
not bolted on.

Not a checkbox. A foundation.

► HIPAA · SOC 2 IN PROGRESS · BAA INCLUDED
01

AES-256-GCM Encryption

All data encrypted at rest and in transit using AES-256-GCM. No plaintext PHI touches disk.

02

Field-Level PHI Protection

PHI guardian test suite enforces field-level encryption across every model and migration.

03

HIPAA BAA Included

Business Associate Agreement included with every plan. No add-on fees, no separate negotiation.

04

MFA + SSO

Multi-factor authentication enforced for admin and clinical roles. SSO available for enterprise.

05

6-Year Audit Retention

Every action logged in an immutable audit trail. Retained for 6 years per HIPAA requirements.

06

Breach Incident Tracking

Built-in breach incident management with severity classification, timeline, and notification workflows.

07

Rate Limiting

16 tiered rate limiters across API, auth, and webhook endpoints. CSRF protection on every form.

08

Zero-Trust Architecture

Role-based access at every layer. 4-tier hierarchy with per-company data isolation and audit scoping.

// LET'S BUILD

Let's build your
telehealth operation.

Schedule a call with our team. We'll scope your launch, demo the platform, and map out your timeline. Your timeline starts here.

Build your stack