Everything your telehealth operation needs. Nothing it doesn't.

The complete telehealth infrastructure (checkout, marketing, and patient operations) built to launch in weeks, not months.

Book a strategy call

Explore the stack

HIPAA Compliant•AES-256 Encrypted•Stripe Verified•99.9% Uptime

Checkout + Intake

thimblecart

Plan chooser, intake form, and checkout, wired into your provider network and billing stack. Built to convert telehealth offers and keep your data clean.

01 / 08

4 payment methods

Multi-Plan Checkout

GLP-1 programs, subscriptions, add-ons. One flow, any offer structure.

Patients see every plan option in a single, branded experience. Apple Pay, Google Pay, Klarna, and FSA/HSA cards accepted out of the box. Upsells, bundles, and add-ons slot in without touching the core flow. Launch new offers in hours, not weeks.

✓Apple Pay, Google Pay, Klarna support

✓FSA/HSA card acceptance

✓Upsell and bundle configuration

✓Branded checkout experience

02 / 08

Zero-config mapping

Intake Automation

Formsort, Embeddables, Heyflow, Typeform, JotForm, or custom. We normalize and route the data.

Your intake form feeds directly into patient records and provider encounters. Auto-normalization maps fields from any HIPAA-compliant form provider: Formsort, Embeddables, Heyflow, Typeform, JotForm, or any custom build. No CSVs, no copy-pasting. Data arrives clean, validated, and ready for clinical review the moment checkout completes.

✓Formsort, Embeddables, Heyflow, Typeform, JotForm

✓Auto field normalization and mapping

✓Validation rules with error surfacing

✓Direct feed to patient records

03 / 08

4 provider networks

Provider Handoff

Automatic encounter creation with Wizlo, OpenLoop, MDI, and CareValidate.

When a patient checks out, their encounter is created in your provider network automatically: Wizlo, OpenLoop, MDI, or CareValidate. Complete with intake data, plan details, and consent records. Your ops team never touches it.

✓Wizlo, OpenLoop, MDI, CareValidate

✓Auto encounter creation on checkout

✓Intake data and consent passthrough

✓Provider-specific routing rules

04 / 08

Smart Attribution

UTM tracking, lead source, and conversion funnel analytics that actually work.

Know exactly which ad, landing page, or referral source drove each patient. UTM parameters, lead source tracking, and full conversion funnel analytics persist through the entire journey, from first click to completed checkout, so your ad spend is accountable.

✓UTM parameter persistence

✓Lead source attribution

✓Conversion funnel tracking

✓Multi-touch attribution

05 / 08

Your Stripe, your data

Stripe-Native Billing

Your Stripe account, your data. White-labeled with bidirectional sync.

We connect directly to your Stripe account, not ours. White-labeled per-company Stripe accounts with bidirectional sync. You own the customer relationship, the payment data, and the billing history. Subscription changes, failed payments, and refunds are handled automatically.

✓White-labeled per-company Stripe

✓Bidirectional data sync

✓Automatic failed payment recovery

✓Subscription lifecycle management

06 / 08

Webhook Pipeline

HMAC-verified webhooks with idempotent processing and exponential backoff.

Every event in the checkout lifecycle fires a signed webhook to your systems. HMAC signature verification ensures authenticity. Failed deliveries retry automatically with exponential backoff. Idempotent processing means no duplicate orders, ever.

✓HMAC signature verification

✓Idempotent event processing

✓Exponential backoff retries

✓Full event lifecycle logging

07 / 08

Auto-Provisioning

Patient accounts, encounters, and welcome emails, created the moment checkout completes.

A patient checks out and their account is instantly provisioned in ThimblePortal. Their encounter is auto-dispatched to the assigned provider network. A branded welcome email is sent. Zero manual steps between payment and care.

✓Instant patient account creation

✓Auto encounter dispatch

✓Branded welcome email delivery

✓Portal access provisioning

08 / 08

Subscription Lifecycle

Pause, skip, resume, plan changes with proration, and payment failure recovery.

Patients manage their own subscriptions: pause, skip a month, resume, or change plans with automatic proration. Failed payments trigger smart recovery sequences. Your ops team handles exceptions, not the routine.

✓Self-service pause, skip, resume

✓Plan change with proration preview

✓Smart payment failure recovery

✓Dunning email sequences

Also included

✓Idempotent webhook processing

✓Multi-form provider normalization

✓Prior authorization workflows

✓Plan change with proration preview

✓Payment failure notifications

✓Subscription pause, skip, resume

✓Auto-provisioning on checkout

✓Branded transactional emails

Ready to see thimblecart in action?

Walk through the full product with our team. No pitch deck, no pressure.

Book a demo

Integrations & Partners

Stripe●Wizlo●OpenLoop●Healthie●MDI●CareValidate●Twilio●Resend●SendGrid●Formsort●Typeform●JotForm●Google Calendar●Greenwich RX

Better together. Powerful alone.

Each product works standalone. Together, they eliminate every seam between marketing, checkout, and patient operations.

Checkout → Portal → Provider

A patient checks out on ThimbleCart. Their account is instantly provisioned in ThimblePortal. Their encounter is auto-dispatched to Wizlo or OpenLoop. No manual step, no delay.

One Brand, Every Touchpoint

Your domain, your colors, your logo, from the marketing site through checkout into the patient portal. Patients never see a seam.

HIPAA Across the Stack

AES-256-GCM encryption, audit trails, and field-level PHI protection aren't features you enable. They're the foundation everything runs on.

Your Dev Team, On Call

Need a custom integration, a new workflow, or a feature built just for you? Our development team works directly with your operations. No ticket queue, no waiting.

HIPAA Compliant

AES-256 Encryption

Stripe Verified

SOC 2 Ready

Not just software. A build partner.

A development team at your fingertips

Need a custom workflow, a new provider integration, or a feature built specifically for your operation? Our engineering team works directly with you. No ticket queues, no support tiers, no waiting. Scope it Monday, ship it Friday.

✓Custom integrations

✓Dedicated engineering

✓Direct access, no ticket queue

Book a call

Security that's built in, not bolted on

Every layer of the stack is designed for HIPAA compliance from the ground up. Not a checkbox. A foundation.

AES-256-GCM Encryption

All data encrypted at rest and in transit using AES-256-GCM. No plaintext PHI touches disk.

Field-Level PHI Protection

PHI guardian test suite enforces field-level encryption across every model and migration.

HIPAA BAA Included

Business Associate Agreement included with every plan. No add-on fees, no separate negotiation.

MFA + SSO

Multi-factor authentication enforced for admin and clinical roles. SSO available for enterprise.

6-Year Audit Retention

Every action logged in an immutable audit trail. Retained for 6 years per HIPAA requirements.

Breach Incident Tracking

Built-in breach incident management with severity classification, timeline, and notification workflows.

Rate Limiting

16 tiered rate limiters across API, auth, and webhook endpoints. CSRF protection on every form.

Zero-Trust Architecture

Role-based access at every layer. 4-tier hierarchy with per-company data isolation and audit scoping.

Let's build your telehealth operation

Schedule a call with our team. We'll scope your launch, demo the platform, and map out your timeline. No commitment required.

Book a Demo

View Pricing