RUBYMED BILLING arrow_back Back to login

Privacy policy

Last updated: 19/04/2026

Application privacy policy (Plaid Link integration)

1. Scope

This Privacy Policy applies to the use of the web and/or mobile application of RUBYMED (the "Application"), including the flow for linking financial accounts through Plaid Link. It describes what information we collect, how we use it, who we share it with, how long we retain it, and what options the user has.

This Policy complements the general website Privacy Policy and any "just-in-time" notice shown during onboarding or before connecting a financial account.

2. Data controller and contact

Controller: RUBYMED (ClĂ­nica Hispana Rubymed). Contact: (844) 782-9633. Privacy/security: itsupport@rubymed.org. Address: 12808 W Airport Blvd Ste 303A, Sugar Land, TX 77478

If your implementation involves payment processing or bank verification, RUBYMED acts as the controller with respect to the data it receives and uses within its Application. Plaid acts as a processor that processes data in the connection flow, according to its own policies.

3. Definitions

  • Personal data: Information that identifies or can identify a person (name, email, phone, account identifiers, device identifiers).
  • Financial data: Information related to financial accounts, such as account identifiers, account type, balances, transactions, and bank verification data.
  • Plaid: Technology provider that facilitates secure connection between the Application and financial institutions through Plaid Link.
  • Plaid Link: Interface/flow within the Application that allows the user to connect their financial institution and authorize the exchange of data necessary for the use case.
  • End user: Person who uses the Application and decides whether to connect a financial account.

4. Personal data we process

We may process the following categories of information, depending on the features the user uses and the permissions granted:

  • Account and contact data: name, email, phone, user identifiers, preferences, and settings.
  • Usage and device data: IP address, device identifiers, operating system/browser, activity logs, security events, logs, and performance metrics.
  • User-provided data: information submitted via forms within the Application or to support.
  • Financial data (via Plaid): account information (type/name), verification details (e.g. account number and routing when applicable), balances and/or transactions, according to the Plaid product initialized and user consent.

We do not use or request financial information through Plaid Link without the user performing an affirmative connection action and granting authorization during the Plaid Link flow.

5. Plaid Link integration (financial data)

The Application may use Plaid Link so the user can securely connect their financial institution and authorize access to data necessary for a specific use case (e.g.: account verification for payments or transfers, identity verification, or transaction history).

During this flow, Plaid may access information from the user's financial institution according to the enabled product (e.g.: account details, balances, transactions). The type of data may include holder information (name/address/phone/email), transactions (amount/date/type/description), and account details (name/type, account number and routing, balance), depending on the authorized connection.

Transparency and user control: The user chooses whether to connect a financial institution, which accounts to link (when the experience allows it), and can revoke access. Plaid offers tools to view and manage connections (Plaid Portal) and request data deletion in Plaid systems, subject to legal limitations.

What RUBYMED receives from Plaid: RUBYMED receives from Plaid only the data authorized by the user and necessary for the purposes described in this Policy. We do not receive your banking password; the user interacts with Plaid Link to authenticate and authorize access.

Typical use cases (examples):

  • Account verification: confirm ownership and/or validate an account for transfers or payments.
  • Authentication and validation: obtain account and routing data to process transfers (if applicable).
  • Transactions and balances: query movements and balances for services authorized by the user (if applicable).
  • Identity: validate identity data provided by the institution (if applicable).

6. Purposes of processing

We process personal data and, when the user authorizes it, financial data, for the following purposes:

  • Service delivery: create and manage the user's account, enable features, and respond to requests.
  • Verification and fraud prevention: validate identity/account, detect anomalous behavior, and protect the user and the organization.
  • Payments/transfers (if applicable): verify a bank account or initiate transfers through authorized providers.
  • Support: handle tickets, resolve failures, and communicate relevant updates.
  • Security: monitoring, auditing, incident investigation, and compliance.
  • Product improvement: analytics, performance metrics, testing, and experience improvements.

7. Legal basis and consent

The legal basis may vary by jurisdiction and use case. In general:

  • Contract/service performance: to operate the Application and deliver requested functionality.
  • Legitimate interest: for security, fraud prevention, metrics, and service improvement (with safeguards).
  • Consent: to connect financial accounts through Plaid Link and for any purpose requiring express authorization.
  • Legal obligation: when necessary to comply with regulatory, tax, accounting, or security requirements.

When the user initiates Plaid Link, the corresponding consent and transparency information will be displayed, and the user must accept to continue.

8. How we share information

We may share information in these circumstances:

  • With Plaid: to enable connection with financial institutions and process authorized data during the Link flow.
  • With providers: hosting, messaging, analytics, support, security, payment or transfer processing, as applicable.
  • Legal compliance: to respond to court orders, subpoenas, authority requirements, or to protect rights and security.
  • Business restructuring: in mergers, acquisitions, or asset transfers, with appropriate confidentiality measures.

We do not sell personal data. We do not share financial data outside of authorized purposes and what is necessary to operate the service, except by legal obligation.

9. Providers and subprocessors

RUBYMED may hire providers (processors) to support operations. We require confidentiality agreements and, when applicable, data processing agreements. Plaid is a provider for banking connection functionality and operates under its own policies and controls.

10. Information security

We apply reasonable technical and organizational measures to protect information against unauthorized access, loss, alteration, or disclosure. Examples:

  • Role-based access control and principle of least privilege.
  • Encryption in transit (TLS) and, when applicable, encryption at rest.
  • Logging and monitoring of security events.
  • Vulnerability management, patching, and hardening.
  • Backups and periodic restoration testing.
  • Staff training and incident response procedures.

Even with measures in place, no system is 100% foolproof. In case of a material incident, we will apply our response plan and the notifications required by applicable law.

11. Retention and deletion

We retain information only for as long as necessary to fulfill the purposes described, legal obligations, and security needs. Specific rules are described in the Data Retention and Deletion Policy (RUBYMED-DATA-RET-001). Upon completion of the period, we securely delete or anonymize the information, unless there is mandatory retention or "legal hold".

12. User rights and options

Depending on their jurisdiction, the user may have rights such as: access, correction, deletion, objection, limitation, portability, and withdrawal of consent. To exercise them:

  • Email itsupport@rubymed.org stating your request and the email associated with the account.
  • If it concerns Plaid connections, the user can also revoke access from the Application (if the functionality is available) and/or use Plaid Portal to manage connections and request data deletion in Plaid, subject to legal limitations.

13. International transfers

Our providers may process data in the United States or other countries. When appropriate, we implement reasonable contractual and technical safeguards to protect the information.

14. Minors

The Application is not directed at minors under 18 years of age. If you believe a minor has provided us with information, please contact us to evaluate the corresponding deletion.

15. Changes to this policy

We may update this Policy to reflect legal, technical, or business changes. We will publish the current version in the Application and update the "effective date". Material changes may be notified by notice within the Application.

Annex A. Data categories and examples (Plaid)

The information that may be shared via Plaid depends on the enabled product and user authorization. Examples (non-exhaustive):

Product/Use case Examples of data Use within the Application
Auth / Account verification Account holder name, account type, account number and routing (when applicable), verification status. Validate account for payments/transfers; reduce fraud.
Accounts / Balances Account name and type, available/current balance, currency. Display authorized financial status; operational validations.
Transactions Amount, date, type, description/categorization. Reconciliation, user-authorized analysis, income/activity verification (if applicable).
Identity (if applicable) Name, address, phone, email provided by the institution. Identity validation and fraud reduction.

External references (URLs)