Privacy Policy

Last updated: March 9, 2026

Massage by Ivan ("we," "our," or "us") operates a scheduling and booking platform that connects service providers with their existing clients. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, web application, and related services (collectively, the "Service").

1. Information We Collect

We collect information that you provide directly to us when you create an account, book an appointment, or communicate with us:

• Account information: name, email address, phone number, password, and account type (client or provider).
• Profile information: mailing address, emergency contact details, and for clients of massage providers, health-related information such as allergies, medical conditions, and treatment preferences that you voluntarily provide.
• Booking information: appointment dates, times, durations, service types, add-ons, pricing, and appointment locations.
• Location data: addresses provided for appointment locations are geocoded (converted to geographic coordinates) to calculate travel times and provide scheduling functionality.
• Payment information: when payment processing is available, payment details are collected and processed by our third-party payment processor. We do not store your full credit card number on our servers.
• Communications: SMS messages sent through our platform, including appointment reminders and booking confirmations.

We also collect certain information automatically when you use the Service:

• Log data: IP address, browser type, operating system, referring URLs, and access times.
• Session data: we use session cookies to keep you logged in and maintain your preferences. These are essential for the Service to function and are not used for advertising or tracking.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service, including scheduling appointments and calculating travel-time-aware availability.
• Send transactional communications such as booking confirmations, appointment reminders, and cancellation notifications via SMS and email.
• Process payments and send invoices when applicable.
• Respond to your requests and provide customer support.
• Protect against fraud, abuse, and unauthorized access.
• Comply with legal obligations.

We do not use your personal information for advertising, marketing to third parties, or profiling.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only in the following limited circumstances:

• Between providers and their clients: when you book an appointment, your name, phone number, appointment details, and location are shared with your service provider (and vice versa) to facilitate the appointment.
• Service providers we use: we use third-party services to operate the platform, including:
  • Google Maps Platform — for geocoding addresses and calculating driving times and distances.
  • SignalWire — for sending SMS appointment reminders and notifications.
  • MongoDB Atlas — for secure cloud database hosting.
  • Heroku — for application hosting.
  These providers process your data only as necessary to provide their services to us and are bound by their own privacy policies.
• Legal requirements: we may disclose your information if required by law, regulation, legal process, or governmental request.

4. SMS Messaging Policy

When you opt in to SMS notifications, you agree to receive automated text messages from us for the following purposes:

• Appointment booking confirmations
• Appointment reminders (24-hour and 1-hour advance notices)
• Cancellation notifications

Opt-In: SMS consent is collected during account registration when you check the SMS consent checkbox. Your consent status is stored in your account and verified before every message is sent. Checking this box is voluntary and is not a condition of using the Service.

Opt-Out: You can stop receiving SMS messages at any time by:

• Replying STOP to any message
• Disabling SMS notifications in your account settings
• Contacting us at the email listed below

Help: Reply HELP to any message for assistance, or contact us at the email listed below.

Message frequency varies based on your appointment activity. Standard message and data rates may apply depending on your mobile carrier and plan.

We do not send promotional or marketing messages via SMS. All messages are transactional and directly related to your appointments.

5. Data Storage and Security

Your data is stored in encrypted cloud databases hosted in the United States. We implement industry-standard security measures including:

• Password hashing using bcrypt
• HTTPS encryption for all data in transit
• Secure, HTTP-only session cookies
• Rate limiting to prevent abuse
• Access controls limiting data access to authorized users

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, accounting, or compliance purposes.

Appointment records may be retained in anonymized form for analytics and service improvement purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: request that we correct inaccurate or incomplete information.
• Deletion: request that we delete your personal information.
• Opt-out: opt out of SMS communications at any time.

To exercise any of these rights, contact us using the information below. We will respond within 30 days.

8. California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights, including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

---

Contact Us