MassageHubMassageHub

Privacy Policy

Last updated: 19 May 2026

1. Who we are

MassageHub is a practice management platform for independent massage therapists. It is operated by Paul Bailey (“we”, “us”, “our”). If you have any questions about this policy, contact us at hello@massagehub.app.

2. Who this policy applies to

This policy covers two types of users:

  • Therapists — independent massage therapists who create an account to manage their practice
  • Clients — people who book appointments through a therapist's MassageHub booking page

3. Data we collect

Therapists

  • Name, email address, and profile information
  • Business details: services, pricing, locations, availability
  • Payment account information (via Stripe — we do not store card numbers)
  • Google Calendar OAuth tokens (if you choose to connect Google Calendar)
  • iCal feed URLs for calendar blocking (stored encrypted)

Clients

  • Name, email address, and phone number
  • Appointment history and SOAP notes (recorded by the therapist)
  • Intake form responses
  • Address (for mobile appointments)
  • Payment information (via Stripe — we do not store card numbers)

4. Google Calendar integration

Therapists may optionally connect their Google Calendar account. When connected, MassageHub uses Google's OAuth 2.0 to request permission to create and delete calendar events on the therapist's behalf.

Specifically:

  • When a client books an appointment, MassageHub creates an event in the therapist's Google Calendar containing the appointment details (service, client name, phone number, and location)
  • When a booking is cancelled, MassageHub deletes the corresponding event from Google Calendar
  • MassageHub does not read, store, or share any existing Google Calendar events
  • OAuth tokens (access token and refresh token) are stored encrypted in our database and used solely to create and delete MassageHub appointment events
  • Therapists can disconnect Google Calendar at any time from Settings → Integrations, which revokes MassageHub's access and removes all stored tokens

MassageHub's use of Google Calendar data is limited to the purposes described above. We do not use Google Calendar data for advertising, profiling, or any purpose other than managing the therapist's appointment schedule.

MassageHub's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. AI-assisted features

Some features use artificial intelligence to help therapists work faster:

  • SOAP note assist — when a therapist chooses to get help drafting or tidying a clinical note, the note text is sent to Anthropic's Claude AI to generate a suggestion. This text may contain client health information.
  • Parsing helpers — for example, turning pasted text into structured form fields or imported records.

This processing is carried out by Anthropic acting as our data processor. The text is used only to return a result to the therapist; under Anthropic's commercial API terms it is not used to train AI models. AI suggestions are always reviewed and edited by the therapist before being saved — the therapist remains responsible for the content of clinical records. AI-assisted features are optional and only run when a therapist actively asks for help.

6. How we use your data

  • To provide and operate the MassageHub service
  • To send appointment confirmations, reminders, and cancellation notifications
  • To process payments via Stripe
  • To create and manage Google Calendar events on behalf of connected therapists
  • To improve the platform and fix issues

We do not sell your data to third parties or use it for advertising.

7. Data storage and security

Data is stored in Supabase (PostgreSQL), hosted in the EU. Sensitive fields — including calendar URLs, OAuth tokens, and payment-related data — are encrypted at rest using AES-256-GCM. All data is transmitted over HTTPS.

8. Third-party services

  • Supabase — database and authentication
  • Stripe — payment processing
  • Resend — transactional email
  • Twilio — SMS notifications
  • Anthropic — AI processing for SOAP-note assist and parsing helpers (see section 5); may receive clinical note text
  • Google Calendar API — calendar integration (therapists only, opt-in)
  • Vercel — hosting
  • Microsoft Clarity — anonymous product analytics (session replays and heatmaps), only loaded if you accept the cookie banner. Pages containing health data, client details, or payment information are masked so the content is not recorded.

9. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Withdraw consent (e.g. disconnect Google Calendar) at any time
  • Lodge a complaint with the ICO

Therapists can delete their account and associated data directly in the app at any time from Settings → Account. To exercise any other right, contact us at hello@massagehub.app.

10. Cookies

We use two categories of cookies:

  • Strictly necessary — session and authentication cookies required for the service to function. These are set automatically and do not require consent.
  • Analytics & marketing — we use Google Analytics 4 to understand how our site is used, Meta Pixel for marketing measurement, and Microsoft Clarity for anonymous session replays and heatmaps so we can see where users get stuck. Clarity sessions are not tied to your account or identity, and pages displaying client details, intake responses, SOAP notes, or payment information are masked so their content is never recorded. These cookies are only set if you consent via the banner shown on your first visit. You can decline or withdraw consent at any time by clearing your browser cookies.

Therapists may also configure their own Google Analytics, Google Ads, or Meta Pixel tracking on their booking pages. In that case, the therapist is the data controller for that tracking, and the same consent banner governs whether those scripts load.

11. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of MassageHub after changes are posted constitutes acceptance of the updated policy.

12. Contact

For any privacy questions or requests, email hello@massagehub.app.