Trust & Privacy
This page is maintained by QW Therapeutic Massage to answer common security and privacy questions about how we operate the booking experience. It describes our current practices and is not an independent certification.
Accounts are protected by email and password, with Google sign-in available as an alternative. Sessions are stored locally in your browser and can be ended at any time by signing out.
The intake form (symptoms, injury history, consents) is visible only to you and our practice staff. Intake records are required before a booking can be confirmed and are stored alongside your account.
Treatment and HIPAA-style consents are timestamped and expire after a defined period so we can re-confirm them on a regular cadence.
You can view, request, and cancel your own bookings. Status changes beyond cancellation (confirmation, completion) are reserved for our staff and cannot be set directly from a browser.
Confirmation and reminder emails are sent from our own verified sending domain. Every message includes a one-click unsubscribe link, and addresses that bounce or unsubscribe are suppressed from future sends automatically.
The application is built on Lovable and uses a managed Postgres database with row-level security policies that scope data access to the signed-in account. Administrative database operations are restricted to server-side code.
You may request a copy or deletion of your account data at any time by contacting us. Some records (for example, completed appointment history) may be retained where required for medical recordkeeping.
For privacy questions, data requests, or to report a security concern, email privacy@qwmedmassage.com.
This page is editable content owned by QW Therapeutic Massage and may be updated as our practices evolve.