PainTrace is online booking software for massage, bodywork, and wellness practices, made in Greenville, South Carolina. Anything in this policy is a promise from us to you. Questions go to omgreenville@gmail.com and a person answers them.
Practice account information. When a practice signs up we collect the practice name, a sign in email, an optional phone number, and a password. Passwords are stored only as salted cryptographic hashes. We never see or keep the actual password.
Practice content. The services, prices, business hours, branding choices, and pages a practice sets up in its back office.
Booking information. When a client books an appointment, we store what the booking form asks for: name, email, phone, the chosen service, the date and time, and any note the client chooses to leave. This is the practice's information, held for the practice.
Payment information. Card payments run through Stripe, in the practice's own Stripe account. Card numbers go directly to Stripe and are never stored on PainTrace servers.
Technical basics. Standard server logs such as IP addresses and request times, used for security, abuse prevention, and keeping the service up.
Each practice owns its client list, its bookings, and everything it creates in PainTrace. We process that information for exactly one purpose: running the service the practice signed up for. Every practice's data is isolated from every other practice's data, enforced in the software itself. Your clients are yours. Full stop.
A small number of providers touch data so the product can work, each only as much as their job requires: Cloudflare hosts the application and database. Resend delivers emails such as booking confirmations and password reset links. Stripe handles payments inside the practice's own Stripe account. Telnyx sends text reminders when a practice turns them on. We do not hand data to anyone else unless the law requires it.
Clients who book receive confirmations and reminders sent on their practice's behalf, wearing the practice's name. Practice owners receive account email such as booking alerts and password reset links. We do not market to a practice's clients.
As long as the account is active, so the practice's history works. Practices can export their data at any time. When an account closes, we delete its data within 30 days, and residual copies in backups clear within 30 days after that.
Everything travels over HTTPS. Passwords are stored as salted keyed hashes, never in plain text. Sign in sessions expire after 8 hours, password reset links work once and die after 30 minutes, and changing a password signs out every other device. If we ever learn of a breach affecting your information, we will notify affected practices without undue delay.
Practices can read, correct, export, or delete their information at any time, in the app or by emailing us. If you are a client of a practice that uses PainTrace, your booking information belongs to that practice, so start with them. We help every practice honor these requests.
PainTrace accounts are for business use by adults 18 and over.
If this policy changes, the new version appears here with a new date, and material changes get emailed to practice owners first.
PainTrace · Greenville, South Carolina · omgreenville@gmail.com