somavuePrivacy Policy version 2026-05-12

Privacy Policy

Effective date: May 12, 2026

1. Scope

This Privacy Policy explains how Somavue LLC ("Somavue," "we," "us," or "our") collects, uses, protects, and retains information when shops, staff, customers, and patients use Somavue.

Somavue is built for massage, bodywork, and adjacent wellness shops. Shops control the customer and patient information they enter or ask customers to provide through Somavue.

2. Information We Collect

We collect information needed to operate the service, including:

  • Shop and account information: organization name, location details, staff names, phone numbers, roles, invitations, passkey enrollment state, and session records.
  • Customer and patient information: names, contact details, dates of birth when provided or required, appointment details, service selections, check-in state, intake answers, consent evidence, pain-map drawings, notes, and related records.
  • Scheduling and operations data: services, prices, add-ons, staff schedules, rooms, resources, booking settings, appointment history, readiness status, and provider assignments.
  • Payment information: payment status, invoices, line items, Stripe PaymentIntent identifiers, Stripe connected-account status, payout summaries, application-fee records, refunds, and payment-related metadata. Full card numbers are processed by Stripe and are not stored by Somavue.
  • Communications data: SMS delivery records, opt-out status, message templates, reminders, confirmations, check-in prompts, and support messages.
  • Device, security, and usage data: IP address, user agent, host, request metadata, audit logs, authentication challenges, kiosk identifiers, event logs, and error diagnostics.
  • Marketing source data: referral, campaign, and landing-page parameters when someone starts signup from a Somavue marketing page.

3. How We Use Information

We use information to:

  • Provide booking, scheduling, check-in, intake, customer records, payments, reminders, reporting, and staff operations.
  • Authenticate staff and customers, secure sessions, provision kiosks, and prevent unauthorized access.
  • Process customer payments through Stripe Connect and support payout, invoice, refund, and reporting workflows.
  • Send transactional SMS messages.
  • Maintain audit logs, troubleshoot issues, prevent fraud, enforce policies, and comply with legal obligations.
  • Improve Somavue's product, onboarding, support, and marketing funnels.

4. Third-Party Providers

We use third-party providers to operate Somavue. Current or planned providers include:

  • Vultr: application hosting and database infrastructure.
  • Stripe: payment processing, Stripe Connect onboarding, Stripe Terminal, payouts, disputes, and payment compliance.
  • Flowroute: transactional SMS delivery and SMS opt-out handling.
  • S3-compatible object storage: storage for uploaded files or generated documents when those features are enabled.

These providers process data only as needed to provide infrastructure, communications, payment, storage, support, security, or compliance services. Stripe's processing is also governed by Stripe's own privacy policy.

5. SMS Privacy

Somavue uses SMS for transactional messages such as staff verification, invitations, appointment reminders, check-in notices, and related operational messages.

We do not sell, rent, or share SMS opt-in data or phone numbers for marketing or promotional purposes. SMS data may be shared with carriers, messaging providers, and vendors needed to deliver messages and honor opt-outs.

6. Cookies and Similar Technologies

Somavue uses cookies and local browser storage for authentication, session continuity, security, selected location, theme, locale, and small interface preferences. We do not use third-party advertising cookies in the product.

7. Data Retention

We retain information as long as needed to provide Somavue, maintain shop records, comply with legal obligations, resolve disputes, enforce agreements, and preserve security evidence.

Intake, check-in, consent, pain-map, payment, audit, and legal records may be retained beyond ordinary account activity because shops may need them for legal, operational, accounting, or care-readiness reasons. Backups may retain deleted data for a limited period before aging out.

8. Security

Somavue uses security controls appropriate for a multi-tenant shop operations platform, including TLS in transit, tenant-scoped access checks, passkey-based staff authentication, hashed session tokens, audit logging, database constraints, and restricted operational access.

No system is perfectly secure. You are responsible for keeping your staff devices, kiosk devices, sessions, and authorized users secure.

9. Health-Adjacent and Sensitive Information

Somavue may store health-adjacent information such as intake answers, pain maps, service notes, pregnancy status, injury history, medications, consent evidence, and guardian-consent confirmations. Shops are responsible for deciding what they collect and for complying with laws that apply to their business and customer population.

Somavue is not expected to be a HIPAA covered entity in ordinary massage/bodywork shop workflows. If a shop is a covered entity or uses Somavue for protected health information, additional terms or compliance arrangements may be required.

10. Children's and Minor Information

Somavue is not directed to children under 13 as account holders. Shops may use Somavue to book or check in minors as patients when handled by a parent, legal guardian, or authorized adult. When Somavue knows a client is under 17, kiosk check-in may require a guardian confirmation before the visit proceeds.

11. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict certain personal information. To exercise privacy rights, contact the shop that controls your record or contact Somavue at privacy@somavue.com.

Some records cannot be deleted immediately if retention is required for legal, security, audit, payment, dispute, accounting, backup, or shop-record obligations.

12. US State Privacy Notices

Somavue does not sell personal information and does not share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than providing, securing, supporting, and improving the service.

California, Texas, and other US state residents may exercise applicable privacy rights by contacting privacy@somavue.com. We will not discriminate against you for exercising those rights.

13. International Access

Somavue is operated from the United States. If you access Somavue from outside the United States, your information may be processed in the United States, where privacy laws may differ from those in your location.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will show a new effective date. Continued use of Somavue after an update means the updated policy applies.

15. Contact

Questions about this Privacy Policy may be sent to privacy@somavue.com.