SMS messaging consent

Miaise is a HIPAA-architected practice tool for licensed practitioners providing hands-on therapeutic, bodywork, esthetic, or adjacent professional services, including licensed massage therapists, estheticians, athletic trainers, and manual therapists. Miaise is operated by Deckmint LLC (Saint Peters, MO). SMS is sent through Telnyx, a US-based cloud communications provider, from a registered United States toll-free number.

Telnyx operates as a conduit carrier under HIPAA's conduit exception (45 CFR 164.504(e)), which covers entities that transmit protected health information but have no access to it and retain no copies. As the load-bearing customer-side mitigation, Miaise applies strict body-redaction discipline: SMS message bodies contain no therapist names, no client names, no clinical vocabulary, no studio address, and no service or modality detail. An intake-link message carries only a tokenized link to the secure intake form; a card-capture message carries only a secure link plus the appointment date and time, so you can recognize the request. Health screening data flows over TLS 1.3 on the intake web form, not through the SMS carrier.

Transactional SMS only, tied to a specific booking or client request. The most common message is a tokenized link to a pre-session health intake form (surgery history, blood thinners, pregnancy, contraindications). Where your therapist asks to save a card for amounts you may owe, you may also receive a single secure card-capture link tied to your appointment. No marketing. No promotional content. No recurring drips.

Expected frequency is one to two messages per booking, typically sent within 24 hours of the appointment. Volume is bounded by how often a client books with their therapist; recipients who book monthly receive at most one or two messages per month.

Message and data rates may apply, set by the recipient's mobile carrier. Miaise does not charge recipients for SMS.

For bookings made by phone, in person, or through any out-of-band channel, the therapist obtains verbal consent during the booking conversation:

“Before your session I'll text you a quick health intake form. Is the number ending in [last 4 digits]still good for that, and are you ok to receive it by text?”

The therapist confirms the number and the SMS channel verbally before any message is queued. This remains the primary path for bookings that do not go through the public booking page.

When a client books through a therapist's public Miaise booking page, the contact form includes a consent block before the optional notes field. The block presents a short disclosure identifying Miaise as the sender on the therapist's behalf, describing the message types and frequency, noting that message and data rates may apply, and providing the STOP opt-out instruction.

The client must affirmatively check an unchecked checkbox to proceed. Pre-checked boxes are not used. The disclosure text is captured verbatim on the booking record at submission time as a timestamped TCPA evidence trail, alongside the client's IP address and the UTC timestamp of the form submission.

Both paths, verbal and self-attested, produce the same stored flag: consentsToReminders: true on the client's contact-method record in our database. The send precondition is identical regardless of which path set the flag.

• For verbal consent: the therapist taps the “Client consents to SMS at this number” toggle on the new-client form in the Miaise mobile app before submitting.
• For booking-page consent: the flag is set automatically when the client submits the form with the checkbox checked.
• Either way, the flag persists as consentsToReminders: true on the client's contact-method record in our database.
• The Miaise backend (the sendIntakeLink Cloud Function) enforces the flag as a hard precondition on every send. Without the flag set to true, the function refuses to dispatch and writes a consent_required rejection to the audit log. No flag, no message.

• For verbal consent: the toggle stays off; the consent flag stays false.
• For booking-page consent: declining to check the box does not prevent the booking from being submitted; it means no intake SMS will be sent.
• The backend rejects any send attempt against that contact method. No SMS is delivered.
• The client receives intake forms by another channel (paper, in-office tablet, or email) at the therapist's discretion.

Clients can revoke consent at any time, two ways:

• Reply STOP to any message. STOP is processed at the carrier layer; the recipient is unsubscribed immediately and Miaise stops dispatching to that number.
• Ask the therapist to clear the consent flag on the contact-method record. The therapist can do this in-app at any time; the backend stops sending on the next dispatch attempt.

HELP replies return a standard response identifying Miaise as the sender and directing recipients to hello@miaise.com for support.

“Miaise: Tap to complete your form: https://miaise.com/i/{token}(expires in 7 days). Reply STOP to opt out.”

Tokens are 32-character random identifiers, single-use, and expire 7 days after issue. The body carries no therapist name, no client name, and no clinical vocabulary. A static preview of the form a recipient lands on is at /i/sample.

SMS message bodies contain no protected health information. The body carries only the tokenized intake-form URL. Health screening answers are collected on the intake web form (over TLS 1.3) and stored encrypted at rest under our HIPAA posture, visible only to the booking therapist.

Phone numbers are stored on the client's contact-method record and used solely for transactional intake dispatch. Numbers are never shared, sold, or used for marketing. See our Privacy Policy and Security overview for the full data-handling story.

Carrier compliance, toll-free verification details, or recipient support: hello@miaise.com.