SMS messaging consent

Miaise is a HIPAA-architected practice tool for licensed massage therapists, operated by Deckmint LLC (Saint Peters, MO). SMS is sent through AWS End User Messaging under an executed AWS Business Associate Agreement, from a registered United States toll-free number.

One transactional SMS per intake event: a tokenized link to a pre-session health intake form (surgery history, blood thinners, pregnancy, contraindications). No marketing. No promotional content. No recurring drips.

Expected frequency is one to two messages per booking, typically sent within 24 hours of the appointment. Volume is bounded by how often a client books with their therapist; recipients who book monthly receive at most one or two messages per month.

Message and data rates may apply, set by the recipient's mobile carrier. Miaise does not charge recipients for SMS.

During booking, the therapist asks the client:

“Before your session I'll text you a quick health intake form. Is the number ending in [last 4 digits]still good for that, and are you ok to receive it by text?”

Booking happens out-of-band by phone, in person, or through the therapist's own scheduling page. The therapist confirms the number and the SMS channel verbally before any message is queued.

• The therapist enters the client into the Miaise mobile app and taps the “Client consents to SMS at this number” toggle on the new-client form before submitting.
• The toggle persists as consentsToReminders: true on the client's contact-method record in our database.
• The Miaise backend (the sendIntakeLink Cloud Function) enforces the flag as a hard precondition on every send. Without the flag set to true, the function refuses to dispatch and writes a consent_required rejection to the audit log. No flag, no message.

• The toggle stays off; the consent flag stays false.
• The backend rejects any send attempt against that contact method. No SMS is delivered.
• The client receives intake forms by another channel (paper, in-office tablet, or email) at the therapist's discretion.

Clients can revoke consent at any time, two ways:

• Reply STOP to any message. STOP is processed by the carrier and AWS at the SMS layer; the recipient is unsubscribed immediately and Miaise stops dispatching to that number.
• Or ask the therapist to clear the consent flag on the contact method record. The therapist can do this in-app at any time; the backend stops sending immediately on the next dispatch attempt.

HELP replies are answered by AWS End User Messaging with a standard help response identifying Miaise as the sender and pointing recipients to hello@miaise.com for support.

“Miaise: Jasmine sent you a pre-session intake form. Complete here: https://miaise.com/i/{token}. Reply STOP to opt out.”

Tokens are 32-character random identifiers, single-use, and expire 7 days after issue. A static preview of the form a recipient lands on is at /i/sample.

SMS message bodies contain no protected health information. The body includes only the therapist's first name and the tokenized intake-form URL. Health screening answers are collected on the web form (over TLS 1.3) and stored encrypted at rest under our HIPAA posture, visible only to the booking therapist.

Phone numbers are stored on the client's contact-method record and used solely for transactional intake dispatch. Numbers are never shared, sold, or used for marketing. See our Privacy Policy and Security overview for the full data-handling story.

Carrier compliance, BAA copies, or recipient support: hello@miaise.com.