← Back to Home

Privacy Policy

Last updated: February 19, 2026

Introduction

LMT Assistant ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

Information We Collect

We collect information that you provide directly to us, including:

• Account information (name, email address, password)
• Professional information (business name, license details, insurance policies, continuing education credits)
• Client information that you enter into the app (names, contact details, addresses)
• Appointment and session data (scheduling, session notes, SOAP notes)
• Financial information for invoicing, expense tracking, income tracking, and 1099 records
• Mileage and location data for travel tracking (when you choose to use this feature)
• Photos and images of documents you upload for AI scanning (receipts, credentials, tax forms, insurance documents, booking screenshots)
• Therapist network contacts (professional contacts you choose to save)
• Subscription and purchase data (managed by RevenueCat through Apple/Google)
• Push notification tokens (for credential renewal reminders and appointment alerts)
• Referral code usage
• Usage data and app analytics

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Process uploaded images through AI services to extract text data from receipts, credentials, tax documents, and booking screenshots
• Calculate mileage for business travel deductions
• Generate reports and business insights
• Send push notifications for credential renewal reminders and appointment alerts
• Manage your subscription through RevenueCat
• Display advertisements in the free tier through Google AdMob
• Send you technical notices, reminders, and support messages
• Respond to your comments and questions
• Protect against fraudulent or illegal activity

AI-Powered Document Processing

When you use the App's scanning features (for receipts, 1099 forms, credentials, insurance documents, or booking screenshots), your images are transmitted to third-party AI services for text extraction:

• OpenAI (GPT-4o Vision): Primary service for analyzing all document types and extracting structured data
• AWS Textract: Fallback service for OCR processing of tax forms
• Mindee: Fallback service for receipt parsing
• Google Cloud Vision: Last-resort fallback for general document OCR

Important details about AI processing:

• Images are transmitted over HTTPS to these services
• HEIC images (common on iPhones) may be converted to JPEG format before transmission for compatibility
• Images are processed solely for text extraction and are not stored by these services beyond the processing request
• Extracted PHI fields (client names, addresses) are encrypted using AES-256 before being stored in our database
• AI scanning is optional. You can always enter information manually

Data Security and Encryption

We implement robust technical and organizational measures to protect your personal information:

• Encryption: All Protected Health Information (PHI) including client names, addresses, phone numbers, email addresses, intake notes, and SOAP notes are encrypted using AES-256-CBC encryption with PBKDF2 key derivation
• Per-User Keys: Each user's data is encrypted with unique, per-user encryption keys derived from secure random salts
• Encrypted Backups: Data exports and backups are fully encrypted before leaving the device
• Offline Security: Data queued while offline is encrypted per-user with automatic 30-day expiration
• Session Security: Automatic session timeout after 15 minutes of inactivity
• Biometric Authentication: Optional biometric (Face ID/Touch ID) authentication for enhanced security
• Row-Level Security: Database-level policies ensure users can only access their own data
• Audit Logging: Sensitive operations are logged for security monitoring

We follow HIPAA guidelines for handling protected health information (PHI).

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. You can request deletion of your account and associated data at any time through the app settings.

Third-Party Services

We share information with third-party service providers who perform services on our behalf:

• Supabase: Database, authentication, and file storage (data stored in the United States)
• OpenAI: AI-powered document scanning and text extraction (see AI Processing section above)
• AWS Textract: OCR document processing for tax forms
• Mindee: Receipt parsing
• Google Cloud Vision: Document OCR
• Google Maps, Places, and Directions APIs: Location services, address lookup, and mileage calculation
• RevenueCat: Subscription management (processes through Apple's App Store and Google Play; we do not access your payment details)
• Google AdMob: Displays advertisements in the free tier of the App
• Apple and Google Sign-In: Optional authentication methods
• Spotify: Optional music integration for session ambiance (requires separate authorization and can be disconnected at any time)
• Sentry: Anonymous crash reporting and error tracking (not linked to your identity)
• Expo Push Notifications (APNs/FCM): For delivering credential renewal reminders and appointment alerts

Each third-party service has its own privacy policy governing the data they receive.

Therapist Network Data

The App includes a Therapist Network feature for storing professional contacts. When sharing another therapist's contact information:

• You are responsible for obtaining permission before sharing a therapist's contact information with clients
• Contact information you store (name, phone, website, social media) is encrypted on our servers
• We do not share therapist network data with third parties

Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your information
• Export your data (encrypted backups)
• Opt out of marketing communications
• Opt out of AI scanning by entering information manually

Advertising

The free tier of the App displays advertisements through Google AdMob. AdMob may collect device information and use advertising identifiers to serve relevant ads. You can opt out of personalized advertising through your device settings. Upgrading to the Pro subscription removes all advertisements.

Children's Privacy

The App is designed for licensed massage therapy professionals and is not intended for use by children under 17. We do not knowingly collect information from children.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Suite 327 Development LLC
Email: admin@suite-327.com

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.