Privacy Policy

Effective date: July 17, 2026

Practisaurus is a practice-management platform operated by OmgSamesies LLC ("Practisaurus," "we," "us"). This policy explains what information we collect, how we use it, and the choices you have. It covers the practisaurus.app website and the Practisaurus application.

Two kinds of data, two roles

Practisaurus handles information in two distinct capacities, and your rights differ depending on which applies.

Data we control. When a practice signs up for Practisaurus, or you create an account or visit our website, we collect and control that information: account details, billing, and usage of our service.

Data we process for practices. Practices use Practisaurus to keep records about their clients โ€” contact details, appointments, clinical notes, messages, and attendance. That information belongs to the practice, not to us. The practice is the healthcare provider (the "covered entity" under HIPAA), and we process client records only on its behalf, as its business associate, under our Business Associate Agreement (BAA). If you are a client of a practice that uses Practisaurus and you have questions about your records, contact your practice โ€” it controls them, and we act on its instructions.

Information we collect

  • Account information. Name, email address, and a password (stored hashed โ€” we cannot read it). Practices also provide practice details such as the practice name, locations, and timezone.
  • Practice records. Information practices enter about their clients, as described above. This can include protected health information (PHI) and is handled under HIPAA and the practice's BAA with us.
  • Payment information. Payments are processed by Stripe. Card numbers go directly to Stripe and never touch our servers; we keep only a reference to the payment method (such as the card brand and last four digits) and transaction records.
  • Technical information. Server logs (including IP addresses), session cookies needed to keep you signed in, and basic usage records. We do not use third-party advertising trackers.

Text messaging (SMS)

Practices can use Practisaurus to send appointment-related text messages to clients who have consented โ€” for example, a link to check in when arriving for an appointment. These messages are transactional and informational only; we do not send marketing texts. Our text messaging program page describes the program in full, including every way consent is collected.

  • Clients consent either by checking an unchecked consent box when booking online, or verbally or in writing during intake with their practice, which practice staff record in Practisaurus. Consent is freely given and is never a condition of receiving care, booking an appointment, or completing any transaction.
  • Message frequency varies with your appointments. Message and data rates may apply.
  • Reply STOP at any time to opt out, or HELP for help. Clients who opt out, or who never consented, are not texted.
  • Messages are kept to the minimum necessary: they do not include clinical details, diagnoses, or the nature of the practice's services.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties. Mobile phone numbers and consent records are used solely to deliver the messages described above, through our message-delivery infrastructure provider acting on our instructions (see "Service providers" below). We do not share or sell mobile numbers or SMS consent data โ€” to anyone, for any marketing or promotional purpose, ever.

How we use information

We use the information we control to provide and operate the service, process payments, provide support, secure the platform, and meet legal obligations. We use practice records only to provide the service to the practice, as its BAA directs. We do not sell personal information, and we do not use client records for advertising โ€” ever.

Service providers

We use a small number of service providers to run Practisaurus, under agreements that limit what they may do with the data:

  • Amazon Web Services (AWS) โ€” hosting, infrastructure, and text message delivery, under a Business Associate Agreement.
  • Stripe โ€” payment processing. Stripe receives payment details and never receives client health information.

Security

All traffic to and from Practisaurus is encrypted in transit (HTTPS). Access to practice records is controlled per practice: staff see only what their role allows, and one practice can never see another's records. Records are retained with an audit trail of who changed what, and deletions are soft by default so clinical history is not silently lost.

Retention and deletion

We retain account data for as long as the account is active and as needed afterward for legal and operational purposes. Practice records are retained on behalf of the practice โ€” healthcare records carry their own legal retention requirements, which the practice directs. To close an account or request deletion, contact us; requests concerning client records go through the practice that holds them.

Children

Our website and accounts are not directed to children under 13, and we do not knowingly collect information from them. Practices may maintain records about minor clients as part of providing care; those records are the practice's, handled under HIPAA as described above.

Changes to this policy

We may update this policy from time to time. We will post changes here and update the effective date; material changes will be communicated to practices directly.

Contact

Questions about this policy or your data:

OmgSamesies LLC ยท help@practisaurus.app