Massage Mojo Privacy Policy

Last updated: October 9, 2025

This Privacy Policy explains how Massage Mojo Pain Relief Clinic (“we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information when you visit our clinic, use our website, book appointments, or communicate with us.

1) Who we are (Data Controller / Custodian)

Clinic name: Massage Mojo Pain Relief Clinic
Address: 1710 Centre street NE, Unit 201, Calgary, Alberta, Canada
Email: privacy@massagemojo.ca

Phone: 403-402-3889
Website: https://massagemojo.ca
Privacy contact: Tura Adam

2) What information we collect

We may collect the following categories of information:

Identity & contact – name, preferred name, date of birth, address, phone, email, emergency contact.

Health & intake – medical history, injuries, medications, allergies, contraindications, treatment goals, session notes, informed consent forms, practitioner observations, and rebooking preferences.

Appointment & transaction – booking history, reminders, confirmations, cancellations, payment method, partial card details/token (via our payment processor), receipts, and insurance claim information (if applicable).

Device & usage – IP address, browser type, pages visited, links clicked, session duration, and cookies/analytics as described in Section 10.

Communications – emails, texts, voicemails, and messages sent via our website or booking platform.

Media/CCTV – if signage indicates CCTV on premises for security, footage may capture visitors in common areas (no recording in treatment rooms).

We collect information directly from you, from your use of our services, from third-party booking/payment providers, and (with your consent) from referring providers or insurers.

3) Why we collect it (Purposes + Legal Bases)

We use personal information to: – Provide therapeutic massage and related services, and personalize treatment plans. – Assess safety and contraindications; obtain and record informed consent. – Schedule appointments; send confirmations, reminders, and follow-ups. – Process payments, issue receipts, manage packages/memberships, and handle refunds. – Maintain clinical records, supervise quality of care, and support continuity between practitioners. – Communicate about your care, updates, and clinic notices. – Handle insurance claims or receipts (if applicable) and coordinate with referring providers (with consent). – Operate and secure our website, booking systems, and facilities. – Comply with legal/regulatory requirements, respond to lawful requests, and prevent fraud. – Send marketing communications (only with consent where required, and with opt-out at any time).

If in the EU/UK (GDPR): Our legal bases include: performance of a contract (Art. 6(1)(b)), compliance with legal obligations (Art. 6(1)(c)), legitimate interests (Art. 6(1)(f) – e.g., clinic security and basic analytics), and consent (Art. 6(1)(a)) for certain communications. Health data (special category) is processed under Art. 9(2)(h) for health care and Art. 9(2)(a) with your explicit consent where required.

If in Canada (PIPEDA/Provincial HIA): We collect, use, and disclose personal health information with appropriate consent, limited to purposes a reasonable person would consider appropriate in the circumstances, and subject to access and correction rights. Additional provincial rules (e.g., Alberta HIA) may apply.

If in the U.S. (HIPAA): When applicable, we protect Protected Health Information (PHI) per HIPAA and state law. You may request our Notice of Privacy Practices.

4) Consent

We rely on your informed consent for collection and use of health information where required. You may withdraw consent at any time, subject to legal or contractual restrictions (e.g., record-keeping requirements). Withdrawing consent may impact our ability to provide services.

5) How we share information

We do not sell personal information. We may disclose information to: – Practitioners and staff involved in your care and clinic operations (need-to-know basis). – Service providers (data hosting, booking, EMR, messaging, analytics, payment processing) under contracts requiring confidentiality and security (e.g.,JaneApp,  stripe or square). – Referring providers/insurers with your consent or as permitted/required by law. – Regulators and authorities in response to lawful requests or to protect rights, safety, or property. – Business transfers in the event of a merger, acquisition, or asset sale; we will provide notice and choices as required by law.

International transfers: If data is stored/processed outside your region, we take steps to protect it (e.g., standard contractual clauses for EU/UK; comparable safeguards for Canada).

6) Retention

We retain records only as long as necessary for the purposes described and to comply with legal/insurance/regulatory requirements. Typical retention for clinical records is 10 years after the last visit (insert your jurisdiction’s requirement). We securely destroy or anonymize data when no longer needed.

7) Your rights

Depending on your location, you may have rights to: – Access and obtain a copy of your information. – Correct incomplete or inaccurate information. – Delete/erase information (subject to legal retention obligations). – Restrict or object to certain processing (e.g., direct marketing). – Data portability (where applicable). – Withdraw consent at any time (does not affect prior processing).

To exercise rights, contact us using the details in Section 1. We may need to verify your identity.

8) Children & vulnerable persons

Our services are available to minors with proper parental/guardian consent and consistent with applicable law and professional standards. We maintain additional safeguards for sensitive information.

9) Security

We implement administrative, physical, and technical safeguards appropriate to the sensitivity of the information, including: – Role-based access controls and authentication for staff. – Encrypted transmission (HTTPS) and encrypted storage where supported. – Secure record storage; limited paper files; locked cabinets. – Staff training on privacy, confidentiality, and incident response. – Vendor due diligence and confidentiality agreements.

No method of transmission or storage is 100% secure. We will notify you and/or regulators of a breach as required by law.

10) Website, cookies & analytics

Our website and booking platform may use cookies and similar technologies to operate, remember preferences, and perform basic analytics. You can control cookies through your browser settings. We may use privacy-focused analytics that collect de-identified or aggregated data. If we use third-party analytics or pixels (e.g., Google Analytics, Meta Pixel), they may set cookies and process data outside your country; see their policies for details. You can opt out of marketing cookies where legally required via our cookie banner or settings.

11) Communications preferences

  • Transactional messages (e.g., bookings, reminders, receipts) are necessary for service delivery.
  • Marketing messages (e.g., promotions, newsletters) are sent only with consent where required. You can unsubscribe via the link in our emails or by contacting us.
  • Text messages/SMS: By providing your mobile number, you consent to receive appointment-related texts. Message/data rates may apply. Reply STOP to opt out.

12) Third-party links

Our website may contain links to third-party sites or services. We are not responsible for their privacy practices. Review their policies before providing information.

13) Insurance claims (if applicable)

If you request insurance receipts/claims, we may share limited information required to process the claim (e.g., dates of service, provider details, fees, and codes). We will obtain consent where required by law.

14) Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a new “Last updated” date. Material changes will be communicated through reasonable means.

15) Contact us

Questions or requests about this Policy or your information can be sent to:

Privacy Officer
Massage Mojo Pain Relief Clinic
1710 Centre Street, NE #201
privacy@massagemojo.ca | 4034023889

If you have unresolved concerns, you may have the right to lodge a complaint with your local data protection authority/regulator.

Jurisdictional notices

Canada (PIPEDA / AB HIA): You may request access to and correction of Personal Information/Personal Health Information held by us. Our Privacy Officer will respond within statutory timelines. If you are in Alberta, you may contact the Office of the Information and Privacy Commissioner of Alberta regarding complaints.

U.S. HIPAA (if applicable): Our separate HIPAA Notice of Privacy Practices describes how we use and disclose Protected Health Information and your HIPAA rights. Request a copy at reception or via email.