Security & trust
Your clients' privacy is the whole point
Stillbook exists to make running a calm, confidential practice easy. Here's how we protect the people who trust you.
We never sell your clients' data — no ad trackers, ever
Not on your dashboard, not on your booking page, not on the links your clients use. Third-party analytics live only on this public marketing site, and they're cookieless. On every surface that touches client information, there are zero trackers — and that's enforced in our code, not just promised.
Meets your board's & association's confidentiality duty
Every massage therapist owes their clients confidentiality, whether or not HIPAA applies to them. Stillbook is built to honor that duty by default — so you're covered regardless of how your practice is classified.
Self-serve BAA on every plan
If you need a Business Associate Agreement, you accept it in-app at signup and we countersign it — no sales call, no upgrade required. The agreement is right there for you to read first.
The mechanics
The protections behind the promises.
Encryption
Data is encrypted in transit, and at rest with managed keys.
Tenant isolation
Each practice's data is isolated from every other practice at the database level.
Multi-factor authentication
Protect your account with an authenticator app.
Audit logging
Record-level logs of who accessed which record and when — kept free of client details by design.
Minimal egress
Texts, emails, and calendar entries carry only the minimum needed — never your full client records.
US data residency & backups
Your data is hosted in the US with regular backups.
Read our Privacy Policy, Terms, and the Business Associate Agreement.