Privacy Policy

Effective as of October 1, 2025.

Terra Massage Boutique ("we", “us”, “our”) is committed to safeguarding the privacy, confidentiality, and security of your personal and health information. This Privacy Policy sets out how we collect, use, disclose, retain, and protect personal and health information in accordance with the Personal Health Information Protection Act, 2004 (Ontario) (“PHIPA”), the professional standards of the College of Massage Therapists of Ontario (CMTO), and applicable privacy laws in Canada.

1. Definitions

  • Personal Information: Information that identifies you or could reasonably identify you, such as name, contact information, billing information.

  • Personal Health Information (PHI): As defined under PHIPA, including your health history, treatment notes, medications, consent forms, assessment findings, health conditions, etc.

  • Health Information Custodian (HIC): The person or entity legally responsible for the custody, control, and protection of PHI under PHIPA.

2. Health Information Custodian

Your health records are under the custody and control of Terra Massage Boutique (the Health Information Custodian). The custodian is responsible for ensuring that PHI is stored, used, disclosed, and destroyed in compliance with PHIPA and CMTO requirements.

3. Information We Collect

We collect only what is necessary to provide safe, effective, and professional massage therapy services. This may include:

  • Contact information: name, date of birth, mailing address, telephone, email address.

  • Health information: your health history, current medical/paramedical/medication status, allergies, previous injuries, surgical history, other relevant health‐conditions, assessment findings, treatment notes, progress, consent forms.

  • Financial / payment information: billing and payment data needed to charge for services; insurance or third‐party payer information if applicable.

4. Storage of Records

Records are stored securely in our electronic practice management system (Zenoti), which is a cloud-based platform that uses Amazon Web Services (AWS) with industry-standard encryption. Please note that this means your data may be stored outside of Canada. 

5. How We Use Your Information

We use your PHI and other personal information for purposes that are necessary and legitimate in the provision of massage therapy. These include:

  • To assess your health and medical condition and design safe and appropriate treatment.

  • To maintain accurate clinical records, as required by legislation and by the College of Massage Therapists of Ontario (CMTO).

  • To maintain treatment records.

  • To schedule, confirm and remind appointments.

  • To send follow-up or aftercare communications.

  • To bill you, to manage insurance or third-party billing, if applicable.

  • To comply with legal, regulatory, and professional obligations under PHIPA and CMTO.

  • For internal quality assurance and training, in de-identified form whenever possible.

6. Disclosure of Information

We only disclose your PHI or personal data in the following circumstances:

  • With your consent, where required (for example, to another healthcare provider or insurer).

  • Without consent, only as permitted or required by law (e.g., mandated reporting, court orders).

  • To authorized clinic staff who require access for clinical, administrative, or billing functions—these staff are bound by confidentiality.

  • In the event of a clinic sale or business transfer, your PHI may be transferred to a successor custodian, but only under legal rules and with proper safeguards, and you will be notified.

7. Retention and Destruction of Records

  • We retain PHI, including charts, intake and consent forms, images, and progress notes, for at least 10 years after your last appointment, or 10 years after your 18th birthday, whichever is later, per CMTO/PHIPA requirements.

  • Records are stored electronically via Zenoti and, if any physical documents exist, securely locked on-site.

  • After the retention period, records are securely destroyed or permanently deleted.

8. Your Rights

You have certain rights under PHIPA, including:

  • To access your health records, including treatment notes, within reasonable time and cost.

  • To request correction of information that is inaccurate or incomplete.

  • To withdraw previous consent for the collection, use, or disclosure of your PHI, except where such collection, use, or disclosure is required by law.

  • To be informed of any breach of PHI that poses a real risk of significant harm.

9. Electronic Communications, Forms & Marketing

  • We may use digital forms / charting / intake systems to allow pre‐appointment forms, consents, treatment notes, and in certain cases, photos to be captured and stored electronically.

  • Any before/after photographs or other clinical photos will be taken only with your knowledge and explicit consent, and will be stored securely.

  • For communications (email, SMS, etc.), we distinguish between essential communications (appointment scheduling, reminders, treatments) and marketing communications (promotions, clinic news). You will always have the ability to opt-in or opt-out of receiving marketing communications.

10. Safeguards

We use physical, technical, and administrative protections to maintain the privacy and security of your information. This includes, but is not limited to:

  • Secure access controls and role-based permissions in Zenoti.

  • Encryption of data in transit and at rest.

  • Training of staff on privacy, confidentiality and PHIPA obligations.

  • Secure storage or destruction of paper records if any.

11. Breach Notification

In the event of a privacy breach involving PHI (e.g. loss, unauthorized access, disclosure), we will comply with PHIPA’s requirements for notification: assess the risk, notify individuals affected where there is a real risk of significant harm, report to the Information and Privacy Commissioner of Ontario, and take steps to mitigate.

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our operations, or changes in features/settings of Zenoti. The version of this policy in force will always have the “Effective date” noted.

13. Contact Information

If you have questions, concerns, or requests concerning your personal or health information, or wish to make a request for access or correction, please contact:

Melissa Lesic, Owner, RMT
Health Information Custodian
Terra Massage Boutique
4 Collier St., #202, Toronto, ON M4W 2G9
hello@terramassage.ca
416-990-4995

You may also contact the Information and Privacy Commissioner of Ontario if you believe your privacy rights under PHIPA have not been respected.