Privacy Policy
Last updated: March 5, 2026
Introduction
Enable Sleep, Inc. ("Enable Sleep," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Enable Sleep platform and related services, including our text messaging (SMS) appointment reminder program.
HIPAA Compliance
Enable Sleep is designed to be HIPAA-compliant. We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI). We enter into Business Associate Agreements (BAAs) with all healthcare practice clients and with our sub-processors, including our cloud infrastructure and messaging service providers.
Information We Collect
We may collect the following types of information:
- Account information: Name, email address, phone number, practice type, and professional credentials
- Patient information: Name, contact information, appointment details, and clinical data as entered by healthcare providers using the platform
- Messaging consent data: Records of opt-in and opt-out for SMS appointment reminders, including timestamps, consent version, and IP address
- Usage data: Log data, device information, browser type, and analytics about how you interact with our platform
- Phone numbers: Mobile phone numbers provided for the purpose of receiving appointment reminder text messages
How We Use Your Information
- To provide and improve our healthcare platform services
- To send appointment reminder notifications via SMS and/or email when you have opted in
- To communicate with you about your account, service updates, and platform features
- To comply with legal and regulatory obligations, including HIPAA
- To maintain audit logs as required for healthcare compliance
SMS/Text Messaging Privacy
When you opt in to receive SMS appointment reminders through the Enable Sleep platform:
- We will not sell, rent, or share your mobile phone number or any information collected through our SMS program with third parties or affiliates for marketing or promotional purposes.
- Your phone number is used solely for the purpose of sending appointment reminders and related transactional messages from your healthcare provider.
- We do not send marketing, promotional, or advertising messages via SMS.
- SMS messages do not contain Protected Health Information (PHI) or specific appointment details — they are generic notifications directing you to log in to the secure patient portal.
- Your opt-in consent, opt-out requests, and message delivery records are logged for compliance and audit purposes only.
- Our SMS messaging service providers are bound by contractual obligations to protect your data and are prohibited from using your information for any purpose other than delivering messages on our behalf.
Data Sharing and Disclosure
We do not sell your personal information. We may share information only in the following circumstances:
- With healthcare providers: Patient data is accessible to the healthcare practice that entered it, as part of the treatment relationship
- With service providers: We use third-party providers (cloud hosting, messaging delivery) who are contractually bound to protect your data and process it only on our behalf
- For legal compliance: When required by law, regulation, legal process, or governmental request
- With your consent: When you have explicitly authorized a specific disclosure
We do not share, sell, or disclose your mobile information (including phone numbers and SMS opt-in data) to third parties or affiliates for their marketing or promotional purposes.
Data Security
We use industry-standard encryption and security measures to protect your data. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is restricted to authorized personnel through role-based access controls. We maintain audit logs of all access to sensitive data as required by HIPAA.
Data Retention
We retain your information for as long as your account is active or as needed to provide services. Messaging consent records and opt-out logs are retained for a minimum of 5 years for regulatory compliance. You may request deletion of your data subject to our legal retention obligations.
Your Rights
- Access to your personal information
- Right to correct inaccurate data
- Right to request deletion of your data (subject to legal retention requirements)
- Right to opt out of SMS appointment reminders at any time by replying STOP to any message
- Right to opt out of marketing communications
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: support@enablesleep.com
Enable Sleep, Inc.