Legal

Privacy Policy

Last updated: June 30, 2026

Somra Medical, Inc. (Somra, we, us) builds Remote Therapeutic Monitoring software for interventional pain practices. The platform has two parts that serve different people: the Somra patient app and the Somra provider dashboard. Because they collect and use information differently, this policy describes each one in its own section, and then covers the practices that apply to both.

For patients

The Somra patient app

The Somra patient app, listed in the app stores as Somra RTM, is for patients whose pain practice has invited them into a remote monitoring program. Access is invite only. You enter an organization code when you sign up, and a member of your care team approves your account before you can use the app.

Information we collect in the app

  • Account details: your name and email address, taken from the account you create to sign in.
  • Date of birth: collected once during onboarding to confirm your identity.
  • Daily check-ins: your ratings for pain, sleep, activity, and quality of life, plus any optional notes you choose to add.
  • Assessments: your answers to the periodic questionnaires your care team assigns, which can include questions about pain, sleep, mood, and recovery after a procedure.
  • Secure messages: the messages you exchange with your care team inside the app.
  • Consent records: the date, time, and version of the remote monitoring consent you agree to when you enroll.
  • Communication details: we may use your phone number to connect you with your care team and send you important updates.
  • Notification token: a device token that lets us send you reminders and message alerts.

Device permissions: the app asks only for permission to send push notifications, and only if you choose to turn them on. It does not access your camera, microphone, photos, location, contacts, health apps such as Apple Health or Google Fit, or biometric data.

How we use this information

  • To run your remote therapeutic monitoring program and make your check-ins and messages available to your care team.
  • To remind you when a check-in or assessment is due and to alert you to new secure messages. Notifications are written so they do not reveal health details on your lock screen.
  • To support the monitoring records your practice uses when it bills remote monitoring to your insurance. The billing itself is done by your practice, not by the app.
  • To raise alerts to your care team when your responses suggest that follow up may help.

Who can see it: your information is visible only to your provider's office and the care team responsible for you, and it becomes part of your medical record at that practice. We do not sell your information and we do not share it for advertising. If your care is reassigned within your practice, your new care team can see your history so your care continues without gaps.

The app is not for emergencies. If you are having a medical emergency, call 911 or go to your nearest urgent care.

For care teams and practices

The Somra provider dashboard

The Somra provider dashboard is the web workspace used by the people who deliver and administer care at a pain practice: clinicians, care team members, practice administrators, and Somra's own support staff. Patients cannot sign in to the dashboard.

Account information we collect: for each dashboard user we store a name, email address, assigned role such as provider, care team member, administrator, or support staff, and the organization and care teams that user belongs to. This comes from the account each user creates to sign in.

Patient information shown in the dashboard

  • Identity and demographics, including name, email, and date of birth.
  • Clinical profile details such as problem list, treatment summary, allergies, procedure type, monitoring track, and enrollment status.
  • Daily check-in scores and assessment responses, including trends and averages over time.
  • Clinical alerts that flag patients who may need follow up.
  • Adherence and compliance details for the monitoring program.
  • Secure chat messages with the patient.
  • Clinical notes that staff write about a patient.
  • The patient's recorded consent for remote monitoring.

How the dashboard works

  • Access controls: every action is checked on our servers. Users sign in through our authentication provider, and access is limited by role and by organization, so staff at one practice cannot see another practice's patients. Secure messaging is limited further to the care team assigned to each patient.
  • Monitoring time and billing: to support remote monitoring reimbursement, the dashboard records the time staff spend reviewing a patient's chart and checks whether each patient month meets the requirements for the relevant monitoring codes, for example CPT 98980 and 98981. Those requirements include a minimum amount of review time, a minimum number of days with patient data, and at least one live call. Administrators can review these records by care team and print billing reports. Somra does not process payments or submit insurance claims; your practice does that through its own systems.
  • Notifications: the dashboard shows care teams a feed of new patient messages and alerts, and care team members can receive push notifications on their phones. As in the patient app, the text of these notifications does not include health details.

Information shared across both

The patient app and the provider dashboard run on the same secure backend. Information you enter in the app, such as check-ins, assessments, consent, and messages, is made available to your care team in the dashboard, and the messages and updates your care team makes in the dashboard flow back to you in the app. This shared backend is what lets your care team follow your progress between visits.

How we protect information

  • Information is encrypted while it travels between your device and our systems.
  • Access is controlled by role and enforced on our servers for every request, not just hidden in the interface.
  • Sign in is handled by a dedicated authentication provider, and credentials are never stored in our own application code.
  • On mobile devices, your sign in tokens are kept in the device's secure storage.
  • We limit access to patient information to the Somra staff who need it to run and support the service.

No method of transmission or storage is ever completely secure, but we protect your information using safeguards appropriate for health data.

Service providers we use

We rely on a small set of vetted providers, sometimes called subprocessors, to operate the platform. Where a provider handles protected health information, it does so under a written agreement that requires it to safeguard that information.

  • Convex: our application backend and database, where platform data is stored and processed.
  • WorkOS: our authentication and account management provider, which holds user names, email addresses, and sign in credentials and sends account emails such as verification and password reset messages.
  • Mobile push services: used to deliver notifications to mobile devices through Expo, with Apple's push service on iPhone and Google Firebase Cloud Messaging on Android. Notification text is kept free of health details.
  • Hosting and fonts: the dashboard and website are served by our cloud hosting provider, and standard web fonts are loaded from Google's font service when you view the site.

We do not use analytics, tracking, or session recording tools inside the patient app or the provider dashboard, and we do not use advertising networks. This marketing website uses a privacy friendly, cookie free analytics tool to count aggregate visits, which does not identify individual visitors.

Data retention

Patient information collected through the app and dashboard becomes part of your medical record at your practice and is kept for as long as your practice requires, consistent with medical record laws. Secure messages are retained as part of that record. If you want information in your record changed or removed, contact your provider's office, which controls the record. Account information for dashboard users is kept while the account is active and for as long as we need it to meet legal and operational obligations.

Your choices and rights

  • Patients: because your practice controls your medical record, send requests to see, correct, or delete your health information to your provider's office. You can turn push notifications off at any time in the app or in your device settings.
  • Dashboard users: contact your practice administrator or Somra to update your account details or role.
  • Everyone: depending on where you live, you may have additional rights over your personal information under applicable privacy laws. We will work with you, and with your practice where relevant, to honor them.

Children's privacy

Somra is built for use within a care relationship managed by your practice and is not directed to children under 13. We do not knowingly collect information from children under 13 outside of that care relationship. If you believe a child has provided information to us in error, please contact us so we can address it.

Changes to this policy

We may update this policy as our platform and our legal obligations change. When we make a material change, we will update the date at the top of this page and, where appropriate, let you know through the app, the dashboard, or your practice.

Contact us

If you have questions about this policy or about your information, email us using the address below. If you are a patient, your provider's office can also help with questions about your medical record.

contact@somra.med

Somra Medical, Inc.