Privacy Policy
Last updated: May 29, 2026
This Privacy Policy describes MileStem's privacy practices as a software platform. It is not a healthcare provider Notice of Privacy Practices. Your provider organization may have its own privacy notices and policies governing its use and disclosure of client information.
MileStem ("we," "our," or "us") is a practice management platform developed and operated by MileStem LLC. This Privacy Policy describes how we collect, use, and protect information when you visit milestem.com, use the MileStem platform at milestem.app, or otherwise interact with MileStem.
MileStem is designed for Early Intervention (EI), Applied Behavior Analysis (ABA), and other pediatric therapy providers. We are committed to protecting the privacy and security of all information entrusted to us, including Protected Health Information (PHI) as defined under HIPAA.
1. Information We Collect
We collect the following categories of information:
- Account information: Name, email address, role, and organization affiliation of registered users.
- Client records: Information about clients served by your organization, including names, dates of birth, addresses, guardian information, and service records. This information may constitute Protected Health Information under HIPAA.
- Visit and session documentation: Visit notes, session summaries, signatures, and related clinical documentation.
- Forms and consents: Completed state-required forms, consent documents, and signatures.
- Google Calendar data: When you choose to connect your Google Calendar, we access your calendar events solely to display your schedule within MileStem and to create or update calendar events corresponding to scheduled visits. See Section 4 for full details.
- Usage data: Log data, audit trails, and activity records generated through your use of the platform.
2. How We Use Your Information
- Provide, operate, and maintain the MileStem platform
- Enable visit documentation, form completion, and digital signature workflows
- Facilitate communication between providers and families through the platform
- Generate and store clinical documentation and state-required forms
- Sync scheduled visits with connected Google Calendar accounts
- Maintain audit logs for compliance and security purposes
- Provide customer support
We do not sell your information or use Protected Health Information for advertising. We do not use Google Calendar data for advertising, analytics, or any secondary purpose. We use information only as reasonably necessary to provide, secure, support, maintain, and improve the MileStem platform and related services.
3. How We Share Your Information
We do not sell, rent, or trade your personal information or Protected Health Information to any third party.
- Service providers: We use third-party infrastructure and service providers to operate MileStem, including database, storage, hosting, authentication, and related services. Where required, we enter into appropriate agreements with service providers that may create, receive, maintain, or transmit Protected Health Information on our behalf.
- Legal requirements: We may disclose information if required by law, court order, or government authority.
- With your consent: We may share information in other circumstances with your explicit consent.
4. Google Calendar Integration
MileStem™ offers an optional integration with Google Calendar. If you choose to connect your Google Calendar account:
- What we access: We request access to read your Google Calendar events and to create or update calendar events on your behalf.
- Why we access it: Google Calendar data is used solely to display your existing schedule within MileStem and to automatically create calendar events when visits are scheduled through the platform.
- What we do not do: We do not access, store, share, transfer, or use your Google Calendar data except as necessary to provide the scheduling features described above. We do not use Google Calendar data for advertising, analytics, or any secondary purpose.
- Data storage: We store OAuth access and refresh tokens securely to maintain your calendar connection. These tokens are used only to make authorized API calls on your behalf.
- Revoking access: You may disconnect your Google Calendar at any time from Settings within MileStem, or directly at myaccount.google.com/permissions.
MileStem's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. HIPAA and Protected Health Information
- Data is encrypted in transit using TLS, and stored data is protected using encryption and access controls appropriate to the service and data type.
- Access to PHI is restricted by role-based permissions
- Each organization's data is isolated from all other organizations on the platform
- Audit logs track access to and modification of PHI
- Signatures and documents are stored in private, access-controlled storage
Organizations must have an appropriate Business Associate Agreement (BAA) with MileStem LLC before using MileStem to store, process, or transmit Protected Health Information.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. Upon account termination, we may delete or anonymize data within 90 days after any applicable export period, except where retention is required by law, contract, backup retention practices, security obligations, dispute resolution, or legitimate business purposes.
7. Your Rights
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information
- Receive a copy of your information in a portable format
8. Security
We implement technical and organizational measures designed to protect your information, including encryption, access controls, and regular security reviews.
9. Children's Privacy
MileStem is a platform for healthcare providers, not for direct use by children. While the platform processes records related to child clients as part of its clinical documentation functions, it is not directed at children and does not knowingly collect personal information directly from children.
Client records related to children are provided by healthcare organizations, authorized users, or parents/guardians as part of care documentation workflows.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or through a notice within the platform.
11. Contact Us
- Company: MileStem LLC
- Email: info@milestem.com
- Platform: MileStem — milestem.app