TechStack
Trust · The booking guarantee

Your booking system stays in charge. Always.

Retention IQ never holds calendar locks. Every booking attempt re-reads your system live. Every write uses an idempotency key so retries can't duplicate. Every action is logged to an immutable 7-year audit trail. Your front desk wins every race — by design.

Walk through the architecture with us See the 6 guarantees
HIPAA-compliant
AES-256 / TLS 1.3
BAA signed
Before any data moves
Idempotent writes
Zero duplicates
7-year audit log
Every action traced
1-click revoke
You retain control
The architecture

Six guarantees, written into the code.

Not promises. Architecture. Each guarantee is a property of the system that no operator action — ours or yours — can violate.

01

Re-read before every write

Every booking attempt re-verifies availability against your system in the same transaction. Stale data never reaches a write. The cache window between read and write is enforced at < 250ms.

02

Idempotency keys, always

Every booking write carries a unique idempotency key. If our request times out and we retry, your system returns the original confirmation. The same patient can never be double-booked by a network hiccup.

03

Your front desk wins every race

If your front desk and our system race to book the same slot, theirs commits first because they're writing directly to the source of truth. Ours has to re-verify, sees the conflict, and proposes alternates.

04

Rate-limited at four layers

1 read / sec / practice. 6 writes / min / practice. 100 reads / hr / practice. Per-practice circuit breaker after 5 consecutive errors. We can't DDoS your system even by mistake.

05

Immutable 7-year audit trail

Every read, every write, every patient message, every team-member access — logged with practice ID, user ID, timestamp, IP, before/after state. HIPAA-standard retention. Real-time visibility in your dashboard.

06

1-click revocation, instant effect

Revoke our API access in one click. All scheduled outreach pauses immediately. In-flight messages cannot create bookings because the revocation propagates within seconds. You retain full ownership of your booking system at all times.

Architecture

How every booking actually flows.

Read → re-verify → write with idempotency → audit log. Every step is a checkpoint against the booking system being the source of truth.

01 · INPUT Patient clicks SMS link 02 · READ Live availability check 03 · CHOICE Patient picks a slot 04 · RE-VERIFY Live, < 250ms before write 05A · CONFLICT Propose alternates Loop back to read 06 · WRITE Atomic + idempotency key 07 · SOURCE OF TRUTH Your booking system 08 · AUDIT LOG 7-yr retention · all actions Verification checkpoint Conflict path → propose alternates Atomic write to source of truth Audit side-channel

Every patient action passes through this flow. There is no "fast path" that skips re-verification. There is no write that doesn't audit. The architecture is the guarantee.

Integration depth

Your platform, supported.

Four integration patterns. Every platform supports at least one. The highest-value platforms support the deeper patterns first.

A Deep-link

Patient lands on your existing booking widget pre-filled. Zero API access needed. Every platform.

B Read mirror

We sync availability every 60s, propose specific times in messages. No writes.

C Write-back

Two-phase commit with idempotency. Booking happens from the SMS in one tap.

D Conversational

Two-way SMS booking with NLP, reschedule, cancel. Full audit trail.

Platform Vertical A · Deep-link B · Read C · Write D · Conv.
Open Dental Dental Q1 Q2
Dentrix Dental Q1 Q2
Eaglesoft Dental
Curve Dental Dental Q2 Q2
Eyefinity / VSP Optometry Q1 Q2
RevolutionEHR Optometry Q1 Q2
Athenahealth Specialty Q1 Q2 Q3
DrChrono Specialty Q1 Q2
Kareo / Tebra Specialty Q1 Q2
Boulevard Atelier Q1
Vagaro Atelier Q1 Q2
Mangomint Atelier Q1
Aesthetic Record Atelier Q1 Q2
Mindbody Studio Q1 Q2
Mariana Tek Studio Q1 Q2
ServiceTitan Field Q1 Q2
Housecall Pro Field Q1 Q2
Jobber Field Q1
FieldEdge Field Q2
live · available today Q1 / Q2 / Q3 · roadmap quarter · not planned (platform limitation)

Don't see your platform? Talk to us — if it exports a CSV, Pattern A is always available.

Trust FAQ

The questions every operator asks.

01 Can Retention IQ double-book a patient or client by mistake?
+
Architecturally, no. Retention IQ never holds calendar locks. Every booking attempt re-reads the practice's booking system live before writing, uses idempotency keys so retries can't duplicate, and respects the booking system as the single source of truth. If your front desk and our system race to book the same slot, your front desk wins — always — because their write happens directly against the source of truth and ours has to re-verify first.
02 What happens if our PMS or booking system is down?
+
We stop. If the practice's booking system is unreachable, Retention IQ does not propose specific times in messages and does not attempt writes. Patients are routed to your existing booking widget (which the practice owns) or to a hold-time response. We never invent availability.
03 Can our front desk revoke API access?
+
Yes, instantly. One click in the dashboard revokes our API token. All scheduled outreach pauses immediately. Existing messages still in transit cannot create new bookings because the revocation propagates within seconds. The practice retains full ownership of the booking system at all times.
04 What does the audit trail capture?
+
Every action: each read of practice availability, each booking attempt (successful or failed), each patient message sent, each webhook received from the booking system, each access by a Retention IQ team member. Logs include practice ID, user ID, timestamp, action type, before/after state, IP address. Retention: 7 years (HIPAA standard). Available to the practice owner in real time via the dashboard.
05 How do you prevent runaway API calls from harming our booking system?
+
Rate-limiting at multiple layers. Maximum 1 read per second per practice. Maximum 6 writes per minute. Maximum 100 reads per hour. Per-practice circuit breaker: if 5 consecutive API errors are detected, all integration pauses for 15 minutes with an alert to the practice. We can never accidentally DDoS your booking system.
06 Do you sign a BAA?
+
Yes. We sign a Business Associate Agreement before any patient data moves. Our infrastructure is HIPAA-compliant: PHI encrypted at rest with AES-256, in transit with TLS 1.3. Patient identifiers are pseudonymized in our internal logs. Outreach drafts never reference specific procedure codes or treatment details. The BAA template is available at /baa.
07 What booking systems do you support?
+
Three integration patterns: deep-link (works with every platform that has a public booking URL — covers 100% of practices), read-only mirror (live availability via API, available for Open Dental, Eyefinity, Boulevard, Vagaro, Mindbody, ServiceTitan, Housecall Pro, DrChrono today), and write-back booking (full two-phase commit, rolling out per platform Q1-Q2 2026). See the depth chart below for current status per platform.

Want to see the architecture running on your platform?

15-minute walkthrough. We'll show you exactly how Pattern A / B / C / D would integrate with your specific booking system — and show you the audit log in real-time.

Start free trial Talk to a person first
15 minutes · no sales pitch Works with your booking platform