Hello,
Thank you for the follow-up. We're happy to provide full detail on our use case.
Starlight is a purpose-built Electronic Medical Records (EMR) system for Direct Primary Care (DPC) pediatric practices. Each practice subscribes to the platform to manage their patient panel, wellness visits, and billing. Email is used exclusively for patient-family communications on behalf of the medical practice — not for marketing to third parties.
We are a B2B SaaS product: practices (our customers) send emails to their own enrolled patients and prospects via our platform.
Our email volume is inherently low and tied to real clinical and administrative events:
| Email Type | Trigger | Approximate Frequency |
|---|---|---|
| Onboarding welcome | Patient enrolls | Once per patient, ever |
| Wellness visit reminder | AAP milestone checkpoint (9 per child, ages 2mo–18mo) | At most 9× per patient lifetime |
| Wellness visit completed | Visit marked complete | Once per visit |
| Monthly payment reminder | Monthly subscription billing | 1× per patient per month |
| Membership tier change | Patient ages into new tier | 1–2× per patient lifetime |
| Google review request | Manual trigger, 30-day cooldown enforced | At most 1× per 30 days per family |
| Prospect nurture sequence | New lead enters pipeline | 5 emails over 21 days, then stops |
| Birthday | Patient's birthday | 1× per year |
A typical practice has 15–30 active patients. At that scale, a practice might send 50–100 emails per month total. Our largest foreseeable customer (a multi-provider practice) would have ~200 patients, meaning a maximum of ~300–400 emails/month per practice.
Recipient lists are not purchased, rented, or scraped. All recipients fall into one of two categories:
-
Enrolled patients — Families who have signed a membership agreement with the medical practice. Their email is entered at the point of care during enrollment. These are confirmed relationships.
-
Prospects — Families who have expressed interest in the practice (e.g., submitted a contact form or called in). Nurture emails are sent only to prospects who have actively inquired.
The system enforces:
- Multi-tenant isolation — Each practice can only email their own patients (enforced via Row Level Security at the PostgreSQL level)
- Soft deletes — Removed patients are retained for HIPAA audit purposes but excluded from all future sending
- Status-gating — Emails are only sent to patients with
status = 'active'orstatus = 'prospect'with an appropriate pipeline stage
We are building full SES event handling as part of our production launch:
- Bounces: We will subscribe to SES bounce notifications via SNS. Hard bounces will immediately suppress the address in our database and stop all future sends to that address. Soft bounces will be logged and retried per SES best practices.
- Complaints: Complaint notifications from SES will trigger immediate suppression of the complainant's address across all future sends, with a flag on the patient record.
- Unsubscribes: All outgoing emails will include a one-click unsubscribe link (CAN-SPAM compliant). Unsubscribe actions will be written back to the patient record and respected by all future automated sends.
- Suppression List: We will maintain a practice-level suppression list fed by bounce, complaint, and unsubscribe events and will honor SES's account-level suppression list.
Example 1 — Wellness Reminder:
Subject: Time for {{patient_name}}'s 6-Month Wellness Visit!
Hi {{parent_name}}, It's time for {{patient_name}}'s 6-month AAP wellness checkup at Starlight Pediatrics. Please contact us to schedule — as a DPC member, this is included in your {{tier_name}} plan.
Example 2 — Onboarding Welcome:
Subject: Welcome to Starlight Pediatrics, {{parent_name}}!
We're so excited to welcome {{patient_name}} to our practice. Your first wellness visit is scheduled, and your {{tier_name}} membership covers all routine visits for just {{monthly_fee}}/month. We look forward to seeing you!
Example 3 — Prospect Nurture Step 1:
Subject: A different kind of pediatric care for {{patient_name}}
Hi {{parent_name}}, Direct Primary Care means no surprise bills, same-day access, and unlimited messaging with your doctor — all for a simple monthly membership fee. We'd love to tell you more.
All email content is controlled by the medical practice using editable templates with named merge tags. No dynamic content is generated from user input without sanitization.
This platform handles Protected Health Information (PHI). We are deploying on AWS HIPAA-eligible services (SES, Lambda, Aurora, Cognito) under a signed Business Associate Agreement. Email content is clinical in nature and limited to practice-to-patient communications.
We're happy to provide additional detail, sample templates, or architecture diagrams if helpful.