Privacy Policy
Last updated: 13 June 2026
Laneway Reception provides an AI phone receptionist that answers calls and books appointments for Australian healthcare clinics. This policy explains what personal information we collect, how we use and protect it, and the choices you have. We handle information in line with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
Contents
1. Who we are
Laneway Reception ("Laneway", "we", "us") is a software service operated from Melbourne, Australia. You can reach us any time at hello@lanewayreception.com.
2. Clinics vs. patients — who controls what
There are two kinds of people whose information we handle, and the relationship is different for each:
- Clinics (our customers). The clinic businesses that subscribe to Laneway. We are responsible for their account information as described below.
- Patients (callers). When a patient phones a clinic that uses Laneway, we process that call on the clinic's behalf. The clinic decides why the information is collected and is the primary custodian of it; Laneway acts as the clinic's service provider. If you are a patient and want to access or delete your information, contact the clinic you called — and we will help them action it.
3. What we collect
From clinics
- Contact and business details: clinic name, your name, email, mobile, timezone.
- Your Cliniko API key, so we can read availability and create bookings in your practice management system. It is encrypted at rest and never shown back to you in full.
- A dashboard password, stored only as a one-way hash (we can never see it).
- Billing details handled by Stripe. We do not store your card number — Stripe does.
- Usage data: number of calls, bookings and other activity, to run your dashboard and billing.
From patients (on the clinic's behalf)
- The caller's phone number.
- The call audio recording, a written transcript, and an AI-generated summary.
- Details needed to make a booking — typically name and the appointment requested. This is written into the clinic's Cliniko account.
4. How we use it
- To answer calls, check availability, and make, change or cancel bookings.
- To show the clinic its call history, recordings, transcripts and statistics.
- To send appointment-related SMS on the clinic's behalf (e.g. waitlist offers, no-show follow-ups), each with an opt-out.
- To bill the clinic and provide support.
- To keep the service secure, diagnose faults, and meet legal obligations.
We do not sell personal information, and we do not use patient call content to advertise to anyone.
5. Calls & recordings
Calls handled by the AI receptionist are recorded and transcribed so the clinic has an accurate record of what was discussed and agreed. Clinics are responsible for telling their patients that calls may be recorded, as required by law. Recordings and transcripts are encrypted and accessible only to the clinic that received the call (through their secure dashboard) and to Laneway staff where strictly necessary to operate or support the service.
6. Who we share information with
We use a small number of trusted providers ("sub-processors") to run the service. Each only receives what it needs for its function:
| Provider | Purpose |
|---|---|
| Cliniko | The clinic's practice management system — where bookings are read and written |
| Twilio | Phone numbers and SMS delivery |
| Vapi | Voice AI platform (including speech-to-text and language-model processing of the call) |
| Stripe | Subscription payments and card handling |
| Railway | Application hosting and database |
| Cloudflare | Website delivery and DNS |
| Resend | Our internal operational email alerts |
Some providers may process or store data outside Australia. We otherwise disclose information only where required by law, or to protect our rights or someone's safety.
7. How we protect it
- Encrypted in transit (HTTPS everywhere) and sensitive fields encrypted at rest — including Cliniko keys, call transcripts, summaries, recordings and phone numbers.
- Dashboard passwords are hashed, never stored in plain text.
- Each clinic can only ever access its own data; access is enforced on the server, not just hidden in the interface.
- Login protection against brute-force attempts, secure session cookies, and signed/verified payment and telephony webhooks.
- Regular encrypted backups of the database.
8. How long we keep it
- Clinic account data: kept while you have an active subscription. If you cancel, we keep your data for 30 days so you can resubscribe without losing anything, then it is permanently deleted and your phone number is released for reuse.
- Call recordings: retained for a limited window and then automatically deleted.
- We may keep limited records longer where the law requires it (for example, basic billing records).
9. Your rights
Under the Australian Privacy Principles you can ask to access the personal information held about you and to correct it if it's wrong. You can also raise a privacy concern with us at any time.
- Clinics: contact us directly at hello@lanewayreception.com.
- Patients: please contact the clinic you called (they hold your booking and are your first point of contact). We will support the clinic in responding.
If you're not satisfied with how we handle a privacy issue, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
10. SMS messages
Where a clinic uses our outbound messaging, recipients can opt out at any time by replying STOP, in line with the Spam Act 2003. We record and honour these opt-outs.
11. Cookies & analytics
Our clinic dashboard uses a single essential, secure session cookie to keep you logged in. Our public website uses Google Analytics to understand visits and improve the site; you can block analytics cookies in your browser. We don't use advertising or cross-site tracking cookies.
12. Changes & contact
We may update this policy as the service evolves; the "Last updated" date above will change. For anything privacy-related, email hello@lanewayreception.com.