Reception StarReception Star
Log inGet started — $19

Privacy Policy

Last updated: 7 April 2026

Privacy meme

Short version

We collect what we need to run your practice software. We don't sell it, mine it, or show ads against it. Your practice data is hosted in Australia and encrypted before it's stored. Some services we rely on (email delivery, payment processing) operate internationally.

Who this covers

Reception Star handles health information. Under the Privacy Act 1988, that makes us bound by the Australian Privacy Principles regardless of turnover. We take that seriously.

What we collect

  • Your name, email, and practice details — to create your account
  • Patient records you enter — names, contacts, health IDs, case notes, appointments
  • Invoices, payments, and billing data
  • Technical info — IP address, browser, pages visited, login timestamps

Why we collect it

  • To run the software you're paying for — scheduling, invoicing, reminders, records
  • To send appointment reminders and invoice emails on your behalf
  • To process payments through your chosen payment gateway
  • To detect and prevent abuse, fraud, and unauthorised access
  • To improve the product and fix bugs

We don't use your data for advertising. We don't sell it. We don't profile your patients.

Where your data lives

Practice data (patient records, appointments, invoices, case notes) is hosted on servers in Australia and encrypted before storage — not just at rest.

Some functions rely on third-party services that may process data outside Australia:

  • SMS & email delivery — appointment reminders and invoice emails pass through our messaging providers' infrastructure
  • Payment processing — card payments are handled by your chosen payment gateway (we never store card numbers)
  • DNS and security — web traffic may be routed through a CDN/security provider for protection against attacks

We choose providers with strong privacy practices and data protection commitments. We don't send patient health records to any third party except where necessary to deliver the service you've requested (like sending an SMS reminder to a patient's phone number).

How we protect it

  • Patient records encrypted before storage — we can't read them even when troubleshooting
  • Role-based access — you control who in your practice sees what
  • Immutable audit trail — every create, edit, delete is logged permanently
  • Login attempt tracking and rate limiting
  • Regular backups with encrypted storage

Nothing online is 100% secure. If there's ever a breach affecting your data, we'll notify you and the Office of the Australian Information Commissioner promptly, as required by the Notifiable Data Breaches scheme.

Your rights

You can:

  • Request a copy of your data
  • Correct anything that's wrong
  • Export your records
  • Delete your account and all associated data

Email privacy@receptionstar.com and we'll sort it out. We aim to respond within 14 days.

When we share information

Only when:

  • You've asked us to (eg sending reminders to your patients)
  • The law requires it (valid court order, mandatory reporting)
  • We need to enforce our terms (investigating abuse)
  • A business transfer happens (you'd be notified first)

We don't share patient health information with anyone else. Full stop.

Cookies

We use cookies to keep you logged in and remember your preferences. No tracking cookies, no advertising cookies, no third-party analytics cookies.

Data retention

We keep your data while your account is active. If you close your account, we delete your practice data within 30 days. Some records (like payment transaction logs) may be retained longer where required by tax or financial reporting law.

Changes to this policy

If we make significant changes, we'll email you.

Complaints

If you think we've mishandled your data, email privacy@receptionstar.com first. If we can't resolve it, you can lodge a complaint with the Office of the Australian Information Commissioner.

Questions?

Email privacy@receptionstar.com. Happy to help.