Reception StarReception Star
Log inGet started — $19

Security

Last updated: 7 April 2026

You're trusting us with patient records. It's serious business.

Security meme

Your data is yours

We look after it, but you own it. Export everything at any time. Close your account and we delete it within 30 days. No hostage situations.

Encrypted before it's stored

Most practice software encrypts your database the way a storage unit encrypts its building — lock on the front door, everything inside in plain sight. They call it "encrypted at rest." It means the hard drive is encrypted. The database itself? Plaintext. Anyone with server access — a rogue employee, a cloud provider, a breach — reads everything.

We do it differently.

Patient names, dates of birth, contact details, health identifiers, case notes, payment records — each sensitive field is encrypted individually, with its own key, before it's written to the database. Over 60 fields across your practice data. If someone copied the entire database file and opened it, they'd see gibberish where your patient data should be.

No other Australian practice management software mention that they do this.

All traffic between you and Reception Star is encrypted in transit using TLS. That bit's standard. The field-level encryption is not. We're next level.

Hosted in Australia

Your practice data lives on servers in Australia. Not overseas. Not "with an Australian presence." Actually here, on Australian infrastructure.

Backups are encrypted too

Most software backs up to their cloud provider's storage. The provider can read it. Their staff can read it. A breach of the provider exposes everything.

Our backups are encrypted with a separate key on our server before they leave. The storage provider receives ciphertext. They can't read it. Nobody can — except us, with the key, in a disaster recovery situation. Not even if they're compelled by a court order directed at the storage provider, because the provider genuinely doesn't have the key.

We take backups every 15 minutes on a rolling 90-day window. If something goes wrong, we can restore to any point within that period.

Access controls

  • Role-based permissions — you decide who in your practice sees what
  • Every login, edit, and deletion is logged in an immutable audit trail
  • Failed login attempts are tracked and rate-limited
  • Sessions expire after inactivity

What we don't do

  • We don't sell your data
  • We don't mine it for insights
  • We don't show ads against it
  • We don't access patient records unless you explicitly ask us to for support
  • We don't use your data to train AI models

Australian Privacy Principles

Reception Star handles health information. Under the Privacy Act 1988, we're bound by the Australian Privacy Principles regardless of our size. We provide the tools — encryption, access controls, audit trails, consent tracking — to help your practice stay compliant too. See our privacy policy for full details.

Things you can do

  • Use a strong, unique password for your account
  • Review who has access to your practice regularly
  • Keep your browser up to date
  • Log out when you're done, especially on shared computers

Found something?

If you've found a security issue, please email security@receptionstar.com. We take every report seriously and will respond promptly.

Questions?

Email security@receptionstar.com. Happy to talk through anything.