Legal

Privacy Policy

Last updated: January 2025

Overview

Abby is an SMS interpretation service for Cliniko users. We take privacy seriously — especially when it comes to patient data. This policy explains what data we collect, how we use it, and how we protect it.

The short version: We read SMS replies to determine confirmation status, then delete the SMS content immediately. We don't store patient information, and your data never leaves Australian servers.

What data we collect

From you (the clinic)

  • Account information: Email address, clinic name, and billing details when you subscribe
  • Cliniko connection: OAuth tokens to access your Cliniko account (read-only)

From Cliniko (on your behalf)

  • Appointment data: Appointment IDs, times, and practitioner assignments — used to match SMS replies to the correct appointments
  • SMS content: The text of incoming SMS replies to appointment reminders

How we use your data

We use your data solely to provide the Abby service:

  1. Receive incoming SMS replies from Cliniko
  2. Interpret the message using our AI model to determine intent (confirmed, cancelled, needs attention)
  3. Post the interpretation to the appointment notes in Cliniko
  4. Display confirmation status in the Chrome extension

We do not use your data for marketing, sell it to third parties, or use it to train AI models.

Data retention

  • SMS content: Deleted immediately after interpretation (typically within seconds)
  • Appointment IDs: Retained for up to 48 hours to track processing status, then deleted
  • Account information: Retained while your account is active, deleted within 30 days of account closure

We don't store patient names, phone numbers, or health information.

Data security

  • Location: All data is processed and stored on Australian servers (AWS Sydney)
  • Encryption: Data is encrypted in transit (TLS) and at rest
  • Access: Our Cliniko integration is read-only — we can read SMS replies and write to appointment notes, but cannot modify appointments, send messages, or access other clinic data

AI and data processing

Abby uses a proprietary AI model to interpret SMS messages. We do not use third-party AI services like OpenAI, Google, or similar. Your patient data:

  • Never leaves our Australian servers
  • Is not used to train external AI models
  • Is not shared with any third parties

Chrome extension permissions

The Abby Chrome extension requires permission to modify the Cliniko calendar page to display confirmation colours. It can only access cliniko.com domains and does not access any other websites or data on your computer.

Your rights

You can:

  • Access your data: Request a copy of the account information we hold
  • Delete your account: Contact us to close your account and delete all associated data
  • Disconnect Cliniko: Revoke Abby's access through your Cliniko settings at any time

Third-party services

We use the following third-party services:

  • AWS (Sydney region): Cloud hosting and data storage
  • Stripe: Payment processing (we don't store your card details)
  • Cliniko: Practice management integration

Changes to this policy

We'll notify you by email if we make significant changes to this privacy policy. Minor clarifications may be made without notice.

Contact

Questions about privacy? Email us at hello@abby.clinic