Legal

Privacy Policy

How Nexlane Solutions collects, uses, stores, and protects your personal and clinical data.

Effective Date: January 1, 2025. Last Updated: July 2025.

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Data Storage and Security
  5. HIPAA Compliance for United States of America Clients
  6. Pakistan Data Handling
  7. Third Party Services
  8. Cookies
  9. Your Rights
  10. Data Retention
  11. Children
  12. Changes to This Policy
  13. Contact Us

Important: Nexlane Solutions deploys its software on your clinic's own hosting infrastructure. Patient and clinical data is stored on your server, not ours. We do not access your patients' records unless you explicitly share them for technical support.

1. Who We Are

Nexlane Solutions is a software and services company providing AI powered business solutions. We operate from two offices: Montana, United States of America (headquarters) and Gulberg Green, Islamabad, Pakistan (regional office).

This Privacy Policy applies to our website at nexlane.online, our software products, and all associated services.

2. Data We Collect

From website visitors and business inquiries:

  • Name, email address, and phone number submitted through our contact forms
  • Country and business details you share voluntarily
  • Usage data such as pages visited and time on site, collected anonymously
  • IP address and device information for security purposes

Through our clinic software on behalf of clients:

  • Patient names, contact numbers, and email addresses
  • Appointment dates, times, service types, and statuses
  • Medical history, allergies, medications, and dental records
  • Billing and invoice information
  • Staff login credentials, stored in encrypted form

All clinical data processed through our software is stored on the client clinic's own hosting, not on Nexlane's servers.

3. How We Use Your Data

  • To respond to business inquiries and schedule demos or consultations
  • To deploy, configure, and maintain software for clinic clients
  • To send automated appointment communications on behalf of clinics
  • To provide technical support when requested by clients
  • To improve our products and services
  • To comply with applicable laws and regulations

We do not sell, rent, or trade personal data to any third party for marketing or commercial purposes.

4. Data Storage and Security

We implement the following security measures across our platform:

  • All data transmitted over HTTPS with TLS encryption
  • Passwords stored using industry standard hashing algorithms
  • API access protected by secure service keys
  • Role based access control limiting staff to their permitted functions
  • Regular security reviews of the platform codebase

Clinical software is deployed on the client's own hosting. Nexlane does not retain copies of patient data from deployed clinic instances. The clinic operator is responsible for the security of their hosting environment.

5. HIPAA Compliance for United States of America Clients

For United States of America based dental and healthcare clients, Nexlane provides a deployment model designed to meet the requirements of the Health Insurance Portability and Accountability Act.

Our United States of America deployment includes:

  • Software deployed on the clinic's own HIPAA eligible hosting infrastructure
  • Patient communications delivered only through HIPAA compliant channels
  • No use of messaging platforms that do not offer Business Associate Agreements for Protected Health Information
  • Secure SMS messaging gateway for appointment reminders and notifications
  • AI booking handled through the clinic's own website using a secure chatbot
  • Full audit logging of all data access and system changes
  • Staff access strictly controlled by role

Note on Messaging Platforms: Meta and WhatsApp do not currently offer HIPAA Business Associate Agreements. For this reason, our United States of America deployments do not use WhatsApp for any patient communications that involve Protected Health Information. United States of America clinics use our HIPAA compliant SMS gateway and website AI chatbot instead.

Clinic operators in the United States of America remain responsible for ensuring their hosting environment meets all applicable HIPAA technical safeguard requirements.

6. Pakistan Data Handling

For Pakistan based deployments, patient data is stored on the clinic's own hosting server. Nexlane's software communicates with patients via the WhatsApp Business Platform and email for booking confirmations and reminders.

Clinic operators in Pakistan are encouraged to inform their patients that their contact information is used for appointment communication purposes.

7. Third Party Services

Our platform integrates with the following third party services. Each has its own privacy policy governing how they handle data:

  • OpenAI: Used for natural language understanding in the AI booking assistant. Patient conversation inputs are processed to determine intent.
  • Anthropic Claude: Used in certain AI workflow components.
  • Meta WhatsApp Business Platform: Used for patient messaging in Pakistan deployments only.
  • Google Workspace: Used for automatic appointment data backup when configured by the client.
  • n8n Automation: Used to run background automation workflows within the client's own infrastructure.
  • HIPAA Compliant SMS Gateway: Used for appointment reminders in United States of America deployments.

8. Cookies

Our website uses minimal cookies. Essential cookies are required for the website to function and cannot be disabled. Analytics cookies collect anonymous usage data with no personally identifiable information. We do not use advertising, retargeting, or tracking cookies of any kind.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, or export personal data we hold about you, and to object to certain types of processing. To exercise any of these rights, contact us at contact@nexlane.online.

For patients of clinics using Nexlane software, requests about your health records should go directly to your dental clinic, as they are the data controller for that information.

10. Data Retention

We retain personal data only as long as necessary. Contact form submissions are kept for two years. Business client records are kept for the duration of the agreement plus five years for legal compliance. Clinical data in deployed clinic systems is retained according to the clinic operator's own policies and applicable regulations.

11. Children

Our website and services are directed at businesses and professionals, not individuals under 18. We do not knowingly collect personal data from children through our website. Note that dental clinics may treat minor patients; data for those patients is subject to the clinic's own privacy practices and local law.

12. Changes to This Policy

We may update this policy periodically. When we do, we will update the date at the top of this page and notify active clients of material changes by email. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Privacy Enquiries

For any questions, requests, or concerns about this policy or how we handle your data:

Email: contact@nexlane.online

Technical inquiries: ai@nexlane.online

Phone, United States of America: +1 929 730 9588

Phone, Pakistan: +92 322 888 026

Address: Gulberg Green, Islamabad, Pakistan and Montana, United States of America

We aim to respond to all privacy related enquiries within five business days.