Who we are
Nightshift Lane (ABN 45 280 632 686) is a digital operations partner based in Margaret River, Western Australia. We work with small businesses across Australia, mostly remotely.
The short version
We collect the minimum information needed to do our work for you. We never sell your data. We do not use behavioural tracking or advertising cookies. The longer detail below explains what data we hold, why, who else touches it, how long we keep it, and how you ask for it back or deleted.
What we collect, and why
We collect personal information only when you provide it directly:
- Free website audits at /audit: business name, website URL, email address, optional phone number. Used to run the audit, deliver the report, and follow up if you ask us to.
- Calls to our AI receptionist (currently +61 8 6615 7784): your caller ID (the phone number you called from), a transcript of what was said, and a short AI-generated summary. Used so Mark can call you back, and to maintain the service. Recordings are not retained beyond the call summary.
- Contact and enquiry forms: your name, email address, and the content of your message. Used to respond to you.
- Client engagements: business name, ABN, contact details, billing information, and technical credentials necessary to manage your services (domain registrar, DNS, hosting, mail provider, CMS, Google Business Profile). Used to do the work we have been engaged to do.
- Standard server logs: IP address, browser, page requested, timestamp. Used for security monitoring and to identify abuse. Not used for analytics or advertising.
We do not use behavioural tracking cookies. We do not load third-party advertising or analytics scripts (no Google Analytics, no Meta Pixel, no LinkedIn Insight Tag). Strictly necessary cookies may be set for session management when you interact with forms.
Third-party services we use
We run on a small number of trusted providers. Each has its own privacy policy linked below. We share only what each provider needs to do its job.
- Vercel hosts our website and our customers' websites. Standard server logs only. Vercel Privacy Policy.
- Cloudflare manages DNS, SSL, and DDoS protection. Standard DNS and edge logs. Cloudflare Privacy Policy.
- Neon hosts the Postgres database holding audit submissions, client data, and AI receptionist call records. Neon Privacy Policy.
- Resend delivers transactional email (audit reports, callback confirmations, client invoices). Resend Privacy Policy.
- Stripe processes payments for paid services. Billing data is handled per their policy. Stripe Privacy Policy.
- Twilio provides the phone number for our AI receptionist and handles call routing. Twilio Privacy Policy.
- Vapi powers the voice and language understanding behind our AI receptionist. Vapi Privacy Policy.
- Anthropic provides the Claude language model used by our AI receptionist and our internal tooling. We do not share customer data with Anthropic except where strictly necessary for the model to process a call or audit, and we use API endpoints that do not retain inputs for training. Anthropic Privacy Policy.
How long we keep data
- Audit submissions: 12 months from submission, then deleted unless you have become a client.
- AI receptionist call summaries: 90 days, unless they relate to an active client engagement (then kept for the duration of that engagement).
- Client data: for the duration of the engagement plus 7 years after termination for Australian tax and legal compliance (the ATO record-keeping requirement).
- Server logs: 30 days, then automatically purged.
You can request earlier deletion at any time. We will action within 30 days unless we are legally required to retain specific records (e.g., tax invoices).
Your rights under Australian law
Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you.
- Ask us to correct it if it is wrong.
- Ask us to delete it (subject to legal retention requirements).
- Object to specific uses (for example, declining to be referenced in future case studies).
- Complain to the Office of the Australian Information Commissioner if we have not handled a privacy concern properly. We would much rather hear about it from you first.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
Data breaches
If a notifiable data breach affects your personal information, we will notify you and the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme. We aim to notify you within 72 hours of becoming aware of the breach.
Changes to this policy
When this policy changes materially, we update the "Last updated" date at the top of this page and email active clients. Older versions are available on request.
Contact
If you have questions about this privacy policy, how we handle your data, or want to exercise any of your rights above:
Nightshift Lane
ABN 45 280 632 686
[email protected]
Margaret River, Western Australia