ReVerbal Intelligence Pty Ltd. This addendum aligns with the Australian Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), and ST4S requirements. See our Terms and Conditions, Privacy Policy, Sub-processors, AI Transparency, and AI Disclosure.
1. Definitions
- Customer: The school, educator or organisation using the Service.
- Personal Information: As defined under the Privacy Act 1988 (Cth).
- Sensitive Information: As defined under the Privacy Act.
- Processing: Collection, storage, use, disclosure, deletion or other handling of data.
- Subprocessor: Third-party service provider engaged by ReVerbal.
2. Roles of the Parties
The Customer is the data controller. ReVerbal acts as a data processor. ReVerbal processes Personal Information solely on documented instructions from the Customer. This aligns with our Terms and Conditions.
3. Scope and Purpose of Processing
ReVerbal processes:
- Teacher email addresses (account access)
- Transient audio for transcription
- Text transcripts
- Optional AI-generated summaries
- System metadata (session logs, timestamps)
ReVerbal does not:
- Store audio recordings
- Create or retain persistent biometric voice profiles
- Intentionally collect student Sensitive Information
Purpose: Classroom transcription, accessibility support, lesson summarisation.
4. Data Minimisation
ReVerbal limits collection to minimum necessary data for functionality. We do not profile beyond service delivery. We do not use customer data for model training. This supports ST4S AI controls.
5. Security Measures
ReVerbal implements:
- Encryption in transit (TLS 1.2+ / TLS 1.3)
- Encryption at rest (AES-256 equivalent)
- Logical data segregation between customers
- Access controls and least privilege principles
- Secure cloud infrastructure providers
- Incident response plan
6. Subprocessors
ReVerbal uses subprocessors including OpenAI (lesson summaries), Deepgram (speech-to-text), Supabase (database hosting), Render (backend hosting), Netlify (frontend hosting), GitHub (code repository), and Namecheap (domain services). See our Sub-processors page for the full list. ReVerbal will maintain an up-to-date subprocessor list, notify customers of material changes, and ensure contractual safeguards with subprocessors.
7. Cross-Border Disclosure
Personal Information may be processed in Australia (where applicable) and the United States (subprocessors and infrastructure). ReVerbal ensures reasonable steps are taken to ensure subprocessors protect data in accordance with APP 8.
8. Data Retention and Deletion
Transcripts are retained only for the period defined in the Privacy Policy. Audio is processed transiently and not stored. Customers may request deletion. Data is deleted upon account termination, subject to backup cycles.
9. Data Breach Notification
In the event of an eligible data breach under the Notifiable Data Breaches scheme, ReVerbal will notify affected Customers without undue delay and cooperate in investigation and mitigation.
10. Customer Obligations
The Customer is responsible for:
- Obtaining necessary parental or guardian consent
- Ensuring lawful use of transcription in classrooms
- Determining appropriateness of AI outputs
- Compliance with applicable education policies
11. Audit and Information Requests
Upon reasonable written request, ReVerbal will provide information reasonably necessary to demonstrate compliance with this DPA.
Contact support@reverbal.com.au for questions about this addendum.