Privacy Policy
Last updated: October 2025
This Privacy Policy explains how Reportr collects, uses, stores, and shares your personal information. It includes region‑specific provisions for Australia, the UK, the EEA, and Switzerland.
At a glance
- Who we are: Reportr, Sydney, NSW, Australia.
- What we do: AI‑powered tools for financial advisors to process meeting recordings, transcripts, and uploaded documents to automate documentation and generate compliant reports.
- Your control: Access, correction, deletion, and marketing opt‑outs are supported (see regional rights below).
- AI data handling: No model training, no data retention by our AI partners. Processing is transient and purpose‑limited.
- Security: Encryption in transit and at rest, RBAC, auditing, and Azure‑hosted infrastructure in Australia.
Contents
- 1. Introduction and Scope
- 2. Meaning of Personal Information
- 3. What We Collect, How We Collect It, and What We Do With It
- 4. Anonymised and Aggregated Data
- 5. Use of Cookies and Similar Tracking Technologies
- 6. Security Measures
- 7. How Long We Keep Your Personal Information
- 8. Where Your Personal Information is Stored
- 9. Who We Share Your Personal Information With
- 10. Unsubscribing to Marketing Messages
- 11. What Happens If Personal Information is Not Provided
- 12. Contacting Us and Complaints
- Additional clauses: Australia
- Additional clauses: UK, EEA, Switzerland
1. Introduction and Scope
1.1 We are Reportr, located in Sydney, NSW, Australia ("we", "us", and "our").
1.2 Reportr is an AI‑powered platform for financial advisors that processes meeting recordings, transcripts, and uploaded documents to automate documentation tasks, create unified client records, and generate compliant financial advisory reports (the "Reportr Service"). The term "Reportr Service" in this Privacy Policy includes any associated products or services that we may offer from time to time. Reportr maintains a website at reportr.ai (the "Site") which includes information about Reportr and the Reportr Service.
1.3 For those who purchase or otherwise interact with us or the Reportr Service, all visitors to the Site, and all other individuals with whom we communicate in the course of running our business (each referred to as "you" and "your"), we are the controller of your Personal Information. This means that we decide which information and Personal Information we collect, and how to use it. The measures and rights set out in this Privacy Policy apply only where we are the controller of your Personal Information. Where we process Personal Information on behalf of third parties, we have Data Processing Agreements in place to cover our handling of that data (where legally required).
1.4 Our commitment to AI data privacy
- Your data is processed by our AI partners (OpenAI) solely to provide service functionality — transcription and report generation for your specific requests.
- Your data is not stored by our AI partners after processing is complete.
- Your data is not used to train or improve AI models — we have configured our enterprise API integration to enforce zero data retention.
- All AI processing is transient — your meeting transcripts, client information, and reports are processed in real‑time and immediately discarded by our AI partners.
This means your sensitive client data remains under your control and is only temporarily processed to deliver the service you request.
Changes to this policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or other factors. We will post the updated policy on our Site and encourage you to review it periodically.
2. Meaning of Personal Information
2.1 Under the Australian Privacy Act 1988 (Cth) ("APA"), "Personal Information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
2.2 Under the General Data Protection Regulation (EU) 2016/679 ("GDPR"), and the retained version of the same regulation in the UK ("UK GDPR"), "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.3 For the purposes of this Privacy Policy, we use the term "Personal Information" to refer to:
2.3.1 Personal Information as defined in the APA; and
2.3.2 Personal Data as defined in the GDPR and the UK GDPR.
2.4 If you are a resident of the UK or the EEA, your rights will be applicable only in respect of Personal Data, as defined above (even though, as explained above, we will use the term "Personal Information" to refer to this). If you are resident of Australia, your rights will be applicable only in respect of Personal Information, as defined in the applicable legislation above.
3. What We Collect, How We Collect It, and What We Do With It
3.1 The Personal Information we collect from you, and how we collect it, will depend on the service you are purchasing and the way you interact with us.
3.2 The table below sets out what we collect, how we collect it and what we do with it. We may state a more specific additional purpose when we collect your Personal Information.
3.3 In some jurisdictions (in particular the UK and EEA), we are required to identify a legal justification (also known as a "Lawful Basis") for collecting and using your Personal Information, in addition to describing the purpose. There are six Lawful Bases that organisations can rely on. The most relevant of these to us are where we use your Personal Information to:
3.3.1 Fulfil a contract that we have with you as an individual ("Contract");
3.3.2 Comply with our legal obligations ("Legal Obligation");
3.3.3 Pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms ("Legitimate Interests"); or
3.3.4 Do something for which you have given your consent ("Consent").
Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms.
Below includes the Lawful Basis we rely on when we process your Personal Information, which will be applicable only to UK and EEA Data Subjects.
Information Collection Table
Tip: On smaller screens these tables scroll horizontally.
| What we collect | How we collect it | Purpose(s) for which it is used | Lawful Basis |
|---|---|---|---|
| Visitors | |||
| Any information you provide to us voluntarily such as name, phone number, email address, company name, and job title | When you provide it to us voluntarily through enquiring about our services (including through our online form), by subscribing to marketing communications or giving us feedback | The purpose specified when provided to us; to provide you with current information about the Reportr Service, special offers you may find of interest, or new products or services being offered by us; to respond to customer enquiries | Consent |
| Technical data including the type of browser you are using, device information and your IP address | Some of this data is collected through cookies (see cookie notice below); automatically when you browse the Site | To provide you with access to the Site; enhance security and prevent fraud; monitor service integrity; make improvements to the Site; perform routine analysis on the performance of our services and business more generally; administer or perform our contract with service providers; protect our business and defend ourselves against legal claims | Legitimate Interests |
| Customers | |||
| Information you provide to us in order to purchase the Reportr Service such as name, phone number, email address, company name, and job title | When you input the information on the Site in order to sign up to the Reportr Service | To provide the Reportr Service to you (including technical support); process payment information in connection with any contract we have with you; respond to customer enquiries; perform accounting, billing and other administrative and operational functions; send you updates about the Reportr Service you have purchased; customer support; enhance security and prevent fraud | Contract |
| Login details | Through cookies | To verify your identity (login) and make logging in easier (remembering your username) | Legitimate Interests |
| Calendar details, meeting details, meeting attendee names and email addresses | From third parties – Google, Microsoft or other third party (as applicable) when you integrate your Google and/or Microsoft accounts to the Reportr Service | To sync calendars and schedule consultations; enable automated meeting recording and transcription; contribute to a unified client record for analysis; enable AI‑driven analysis across the complete client record | Contract |
| Meeting recordings (audio), meeting transcripts, client names and contact information | From your direct input, uploads into the Reportr Service, or automated recording via Recall.ai integration with Zoom/Teams meetings | To transcribe meeting audio using AI (OpenAI Whisper); create a unified client record by aggregating all associated meetings, notes, and documents; enable AI‑driven report generation for financial advisory documents | Contract |
| Client‑related documents and other information you choose to upload | From your direct input and uploads into the Reportr Service | To create a unified client record by aggregating all associated meetings, notes, and documents; enable AI‑driven analysis across this entire unified client record for report generation | Contract |
| Name, phone number, email address, company name, and job title | When you input the information on the Site in order to sign up to the Reportr Service | To provide you with current information about the Reportr Service, special offers you may find of interest, or new products or services being offered by us, through our newsletter or otherwise | Consent |
| Billing information including payment card details, billing address | When you subscribe to a paid plan | To process subscription payments via Stripe; manage your subscription and billing | Contract |
3.4 In addition to the Lawful Bases set out in the table above, we may use your Personal Information (however collected) to fulfil a Legal Obligation if processing is necessary:
3.4.1 to record your preferences (e.g. marketing) to ensure that we comply with applicable data protection laws;
3.4.2 where we are required to assist government and law enforcement agencies or regulators;
3.4.3 where we retain information to enable us to bring or defend legal claims; and/or
3.4.4 where we are required to assist government and law enforcement agencies or regulators, including in relation to any eligible data breach declarations by any of them.
4. Anonymised and Aggregated Data
We may anonymise the Personal Information we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users use specific features or templates). Data protection laws do not govern the use of aggregated data and the various rights described below do not apply to it.
5. Use of Cookies and Similar Tracking Technologies
5.1 Cookies are small text files that we store on your browser, or the hard drive of your computer, if you agree. Cookies collect data which includes Personal Information.
5.2 We use our own cookies, and similar tracking technologies, to enhance user experience, provide security, and improve our services. We also use third party cookies. The following cookies (or similar technologies) are used on our Site:
5.2.1 Essential cookies. Required for the core functionality of the Site (e.g. authentication and security functions). These are always enabled.
5.2.2 Preference cookies. Recognise you when you return to the Site, personalise content, and remember your preferences.
5.2.3 Performance cookies. Help us understand how visitors interact with the Site (e.g. time on site; repeat visits) to improve service functionality.
6. Security Measures
6.1 We take the security of your Personal Information seriously. We implement technical and organisational measures to protect against unauthorised access, disclosure, and loss of data, including:
6.1.1 Encryption: all data at rest is encrypted using AES‑256. Data in transit is protected by TLS 1.2/1.3.
6.1.2 Access controls: role‑based access control for internal systems, regular access audits and reviews, and principle of least privilege for employee access.
6.1.3 Cloud security: secure cloud infrastructure hosted on Microsoft Azure in Australia with network isolation and firewall protection.
6.1.4 Monitoring: audit trails retained for a minimum of one year and regularly reviewed for compliance and security monitoring.
6.2 If there is an incident that has affected your Personal Information, we will investigate it, take steps to contain it, notify the appropriate regulator and keep you informed (where required under applicable data protection law).
7. How Long We Keep Your Personal Information
7.1 We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for.
7.2 To decide how long to keep Personal Information (also known as its retention period), we consider the volume, nature, and sensitivity of the Personal Information, the potential risk of harm to you if an incident were to happen, whether we require the Personal Information to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records for tax authorities).
7.3 If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you.
7.4 Upon account deletion, we retain your data for 90 days for retrieval purposes, after which it is permanently deleted. Backup copies are deleted within 180 days. Billing records are retained for 7 years as required by law.
7.5 AI Partner Data Retention. Data sent to our AI partners (OpenAI) for processing is not stored after processing is complete. We have configured our enterprise API integration with OpenAI to ensure:
- Zero data retention: Your data is processed only to generate the requested output and is not retained in OpenAI's systems.
- No model training: Your data is not used to train or improve OpenAI's models.
- Transient processing only: Data is processed in real‑time to provide transcription and report generation, then immediately discarded.
This means your meeting transcripts, client information, and report content are only temporarily processed to provide the service functionality and are not stored by our AI partners thereafter.
8. Where Your Personal Information is Stored
8.1 Your personal information is primarily stored in Australia using Microsoft Azure Australia regions (Australia East and Australia Southeast).
8.2 However, like most organisations, we use various services and tools and we collaborate with our affiliates and business partners in countries different to your country of residence, including Australia, the US, UK and EU, and we may transfer your personal information as a result. Each recipient is subject to appropriate safeguards such as due diligence and standard contractual clauses or similar contractual provisions for international transfers of personal information.
9. Who We Share Your Personal Information With
9.1 We may share your Personal Information with the organisations listed below, for the specified reasons.
9.2 As outlined in the region specific sections below, this may involve transfers overseas.
9.3 When we share your Personal Information with third parties to process your Personal Information on our behalf, we ensure that an appropriate Data Processing Agreement is in place, where required under applicable data protection laws.
9.4 We can provide more detailed information about our specific service providers, their data processing locations, and retention periods upon request. Please contact us at info@reportr.ai for such information.
Third‑party categories
| Category of Third Party | Reason for Sharing Your Personal Information |
|---|---|
|
Service providers used for business operations including: infrastructure services (data storage, cloud hosting, backup services), security and authentication services (user authentication, web security), communication services (email, calendar integration), operational services (workflow management, monitoring, logging), and meeting recording and transcription services. Our current providers include: Microsoft Azure; Google (for SSO and Calendar integration); Microsoft (for SSO and Calendar integration); Recall.ai (for meeting recording automation); Stripe (for payment processing). Some of these organisations will store your Personal Information only where required for service functionality and for as long as necessary to provide those services. | We rely on these providers to conduct our business |
| AI / Large Language Model Providers — We partner with OpenAI as our primary large language model (LLM) provider to enable AI features within the Reportr Service. Data Processing Only: Your data is processed by OpenAI solely to provide service functionality (transcription, report generation). We have configured our integration to ensure that: data is processed only to generate outputs for your specific requests; data is not stored by OpenAI after processing is complete; data is not used to train or improve OpenAI's models; zero data retention is enforced through our enterprise API configuration. | To provide core AI‑driven functionalities such as meeting transcription (OpenAI Whisper), AI‑powered report generation, and document analysis |
| Any authorised government or regulatory or self‑regulatory authority or enforcement agency | Compliance with legal obligations; protection of rights, property or safety of Reportr, its clients or others |
| Professional advisers or contractors, such as our auditors, accountants, lawyers or other professional consultants | To obtain relevant advice in running our business |
| As part of or in connection with a sale of our business, or a merger, reorganisation, investment, change in control, transfer of substantial corporate assets, liquidation or similar transaction | For the purposes of the relevant transaction |
| Any other person authorised by you | For the purpose authorised by you |
10. Unsubscribing to Marketing Messages
10.1 You can opt out of marketing and sales communications at any time by clicking on the unsubscribe or opt‑out link in the marketing e‑mails or messages we send you. You can also contact us at info@reportr.ai.
11. What Happens If Personal Information is Not Provided
11.1 Where we require certain Personal Information from you in order to provide a service to you, and you choose not to provide us with that Personal Information, we may not be able to provide our services to you, or aspects of those services. If this is the case, we will inform you.
12. Contacting Us and Complaints
12.1 If you have questions, requests or concerns about your Personal Information or this Privacy Policy, please email us at info@reportr.ai or write to us at Sydney, NSW, Australia.
12.2 We will take such steps as are reasonable to investigate any issues within a reasonable time of receipt. We will give you written notice of the investigations which have been carried out and the outcome.
12.3 Whilst you are entitled to submit a complaint to your local protection authority (in applicable jurisdictions) with any concerns, we would encourage you to contact us first so that we can try to address your concerns.
ADDITIONAL CLAUSES APPLICABLE TO RESIDENTS OF AUSTRALIA
The following applies if you are located in Australia. If there is any inconsistency between this section and the rest of the Privacy Policy, this section will prevail.
13. Scope
13.1 As mentioned in paragraph 2.4 above, if you are a resident of Australia, your rights in this Privacy Policy are only applicable only in respect of Personal Information, as defined in the APA.
13.2 If there is any inconsistency between this "Additional Clauses Applicable to Residents of Australia" section and the rest of the Privacy Policy, this section will prevail.
14. Transfers of Personal Information Out of Australia
14.1 Your Personal Information may be transferred overseas or stored overseas for a variety of reasons (including processing by OpenAI in the United States). If we transfer your Personal Information to a recipient in a country with data protection laws which are at least substantially similar to the Australian Privacy Principles ("APP"), and where there are mechanisms available to you to enforce protection of your Personal Information under that overseas law, we will not be liable for a breach of the APP if your Personal Information is mishandled in that jurisdiction.
15. Notifiable Data Breach Scheme ("NDBS") Pursuant to the APA
15.1 If there is a data breach and we are required to comply with the NDBS, we will take all reasonable steps to contain the suspected or known breach where possible and follow the process set out in this clause.
15.2 If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach, or sooner, if possible. We will follow all guidance published by the Office of the Australian Information Commissioner ("OAIC") in making this assessment. If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved, or that any remedial action we take is effective in preventing serious harm from becoming likely, then we will not notify the affected individuals or the OAIC.
16. Your Rights Under the APP and the APA
16.1 If you are a resident of Australia, your data protection rights are as follows:
16.1.1 You can request access to your Personal Information, subject to certain exceptions. For example we may, in accordance with the APP, refuse to provide you with access if, for instance, granting you access would have a negative impact on the privacy of another person.
16.1.2 You can request corrections to any inaccurate, outdated, incomplete or misleading information regarding your Personal Information. If you request correction, we will address it within a reasonable timeframe and notify you of the outcome.
16.1.3 We have an independent obligation to take reasonable steps to correct information that is inaccurate, out‑of‑date, incomplete, irrelevant or misleading.
16.1.4 You can ask us to delete or de‑identify your Personal Information if there is no good reason for us to continue holding it.
16.1.5 You can ask to have your Personal Information, where technically feasible, sent to another organization, where we hold this Personal Information with your consent or for the performance of a contract with you.
16.1.6 You can ask us not to send you any marketing materials. However, we may still send you newsletters and updates about your account, if you are a business contact.
16.1.7 If you are unhappy with the way we collect and use your Personal Information, you can complain to the OAIC, but we would encourage you to contact us first so that we can try to address your concerns.
16.2 To contact us or submit requests in relation to any of the above, please email info@reportr.ai with full details of your request. Please note that we may ask you to verify your identity before responding to such requests. If your request is particularly complex or requires a detailed search, we may charge you for dealing with it. Any such charge will be fair and reasonable, and we will let you know in advance what it is.
16.3 If your request relates to unsubscribing or opting out of marketing, you can contact us on info@reportr.ai.
17. Automated Decision Making
17.1 We do not carry out any automated decision‑making processes that have legal or similarly significant effects on individuals.
ADDITIONAL CLAUSES APPLICABLE TO RESIDENTS OF THE UK, THE EEA OR SWITZERLAND
The following applies if you are located in the UK, the EEA or Switzerland. If there is any inconsistency between this section and the rest of the Privacy Policy, this section will prevail.
18. Scope
18.1 As mentioned in paragraph 2.4 above, if you are a resident of the UK, the EEA or Switzerland, your rights in this Privacy Policy are only applicable only in respect of Personal Data, as defined in the EU and UK GDPR. For the purposes of this Privacy Policy, we are using the term "Personal Information" to refer to Personal Data.
18.2 If there is any inconsistency between this "Additional Clauses Applicable to Residents of the UK, the EEA Or Switzerland" section and the rest of the Privacy Policy, this section shall prevail.
19. International Data Transfers
19.1 We only transfer your Personal Information overseas where we are able to comply with applicable data protection laws. If you are located in the UK, the EEA or Switzerland (the "GDPR Area"), and we transfer your Personal Information outside of the EEA, UK or Switzerland, we will take appropriate measures to ensure that the recipient protects your Personal Information adequately in accordance with this Privacy Policy and all applicable UK, EU and Swiss data protection laws. These measures may include:
19.1.1 Ensuring that there is an adequate decision in respect of the country to which the Personal Information is being transferred, which means that the applicable authority of the GDPR Area has concluded that the laws and practices of the destination country provide adequate protection for Personal Information.
19.1.2 The use of standard model contractual arrangements with the recipient of Personal Information which have been approved by the UK Information Commissioner, the European Commission or the Swiss Supervisory Authority, as appropriate (these are known as Standard Contractual Clauses, or SCCs).
19.1.3 The EU‑U.S. Data Privacy Framework ("EU‑U.S. DPF"), the UK Extension to the EU‑U.S. DPF and the Swiss‑U.S. Data Privacy Framework.
20. Your Rights Regarding Personal Information
20.1 If you are a resident of the GDPR Area, your data protection rights are as follows:
20.1.1 You can request access of your Personal Information.
20.1.2 You can ask us to correct your Personal Information if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
20.1.3 You can ask us to delete or remove your Personal Information if there is no good reason for us to continuing holding it or if you have asked us to stop using it. If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
20.1.4 You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. If we think there is a good reason for us to keep using the information or for not complying with your request, we will let you know and explain our decision.
20.1.5 You have the right to opt‑out of marketing communications we send you at any time. You can exercise this right by clicking on the unsubscribe or opt‑out link in the marketing e‑mails we send you. You can also contact us at info@reportr.ai.
20.1.6 If you are unhappy with the way we collect and use your Personal Information, you can complain to the Information Commissioner's Office, but we would encourage you to contact us first so that we can try to address your concerns.
20.2 To contact us or submit requests in relation to any of the above (except marketing related requests) please email info@reportr.ai.
20.3 If we have collected your Personal Information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on a Lawful Basis other than consent.
© Reportr. All rights reserved.