Privacy Policy

What Data We Collect

In this policy, "personal information" has the meaning given to it under the Australian Privacy Act 1988 - broadly, information or an opinion (whether true or not) about an identified individual, or an individual who is reasonably identifiable.

We keep collection to a minimum - only what is genuinely needed for platform integrity, content moderation, and community safety. Here is exactly what that includes.

User-Submitted Phone Reports

When you submit a report about a phone number, we collect: the phone number being reported, your caller type assessment (e.g. scam, telemarketer, legitimate), a severity rating, and your written description of the call. Reports are submitted without requiring an account - we do not ask for your name, email, or any personal identifiers. Technical identifiers (such as IP addresses) are recorded solely for abuse prevention purposes, as described below.

Reports are intended to exclude personal identifiers (names, addresses, account numbers, etc.). We moderate submissions for policy compliance and may remove or redact personal information if detected.

IP Addresses

Every request to the platform includes an IP address. We retain these for 90–180 days to detect coordinated fake reports, catch automated abuse, enforce rate limits, and infer general geographic region (state-level only - no street-level location is derived). After the retention window, IPs are deleted or folded into anonymous statistics. The legal basis is legitimate interest in platform integrity and fraud prevention.

Cookies and Session Data

The platform uses a small number of essential cookies. These are necessary for normal operation and cannot be disabled.

Third-party advertising technologies (Google AdSense) may set additional cookies or collect device and browser signals when ads load. This data collection is governed by Google's policies, not ours. Report content is never shared with advertisers. You can manage ad personalisation through your browser settings or Google's ad personalisation controls.

Browser and Device Metadata

Your browser sends standard HTTP metadata with every request - things like browser type and version, operating system, device type, referring URL, and timestamps. We use this for security monitoring and to keep the site running smoothly.

Contact Form Submissions

If you contact us via the contact form, the information you provide (typically name, email, and message content) is used solely to respond to your enquiry. Contact details are not added to marketing lists.

What We Do Not Collect

Reverseau does not collect: personal names or emails (unless you voluntarily contact us), residential addresses, phone numbers of report submitters, government identifiers (e.g. licence or passport numbers), passwords, financial or payment information, biometric data, precise geolocation, voice recordings, social media credentials, or any sensitive information as defined under Australian privacy law.

↑ Back to top

How We Use Your Data

The data described above is only used for the purposes listed in this section - nothing beyond that.

Public Safety Intelligence

Phone reports are published so other Australians can see what callers have been reported for. When someone searches a number, they see aggregated reports from people who received the same call.

Fraud Prevention and Platform Integrity

Without IP addresses and metadata, coordinated rating manipulation would go undetected. These identifiers let us spot automated bot submissions, flag attempts to suppress legitimate safety reports, and block denial-of-service attacks before they affect the platform.

AI-Assisted Content Moderation

Submitted reports may be screened by automated systems for spam, profanity, and personal information, then prioritised for human review. Moderators review flagged submissions and conduct quality checks. AI also generates summary paragraphs on phone pages, clearly marked with a disclosure notice. These systems process only report content - not user-identifying information. See our AI Transparency Statement for details.

Service Improvement

We look at aggregated, de-identified usage patterns to improve search, database performance, and overall experience. Nobody's individual behaviour is tracked or profiled.

Legal Compliance

Sometimes the law requires us to process data - responding to a valid subpoena, meeting Australian telecommunications and privacy regulations, or looking into reports that content on the platform violates someone's rights. We only do this when there is a clear legal obligation.

↑ Back to top

Who We Share Data With

The Public (Phone Reports Only)

User-submitted phone reports are displayed publicly - that is the purpose of the platform. Reports are intended to contain no personally identifying information about the submitter. We moderate and may redact or remove content that contains personal identifiers before publication.

Infrastructure Providers (Processors)

Our hosting, CDN, and security providers handle data on our behalf as "data processors." Each is bound by contract to protect that data and barred from using it for their own purposes.

Advertising Networks

Google AdSense displays ads on our site. Report content is not transmitted to advertisers. When ads are served, advertising providers may collect technical data directly (IP address, device identifiers, cookie data), subject to Google's privacy policy.

Law Enforcement (Only When Legally Required)

If we receive a valid subpoena, court order, or other enforceable legal request, we may have to disclose data. We check every request for legal validity and scope before complying, and where the law allows, we notify affected individuals.

What We Do Not Do

Reverseau does not sell personal information. No data broker arrangements exist, and advertisers never see search queries or report content.

↑ Back to top

Data Retention

Phone Reports

Reports are retained long-term as part of the historical public safety record, unless removal is requested, required by law, or necessary to maintain platform integrity. Long-term retention supports pattern analysis and helps users contextualise repeat or reappearing number activity over time.

IP Addresses and Access Logs

Retained for 90–180 days for security monitoring, then deleted or aggregated into non-identifying statistics.

Contact Form Data

Retained for as long as needed to resolve your enquiry, then deleted.

Retention Extensions

In some cases we hold data longer than usual - for example, during an active security investigation, while resolving a dispute, or to meet a specific legal obligation.

Secure Deletion

Deleted data is overwritten to prevent recovery. Archival backups are cycled on a rolling schedule, so deletion in backups may lag behind production by up to the backup rotation period.

↑ Back to top

Your Rights

Under the Australian Privacy Principles (Privacy Act 1988), you have the following rights regarding your personal information.

Request Report Removal

If you believe a phone number has been incorrectly classified, or a report contains inaccurate information, you may contact us for review. We evaluate removal requests based on: accuracy of the report, whether the number has been reallocated, public interest in safety awareness, and compliance with our Terms of Service. Where appropriate, we may redact personal identifiers or sensitive details rather than remove an entire report.

Request Data Correction

If information we hold about you is inaccurate, incomplete, or misleading, you can request correction via our contact form. Provide evidence supporting the correction and we will assess within 30 days.

Access Your Data

You can request access to any personal information we hold about you. Since we do not require registration, this is typically limited to submitted reports (already public) and access logs tied to your IP. Submit requests via our contact page.

Lodge a Complaint

If you believe we have breached your privacy rights, contact us first. If unsatisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Identity Verification

We may verify your identity before processing requests involving personal information. We will never ask for passwords or full payment details to verify your identity.

Response Timeline

We respond to all rights requests within 30 days. Complex enquiries may take up to 60 days with prior notice.

↑ Back to top

Data Security

All data in transit is encrypted with TLS 1.2+. Database access follows least-privilege permissions, and we run intrusion detection, regular patching, and rate limiting against automated abuse. We also conduct periodic security reviews to catch vulnerabilities early. That said, no system is bulletproof - so think carefully about what you put in a publicly visible report.

Data Breach Notification

Should a breach occur that is likely to cause serious harm, we will follow the Notifiable Data Breaches scheme under the Privacy Act 1988 - that means notifying affected individuals and the Office of the Australian Information Commissioner.

Children's Privacy

Reverseau is intended for users aged 18 and older. Information from children under 18 is not knowingly collected. Parents who believe their child has submitted information without consent may contact us for prompt deletion.

International Data Transfers

Reverseau is based in Australia and built for Australian users. Some of our infrastructure providers run servers overseas, though - so where data crosses borders, contracts require those providers to handle it in line with Australian privacy obligations.

Third-Party Links

Our site links to external resources like Scamwatch and the ACCC. These sites have their own privacy policies - we are not responsible for their practices.

Changes to This Policy

We may update this policy when our data practices change or when the law requires it. If the changes are material, we will post a notice on the site with a summary of what is different. Check the "Last Updated" date at the top for the most recent revision.