Privacy Policy

Revafone is an AI voice receptionist platform operated by Annex Media, based in Australia. When this policy says "we", "us", or "Revafone", it refers to Annex Media. You can reach us at hello@revafone.online.

We collect the following categories of personal information:

• Account data: name, email, password (hashed), business name, role.
• Authentication data: if you sign in with Google or Microsoft, we receive your name, email, and profile picture from those providers.
• Call data: audio recordings of calls handled by your AI receptionist, transcripts of those calls, caller phone numbers, call duration and metadata.
• Configuration data: your receptionist's name, greeting, business hours, services, FAQs, voice preferences, uploaded audio files.
• Billing data: we use Stripe to process payments. We do not store your full card details — Stripe does. We retain the last four digits, brand, expiry, and Stripe customer/subscription identifiers.
• Usage data: logs of how you interact with the platform, IP address, device/browser information, timestamps.

We use your personal information to:

• Operate the AI receptionist service and respond to incoming calls on your behalf.
• Authenticate you and secure your account.
• Process billing, send invoices, and manage subscriptions.
• Improve the service, troubleshoot issues, and detect abuse.
• Communicate with you about your account, the service, and (with your consent) marketing.
• Comply with our legal obligations.

To deliver the service, we share data with the following third-party processors, who are contractually bound to protect it:

• Supabase — database hosting, authentication, and file storage.
• Vapi — voice AI orchestration that connects your phone number to the receptionist.
• Twilio — telephony provider that delivers calls to your number.
• ElevenLabs — text-to-speech engine that gives the receptionist its voice.
• OpenAI — large-language-model provider that powers the receptionist's responses.
• Stripe — payment processing.
• Hostinger — virtual server hosting infrastructure.
• Google & Microsoft — only if you use them to sign in.

Several of these providers are based in the United States. By using Revafone, you consent to your data being transferred to and processed in those jurisdictions. We do not sell your personal information to third parties.

When your AI receptionist answers a call, the audio is recorded and transcribed. We treat this content as your data — it belongs to you, not us. We use it only to deliver the service to you (e.g. showing you the transcript in your dashboard, generating call summaries, computing lead scores). We do not use your call recordings to train models.

You are responsible for any call-recording disclosure requirements that apply in your jurisdiction or your callers' jurisdictions (for example, some Australian states and many US states require two-party consent to record). Revafone provides a configurable greeting where you can disclose recording — using it is your responsibility.

We keep your account data for as long as your account is active, and for a reasonable period afterwards for record-keeping and legal compliance. Call recordings and transcripts are retained for the duration of your subscription unless you delete them sooner. Billing records are retained as required by Australian tax law (typically 7 years). If you delete your account, we will delete or anonymise your personal data within 90 days, except where we are required by law to retain it.

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Request deletion of your data ("right to be forgotten").
• Export your data in a portable format.
• Object to certain uses of your data.
• Withdraw consent to marketing communications at any time.

To exercise any of these rights, email us at hello@revafone.online. We will respond within 30 days.

We protect your data with industry-standard measures: TLS/HTTPS for data in transit, encrypted storage for data at rest, hashed passwords, role-based access controls, and regular security review of our infrastructure. No system is perfectly secure, and we cannot guarantee absolute security — but we take it seriously.

Revafone uses essential cookies to keep you signed in and to remember your preferences. We do not currently use advertising or third-party tracking cookies. If we add analytics in the future, we will update this policy and ask for your consent where required.

Revafone is a B2B service intended for business users. It is not directed to children under 16, and we do not knowingly collect data from them. If you believe a child has provided data to us, please contact us and we will delete it.

We may update this policy from time to time. Material changes will be notified by email and posted here with a new "last updated" date. Continued use of the service after the change means you accept the updated policy.

Questions, complaints, or requests: email hello@revafone.online. You may also lodge a complaint with the Australian Office of the Information Commissioner (OAIC) if you believe we have mishandled your personal information.