LEGAL · DATA & COMPLIANCE

Data & Compliance

Version 1.0 · Effective 1 April 2025

This page provides detailed disclosures about how Parlera processes personal data during Studio sessions, our compliance with the Australian Privacy Act 1988 (Cth) and the EU General Data Protection Regulation (GDPR), and how users can exercise their rights.

1. Audio Transcription Disclosure

Important Notice: When you join a Parlera Studio session, your voice is transcribed in real-time by Deepgram, a third-party speech-to-text service based in the United States. This transcription occurs automatically for all sessions. A notice is displayed and must be acknowledged by every participant before each session begins.

What this means

Your microphone audio is streamed in real-time to Deepgram's servers during the session.
Deepgram converts your speech to text and returns the transcript to Parlera.
Parlera stores the transcript, linked to your account and the session record.
Audio is not stored by Parlera. Deepgram's own data retention policy applies to any data on their servers.

Deepgram's Privacy Policy

Deepgram processes audio under their own Privacy Policy. By using Parlera, you acknowledge that your audio will be processed by Deepgram subject to their terms.

2. AI Processing Disclosure (Anthropic Claude)

Important Notice: After each Studio session, the session transcript is sent to Anthropic (makers of Claude AI) to automatically generate revision materials. These materials are stored and made available to the teacher and participating student(s).

What this means

The text transcript of your session is sent to Anthropic's API for processing.
Anthropic's Claude AI analyses the transcript and generates study notes, key concepts, and revision questions.
The generated materials are stored in Parlera and accessible to the session's teacher and student(s).
Parlera does not use your data to train AI models. Anthropic's API usage terms prohibit them from training on API input/output data.

Anthropic's Privacy Policy

Anthropic processes transcript data under their Privacy Policy. By using Parlera, you acknowledge that session transcripts will be processed by Anthropic subject to their terms.

3. Per-Session Consent

Every participant in a Parlera Studio session — both teachers and students — is required to acknowledge the following notice before entering each session:

"This session will be transcribed in real-time by Deepgram and an AI (Anthropic Claude) will generate revision materials from the transcript. By joining, you acknowledge this recording and processing."

The acknowledgement timestamp is recorded in Parlera's database, linked to the session and the participant.

4. GDPR Compliance

Where users are located in the European Economic Area (EEA), we process personal data in accordance with the General Data Protection Regulation (GDPR).

Lawful Basis for Processing

Contract performance — processing necessary to provide the tutoring service you signed up for (account management, session delivery).
Consent — for audio transcription and AI processing of session content. You may withdraw consent by contacting us, though this will prevent session functionality.
Legitimate interests — for security monitoring, fraud prevention, and service improvement.
Legal obligation — where required by law.

Your GDPR Rights

Right of Access (Art. 15) — receive a copy of all personal data we hold.
Right to Rectification (Art. 16) — correct inaccurate data.
Right to Erasure (Art. 17) — request deletion of your data ("right to be forgotten").
Right to Restriction (Art. 18) — restrict how we process your data in certain circumstances.
Right to Data Portability (Art. 20) — receive your data in a structured, machine-readable format (JSON/CSV).
Right to Object (Art. 21) — object to processing based on legitimate interests.
Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.

Data Protection Officer

For GDPR enquiries, contact: privacy@parlera.app. We will respond within 30 days.

If you believe we have infringed your GDPR rights, you may lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).

5. Australian Privacy Act Compliance

Parlera complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

APP 1 — Open and transparent management: This policy and our practices are publicly available.
APP 3 — Collection of solicited personal information: We collect only information necessary for providing the Service.
APP 5 — Notification of collection: We notify users at the point of data collection (this policy and in-app notices).
APP 6 — Use or disclosure: We use personal information only for the purposes stated in this policy and do not disclose it without consent, except as required by law.
APP 8 — Cross-border disclosure: We disclose data to overseas service providers (USA) as set out in section 3 of our Privacy Policy, taking reasonable steps to ensure they handle it in accordance with the APPs.
APP 11 — Security: We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access.
APP 12 — Access: You may request access to the personal information we hold about you.
APP 13 — Correction: You may request correction of inaccurate personal information.

To exercise your Australian Privacy Act rights, contact: privacy@parlera.app

If you believe we have breached the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

6. Data Requests for Minors

Parents and guardians of users under 18 may request access to, correction of, or deletion of their child's personal data by:

Emailing privacy@parlera.app with the subject line "Minor Data Request";
Providing proof of identity and your relationship to the minor;
Specifying the action requested (access, correction, or deletion).

We will respond within 30 days and complete the request within 60 days of verification.

7. Data Breach Notification Policy

Parlera maintains a Data Breach Response Plan consistent with obligations under the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act 1988) and the GDPR.

What we will do in the event of a breach

Contain and assess the breach within 72 hours of becoming aware of it;
Notify affected users by email as soon as practicable, describing the nature of the breach, the data involved, and recommended protective steps;
Notify the OAIC (for Australian users) within 30 days as required under the NDB scheme;
Notify the relevant supervisory authority (for EU/UK users) within 72 hours as required under GDPR;
Take remedial action to prevent recurrence.

8. Contact

All data and compliance inquiries: privacy@parlera.app

Postal address available on request.