Privacy Policy
Parlera ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights under applicable law — including the Privacy Act 1988 (Cth) (Australian Privacy Act) and the General Data Protection Regulation (GDPR) where applicable.
1. What Data We Collect
1.1 Account Information
- Name and email address — provided at registration.
- Role (teacher or student) — selected at signup.
- Profile information — including bio, subjects taught, availability, and profile photo (teachers only).
1.2 Session Data
- Audio — captured during live Studio sessions and sent to Deepgram for real-time transcription. Audio is not stored by Parlera.
- Session transcripts — generated by Deepgram from session audio and stored in your Parlera account.
- Whiteboard snapshots — screenshots of the shared whiteboard during sessions.
- Session duration and metadata — timing, participants, subject.
1.3 AI-Generated Content
- Revision materials — generated by Anthropic Claude from session transcripts. These are stored and made accessible to the teacher and participating student(s).
1.4 Usage Data
- Pages visited, features used, and session activity within the platform.
- Device and browser information, IP addresses, and approximate location (country/region level).
1.5 Consent Records
- Timestamp and version of Terms of Use and Privacy Policy accepted at signup.
- Timestamp of pre-session transcription/AI notice acknowledged before each Studio session.
2. How We Use Your Data
We use your personal information to:
- Provide and operate the Parlera service (account management, booking sessions, video calls);
- Generate revision materials from session transcripts using AI;
- Send booking confirmations and session reminders via email;
- Improve the platform, diagnose technical issues, and ensure security;
- Comply with legal obligations;
- Respond to your support requests.
We do not sell your personal data to third parties. We do not use your data to train AI models.
3. Third-Party Services
We share your data with the following trusted service providers, only to the extent necessary to deliver the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (USA) | Database & authentication | Account data, session data, transcripts |
| Deepgram (USA) | Real-time audio transcription | Live audio from sessions |
| Anthropic (USA) | AI revision material generation | Session transcripts |
| LiveKit (USA) | Video/audio infrastructure | Video and audio streams |
| Resend (USA) | Transactional email | Name and email address |
| Vercel (USA) | Hosting & edge compute | All request data (logs, IP) |
Each provider has their own privacy policy. We encourage you to review them. All providers are required to handle your data in accordance with applicable privacy law.
4. International Data Transfers
Parlera is based in Australia. Our service providers are primarily based in the United States. By using the Service, you acknowledge that your data may be transferred to, stored, and processed in countries outside Australia. Where required, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses for GDPR purposes).
5. Data Retention
- Account data — retained for as long as your account is active, and for up to 90 days after deletion.
- Session transcripts and revision materials — retained for 24 months from the date of the session, or until you request deletion.
- Audio — not stored by Parlera. Deepgram processes audio in real-time and their own retention policy applies.
- Usage/log data — retained for up to 12 months.
- Consent records — retained for the life of the account plus 7 years (legal compliance).
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of the personal data we hold about you.
- Correction — request that we correct inaccurate data.
- Deletion (Right to Erasure) — request that we delete your data. Note: some data may be retained for legal compliance.
- Portability — request your data in a machine-readable format.
- Objection / Restriction — object to or restrict certain processing of your data.
- Withdraw Consent — where processing is based on consent, you may withdraw it at any time (this does not affect lawfulness of prior processing).
To exercise any of these rights, contact us at privacy@parlera.app. We will respond within 30 days.
7. Cookies
Parlera uses only essential session cookies (set by Supabase) necessary for authentication and keeping you logged in. We do not use advertising or tracking cookies.
- sb-access-token / sb-refresh-token — Supabase authentication tokens. These are httpOnly cookies and cannot be accessed by JavaScript.
8. Children's Privacy
We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you become aware that a child under 13 has provided us with personal data without consent, please contact us at privacy@parlera.app and we will promptly delete it.
For users aged 13–17, we recommend parental review of this policy. Parents and guardians may request access to or deletion of their child's data by contacting us.
9. Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), database-level Row Level Security (RLS), and strict access controls. No method of transmission over the internet is completely secure, but we take reasonable steps to protect your information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email or in-app notice when we make material changes. Continued use after notification constitutes acceptance.
11. Contact & Complaints
For privacy inquiries, contact our Privacy Officer at: privacy@parlera.app
If you are in Australia and believe we have breached the Australian Privacy Principles, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
If you are in the EU/EEA and believe we have breached the GDPR, you may lodge a complaint with your local data protection authority.