Privacy Policy - Reverseau

Introduction

This Privacy Policy outlines how Reverseau collects, uses, discloses, and protects information gathered through our telephone number lookup and scam reporting service. We are committed to safeguarding your privacy whilst maintaining a transparent and effective platform for community-driven scam identification. This policy applies to all users who access or interact with our website and services, regardless of the device or method used to access them.

Reverseau operates as the data controller for all personal information collected through our platform. As a data controller under Australian privacy law, we are responsible for ensuring that your personal information is handled in accordance with the Australian Privacy Principles (APPs) established under the Privacy Act 1988 (Cth). Our commitment extends beyond mere legal compliance—we view privacy protection as a fundamental responsibility and a core element of the trust our community places in us. We recognise that whilst our service relies on information sharing to protect Australians from scams, this must be balanced against individual privacy rights and expectations.

This policy has been designed to be comprehensive yet accessible, providing you with a clear understanding of our privacy practices. We encourage you to read this policy in its entirety and contact us if you have any questions or concerns about how your information is handled. By using Reverseau's services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with our practices, please discontinue use of our services immediately.

Information We Collect

Our approach to information collection is guided by the principle of data minimisation—we collect only the information necessary to provide and improve our scam identification service. Unlike many online services, Reverseau does not require user registration or the creation of personal accounts. This design choice reflects our commitment to protecting user privacy whilst maintaining an effective community platform. The information we collect falls into several distinct categories.

Information You Provide to Us

When you choose to submit a report about a phone number, you voluntarily provide certain information. This typically includes the phone number being reported, your assessment of whether the call was legitimate or suspicious, a rating indicating the severity or nature of the call, and a written description of your experience with that number. You may also optionally provide contextual information such as what the caller claimed, any identifying information the caller provided, or tactics the caller employed. Importantly, we do not require or request that you provide your name, email address, residential address, or any other personally identifying information when submitting a report. All reports can be submitted anonymously, allowing you to contribute to community protection without compromising your personal privacy.

Information We Collect Automatically

When you access our website or submit a report, certain technical information is automatically collected by our systems. This includes your Internet Protocol (IP) address, which provides us with a general indication of your geographic location at the state or regional level—not sufficiently precise to identify your specific address or precise location. We also collect standard browser information, including your browser type, version, and language preferences; device information such as your operating system and device type; referring website information indicating which site directed you to Reverseau; and timestamps recording when you accessed our service. This automatically collected information serves several important purposes, including detecting and preventing abuse of our platform, identifying patterns that might indicate coordinated fraud or manipulation of our rating system, providing region-specific information when relevant to scam identification, and improving our service's technical performance and user experience.

Information from Third-Party Sources

In limited circumstances, we obtain information from external sources to enhance our service and security measures. We engage with geolocation service providers who help us determine general geographic location based on IP addresses, allowing us to provide region-relevant information and detect suspicious patterns of activity originating from unexpected locations. We work with security service providers who supply threat intelligence and security information that helps us identify and prevent fraudulent manipulation of our platform, distributed denial-of-service attacks, and other security threats. We also access publicly available information, including data from public databases that associate IP addresses with internet service providers, publicly available telecommunications information regarding phone number allocations and service types, and publicly accessible information about known scam campaigns reported through official channels such as Scamwatch. All information obtained from third-party sources is handled in accordance with this Privacy Policy and any additional restrictions or requirements imposed by the information source.

What We Do Not Collect

Equally important to understanding what we collect is understanding what we do not collect. Reverseau does not collect, store, or process any of the following information: personal names, email addresses, residential or business addresses, telephone numbers of users submitting reports (only the numbers being reported about), financial information or payment details (as our service is entirely free), biometric information, precise geolocation data, voice recordings or call content, social media account information or credentials, employment information, health information, or any other sensitive personal information as defined under Australian privacy law. This minimalist approach to data collection reflects our philosophy that effective scam identification can be achieved without compromising user privacy through excessive data collection.

How We Use Your Information

The information we collect serves specific, legitimate purposes directly related to our mission of protecting Australians from telephone scams. Our use of your information is guided by principles of transparency, lawfulness, and purpose limitation as established under the Australian Privacy Principles.

Processing and Displaying Scam Reports

The primary purpose for which we collect information is to process and display user-submitted reports about suspicious phone numbers. When you submit a report, that information becomes part of our publicly accessible database, allowing other Australians to benefit from your experience when they receive calls from the same number. This public display is the fundamental mechanism through which our community-driven protection operates. However, because reports are submitted without personal identifying information, this public display does not compromise your privacy—the reports themselves are effectively anonymous, containing only the information you choose to provide about the phone number and the nature of the call you received.

Service Quality and Performance Improvement

We analyse aggregated usage patterns and system performance data to improve our service continuously. This includes understanding which features are most valuable to users, identifying technical issues that may affect service reliability or speed, optimising our search functionality to deliver relevant results more quickly, refining our database structure to handle growing volumes of reports efficiently, and developing new features based on identified user needs and emerging scam tactics. This analytical work uses aggregate, de-identified data wherever possible and focuses on patterns rather than individual user behaviour.

Security and Fraud Prevention

Protecting the integrity of our platform is essential to maintaining its usefulness as a scam identification tool. We use collected information to detect and prevent various forms of abuse, including identifying attempts to manipulate our rating system through coordinated fake reviews, detecting automated bot activity that might attempt to flood our database with false reports, preventing distributed denial-of-service attacks that could render our service unavailable when Australians need it most, identifying and blocking malicious actors who might attempt to suppress legitimate reports about scam numbers they control, and recognising patterns that might indicate security vulnerabilities in our systems. These security measures ensure that the information on Reverseau remains trustworthy and reliable for all users.

Legal Compliance and Protection of Rights

In certain circumstances, we may use collected information to comply with legal obligations or protect our legal rights and those of our users. This includes responding to valid legal process such as subpoenas or court orders, complying with regulatory requirements under telecommunications and privacy law, investigating and responding to claims that content on our platform violates the rights of third parties, enforcing our Terms of Service and other applicable policies, and protecting the safety and security of our platform, employees, and users. We carefully evaluate any such use to ensure it is legally justified and proportionate to the circumstances.

How We Share Your Information

Information sharing is central to Reverseau's function as a community protection platform, but we approach this sharing with careful consideration for privacy implications. Our sharing practices are transparent, limited, and purpose-driven.

Public Display of Reports

User-submitted reports about phone numbers are displayed publicly on our website and are accessible to anyone who searches for information about a particular number. This public accessibility is the core mechanism through which our service protects the community—when you look up a suspicious number, you can immediately see reports from others who have received calls from that number. However, this public display is carefully structured to protect reporter privacy. Reports do not contain any personally identifying information about the person who submitted the report unless the reporter voluntarily chose to include such information in their written description, which we strongly discourage. The reports contain only information about the phone number being reported and the nature of the call received. Users should be aware that any information they include in the written description of their report will be publicly visible and should take care not to include personal information they wish to keep private.

Service Providers and Technical Partners

Like most online services, we engage with third-party service providers who assist in delivering and maintaining our platform. These service providers may have access to collected information, but only to the extent necessary to perform their specific functions on our behalf. Our service providers include web hosting providers who maintain the servers on which our website and database operate, content delivery network providers who help deliver our content quickly and reliably to users across Australia, security service providers who assist in protecting our platform from cyber threats and malicious activity, geolocation service providers who help us determine general geographic information from IP addresses, and analytics service providers who assist in understanding aggregate usage patterns and service performance. We carefully select service providers who demonstrate strong privacy and security practices, and we require them through contractual arrangements to handle any information they access in accordance with this Privacy Policy and applicable privacy laws. These service providers are prohibited from using information they access through providing services to Reverseau for their own independent purposes.

Third-Party Advertising

To sustain our free service, we display advertisements provided by third-party advertising networks, primarily Google AdSense. These advertising networks may collect information about your visits to Reverseau and other websites to provide advertisements that may be relevant to your interests. The information collected by these advertising networks typically includes your IP address, browser type, pages viewed, and interaction with advertisements. Importantly, this information is collected by the advertising networks themselves, not by Reverseau, and is governed by those networks' own privacy policies rather than this Privacy Policy. We do not provide advertising networks with access to any information you submit through our platform, such as reports or searches you conduct. If you wish to learn more about how advertising networks use information or wish to opt out of interest-based advertising, you can visit the Network Advertising Initiative's opt-out page or review Google's advertising privacy policy at https://policies.google.com/technologies/ads.

Legal Requirements and Rights Protection

In certain limited circumstances, we may be required or permitted to disclose information to third parties without your consent. These circumstances include when required to do so by law or in response to valid legal process such as a subpoena, warrant, or court order; when we believe in good faith that disclosure is necessary to protect our legal rights or property, enforce our Terms of Service, or investigate potential violations; when necessary to protect the personal safety of our users or the public; in connection with the investigation of fraud, security incidents, or other potentially illegal activities; and in connection with a corporate transaction such as a merger, acquisition, or sale of assets, though we would require any successor entity to honour the commitments made in this Privacy Policy. Before disclosing information in response to legal process, we carefully evaluate the request to ensure it is legally valid and appropriately scoped. Where legally permissible, we will make reasonable efforts to notify affected users before disclosing their information, unless prohibited by law or court order.

What We Do Not Share

It is equally important to understand what we do not do with your information. Reverseau does not and will never sell your personal information to third parties. We do not provide your IP address or other identifying information to advertisers. We do not share your search history or the specific phone numbers you have looked up with any third parties except as required by valid legal process. We do not participate in data broker arrangements or provide information to marketing companies for their independent use. Our business model is based on providing a free, community-driven service supported by advertising revenue, not on monetising user data.

Cookies and Tracking Technologies

Reverseau employs a minimal approach to cookies and tracking technologies, using them only where necessary for basic functionality and security purposes.

Our Use of Cookies

We utilise essential cookies that are strictly necessary for our website to function properly. These include session cookies that maintain your session state as you navigate through our website, security cookies that help protect against cross-site request forgery and other security threats, and preference cookies that remember basic settings such as your preferred display options. These essential cookies do not track your activity across other websites and contain no personally identifying information. You can configure your browser to reject cookies, though doing so may affect certain functionality of our website.

Third-Party Advertising Cookies

When you visit Reverseau, third-party advertising networks, particularly Google AdSense, may place cookies or similar tracking technologies on your device. These technologies are used by the advertising networks to deliver advertisements and to track whether you interact with those advertisements. The advertising networks may use this information across multiple websites to build a profile of your interests and deliver targeted advertisements. These third-party cookies are not under Reverseau's control and are governed by the privacy policies of the respective advertising networks. We do not have access to the information collected by these third-party cookies, nor do we control how that information is used. If you prefer not to receive interest-based advertising, you can opt out through the Digital Advertising Alliance's consumer choice page or by adjusting your Google Ad Settings.

Managing Your Cookie Preferences

Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. Browser help functions typically explain how to configure cookie settings. You can also use browser extensions and privacy tools that provide more granular control over cookies and tracking technologies. However, please note that if you choose to disable cookies, some features of our website may not function correctly, and your user experience may be diminished. Disabling cookies will not prevent you from accessing basic functionality such as searching for phone numbers and reading reports, but it may affect session management and security features.

Data Security

Protecting the information entrusted to us by our users is a responsibility we take seriously. We have implemented comprehensive technical, administrative, and physical security measures designed to protect against unauthorised access, disclosure, alteration, or destruction of information we collect and store.

Technical Security Measures

Our technical security infrastructure includes multiple layers of protection. All data transmitted between your browser and our servers is encrypted using industry-standard Transport Layer Security (TLS) protocols, ensuring that information cannot be intercepted by third parties during transmission. Our database servers are configured with strict access controls, limiting system access to only those personnel who require it to perform their job functions. We employ intrusion detection and prevention systems that monitor for suspicious activity and potential security breaches. Our systems are regularly updated with security patches to address known vulnerabilities. We implement rate limiting and other protective measures to prevent automated attacks and abuse of our platform. Regular security audits and vulnerability assessments help us identify and address potential weaknesses before they can be exploited.

Administrative Security Measures

Beyond technical measures, we maintain rigorous administrative controls. Access to systems containing user information is restricted to authorised personnel on a need-to-know basis. Our staff and service providers are bound by confidentiality obligations and are trained on the importance of privacy and data security. We maintain incident response procedures to ensure rapid and effective response in the event of a security breach. Our data handling procedures are regularly reviewed and updated to reflect evolving best practices and emerging threats.

Limitations and User Responsibilities

Whilst we implement robust security measures, no system can be absolutely impervious to all possible threats. Internet-based services inherently involve some degree of security risk, and we cannot guarantee that unauthorised access, hacking, data loss, or other breaches will never occur. We encourage users to take their own precautions to protect their information, including using secure internet connections, keeping browser software updated, and exercising caution about the information they choose to include in publicly submitted reports. In the event of a data breach that is likely to result in serious harm, we will comply with applicable notification requirements under Australian privacy law, including notifying affected individuals and the Office of the Australian Information Commissioner where required.

Data Retention

We retain information for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention practices reflect a balance between maintaining a useful historical database of scam reports and respecting privacy principles that discourage indefinite data retention.

Retention of User Reports

Reports submitted about phone numbers are retained indefinitely as part of our publicly accessible database unless specifically requested for removal and determined to meet our criteria for removal. This extended retention is justified by the ongoing value these reports provide to the community—scammers often continue using the same numbers over extended periods, and historical reports remain useful for identifying persistent scam operations. However, we recognise that circumstances may warrant report removal, such as when a report contains inaccurate information, when a phone number has been legitimately reallocated to a new user, or when a report violates our Terms of Service. Requests for report removal can be submitted through our contact form and will be evaluated on a case-by-case basis.

Retention of Technical Information

Automatically collected technical information, such as IP addresses and access logs, is retained for a substantially shorter period than user-submitted reports. Access logs are typically retained for ninety to one hundred and eighty days, after which they are deleted or aggregated into statistical summaries that do not contain identifying information. This shorter retention period reflects the fact that whilst such information is valuable for security monitoring and service improvement in the near term, it loses relevance over time and need not be retained indefinitely. Aggregated and de-identified statistical information may be retained indefinitely for historical analysis and service improvement purposes.

Data Deletion Procedures

When information is deleted from our systems, we employ secure deletion methods designed to prevent recovery. This includes overwriting deleted data and ensuring that backup copies containing deleted information are cycled out according to our backup retention schedules. However, please note that information that has been shared with third parties, such as service providers or law enforcement agencies pursuant to legal process, may remain with those third parties and is subject to their own retention policies rather than ours.

Your Rights Under Australian Privacy Law

Australian privacy law, particularly the Australian Privacy Principles, grants you certain rights regarding your personal information. Whilst our service is designed to minimise the collection of personally identifying information, we recognise and respect these rights to the extent they apply to the information we hold.

Right to Access Your Information

You have the right to request access to personal information we hold about you. Because Reverseau does not require registration or collect extensive personal information, the scope of information we hold about any particular individual is typically quite limited. If you have submitted reports, those reports are already publicly accessible on our website. If you wish to request information about what other data we may hold about you, such as access logs associated with your IP address, you may submit a request through our contact page. We will respond to access requests within thirty days and will provide the requested information unless an exception applies under privacy law, such as where providing access would pose a serious threat to someone's safety or would unreasonably impact another individual's privacy.

Right to Correct Inaccurate Information

If you believe that a report or other information we hold is inaccurate, incomplete, or misleading, you have the right to request correction. For publicly displayed reports, you can submit a correction request through our contact form, explaining what information you believe is inaccurate and providing evidence supporting the correction. We will assess correction requests on their merits, considering factors such as the evidence provided, the nature of the information in question, and whether the correction would affect the utility of the report for other users. In some cases, rather than removing or altering a report, we may add a notation indicating that the information has been disputed, allowing users to make their own assessments based on complete information.

Right to Request Deletion

Under certain circumstances, you may request deletion of information we hold about you. If you have submitted reports and wish to have them removed, you may submit a deletion request through our contact page. We will evaluate such requests based on several factors, including whether the information is inaccurate or outdated, whether continued publication serves the public interest in scam identification, whether removal would substantially impair the utility of our database, and whether we have a legal obligation to retain the information. If we determine that deletion is not appropriate, we will explain our reasoning. Even where deletion is granted, please note that information may persist in backup systems for a limited time based on our backup retention cycles.

Right to Complain

If you believe we have breached your privacy rights or the Australian Privacy Principles, you have the right to lodge a complaint. We encourage you to contact us first so we can attempt to resolve your concerns directly. If you remain dissatisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Information about lodging complaints with the OAIC is available at www.oaic.gov.au.

Exercising Your Rights

To exercise any of these rights, please contact us through the contact information provided at the end of this Privacy Policy. We will respond to all requests within the timeframes required by applicable privacy law, typically within thirty days. Before fulfilling requests that involve accessing or modifying information, we may need to verify your identity to ensure we are responding to the correct individual. We reserve the right to decline requests that are manifestly unfounded or excessive, particularly where they are repetitious in nature, though we will explain our reasoning if we decline a request.

Children's Privacy

Reverseau's services are intended for use by adults aged eighteen years and older. We do not knowingly collect personal information from children under the age of eighteen. Our platform addresses issues related to telephone scams, which are matters more relevant to adults who typically manage their own telecommunications and are more likely to be targeted by scammers. Minors under the age of eighteen should only use our service under the supervision and with the express permission of a parent or legal guardian. Parents or guardians who supervise a minor's use of Reverseau remain responsible for the information that minor submits through our platform.

If we become aware that we have inadvertently collected personal information from a child under eighteen years of age without appropriate parental consent, we will take steps to delete that information as soon as reasonably practicable. If you are a parent or guardian and believe your child has provided personal information to us without your consent, please contact us immediately using the contact information provided at the end of this Privacy Policy so we can address the situation appropriately.

International Data Transfers

Reverseau's services are primarily directed to users in Australia, and our operations are based in Australia. However, the global nature of internet infrastructure means that information collected through our service may be transferred to, stored on, or processed by servers or service providers located outside Australia. When such international transfers occur, we take steps to ensure that your information receives an appropriate level of protection consistent with Australian privacy standards.

Our third-party service providers, including web hosting providers and content delivery networks, may operate servers in jurisdictions outside Australia. When we engage such providers, we assess their privacy and security practices and, where appropriate, require contractual commitments that they will protect information in accordance with standards comparable to those required under Australian privacy law. However, please be aware that countries outside Australia may have different privacy laws and standards, and information transferred to such countries may be accessible by law enforcement or government agencies in those countries in accordance with local laws.

Third-Party Websites and Services

Our website may contain links to third-party websites, including links to external resources about telephone scams, government consumer protection agencies, and other relevant services. These links are provided for your convenience and information, but Reverseau does not control these third-party websites and is not responsible for their privacy practices or content. When you click on a link to a third-party website, you leave our service and become subject to that website's own terms of service and privacy policy. We encourage you to review the privacy policies of any third-party websites you visit to understand how they collect, use, and protect your information. The inclusion of a link on our website does not constitute an endorsement of that third-party website or its operator.

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service functionality. When we make changes to this Privacy Policy, we will update the "Last Updated" date at the bottom of this page. If we make material changes that significantly affect how we collect, use, or disclose personal information, we will provide prominent notice on our website prior to the changes taking effect, and where required by law, we will seek your consent to the changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the information we collect. Your continued use of Reverseau's services following the posting of changes to this Privacy Policy constitutes your acknowledgement of those changes and your consent to be bound by the modified policy. If you do not agree to the modified Privacy Policy, you should discontinue your use of our services. Material changes to this Privacy Policy will not apply retroactively to information we collected prior to the changes taking effect unless we obtain your explicit consent or are required to do so by law.

Contact Us

We welcome your questions, comments, and concerns about this Privacy Policy and our privacy practices. If you wish to contact us regarding privacy matters, including to exercise your rights under Australian privacy law, please visit our Contact Us page. We are committed to responding to all privacy enquiries within a reasonable timeframe, typically within thirty days for straightforward matters and within sixty days for more complex enquiries. For information about removal of reports or phone numbers from our database, please reference our Frequently Asked Questions at FAQ, which provides detailed guidance on our removal policies and procedures.

When contacting us about privacy matters, please provide sufficient detail to allow us to understand and respond to your enquiry effectively. If you are requesting access to, correction of, or deletion of information, please include information that will help us locate any relevant records, though please do not include sensitive personal information in your initial enquiry. We may need to verify your identity before responding to requests that involve accessing or modifying information to ensure we are providing information to or making changes at the request of the correct individual. We respond to all enquiries we receive from individuals wishing to exercise their privacy rights in accordance with applicable Australian privacy law and the principles outlined in this Privacy Policy.

Last Updated: 30 January, 2026.