Privacy Policy

Last updated: 8 April 2026

AI Call Assist Pty Ltd (ABN 22 696 284 456) ("we", "us", "our") operates the Rewynd application and website. This policy explains how we collect, use, and protect your information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Encrypted

All data encrypted in transit and at rest

Audio Deleted

Answered call recordings deleted immediately after transcription; voicemail audio retained for 7 days then deleted

Your Data

We never sell or share your data

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials through our OAuth provider. If you subscribe to a paid plan, payment processing is handled by Stripe; we do not store your credit card details.

1.2 Call Data

The core function of Rewynd is to capture, transcribe, and analyse your business phone calls. When you use the Service, we collect and process the following call data on your behalf:

  • Audio recordings of inbound and outbound calls routed through your Rewynd number
  • Transcriptions generated from those recordings using AI speech-to-text services
  • AI-generated summaries and extracted action items derived from transcriptions
  • Call metadata including caller phone number, call duration, timestamps, and call direction

1.3 Caller Contact Information

Where you have connected your email account (e.g. Gmail or Outlook) to the Service, we may match a caller's phone number against your contacts to retrieve their name and email address. We may also identify caller details from the content of a call transcript. This information is used solely to deliver post-call communications on your behalf (see section 2A).

1.4 Device Information

When you use our mobile application, we may collect device identifiers, operating system version, and push notification tokens (via Apple Push Notification Service) for the purpose of delivering notifications about missed calls and new action items.

1.5 Usage Data

We collect anonymised usage data including pages visited, features used, and interaction patterns to improve the Service. This data is collected through our analytics system and does not include call content.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including call recording, transcription, and action extraction
  • Send you notifications about missed calls, new action items, and daily summaries via email and push notifications
  • Send post-call emails to your callers on your behalf, containing action items arising from the call (see section 2A below)
  • Process your subscription payments through Stripe
  • Improve and develop new features based on aggregated, anonymised usage patterns
  • Respond to your support requests and communicate with you about the Service
  • Comply with legal obligations

Important

We do not use your call recordings or transcriptions for any purpose other than providing the Service to you. We do not use your call data to train AI models. We do not sell your data to third parties.

2A. Communications to Your Callers

When a caller's email address is available (either from your connected contacts or identified during the call), Rewynd may send them an email on your behalf containing action items arising from the call. These emails are sent from [email protected] and identify you as the sender.

Caller emails contain only action items relevant to that caller — they do not include full call transcripts or summaries. Every email sent to a caller includes a one-click unsubscribe link. If a caller opts out, no further emails will be sent to that address from any Rewynd user.

Spam Act 2003 Compliance

All emails sent to callers comply with the Spam Act 2003 (Cth). They identify the sender, contain accurate contact information, and include a functional unsubscribe mechanism. Opt-out requests are honoured within 5 business days. You must not attempt to circumvent a caller's opt-out or re-add opted-out addresses.

You are responsible for ensuring you have a lawful basis to share your callers' contact details with us for this purpose. By enabling caller email notifications, you represent that you have such a basis.

3. Use of Artificial Intelligence

Rewynd uses artificial intelligence (AI) and automated computer programs to process your personal information in the following ways:

  • Speech-to-text transcription: Call audio is sent to OpenAI's Whisper API for conversion to text. Audio is processed in real time and is not retained by the AI provider after processing.
  • Action item extraction: Call transcriptions are analysed by large language models (LLMs) to identify action items, key details, and summaries. Transcription text is processed and not retained by the AI provider.
  • AI receptionist: When enabled, an AI-powered receptionist may answer calls on your behalf, using natural language processing to converse with callers and capture messages.

No human reviews your call recordings or transcriptions. AI processing is performed solely to deliver the Service to you. You may contact us to request that your data not be processed by AI, in which case the core transcription and action extraction features will be unavailable.

4. Call Recording Disclosure

Rewynd records phone calls routed through your Rewynd number. Call recording through Rewynd is conducted in accordance with the Telecommunications (Interception and Access) Act 1979 (Cth). When the AI receptionist answers a call on your behalf, callers are informed that the call may be recorded and transcribed.

Your Responsibility

Call recording laws in Australia vary by state and territory. It is your responsibility to ensure that call recording complies with applicable laws in your jurisdiction, including any requirements for consent from call participants. We recommend you seek independent legal advice regarding your obligations.

The following is a general guide only and does not constitute legal advice:

JurisdictionLegislationConsent Requirement
ACTListening Devices Act 1992One-party consent generally sufficient
NSWSurveillance Devices Act 2007, s 7All principal parties must consent (limited exceptions apply)
VICSurveillance Devices Act 1999One-party consent; restrictions on disclosure
QLDInvasion of Privacy Act 1971One-party consent; restrictions on disclosure
SASurveillance Devices Act 2016All parties must consent (express or implied)
WASurveillance Devices Act 1998One-party consent; restrictions on disclosure
TASListening Devices Act 1991All parties must consent (limited exceptions)
NTSurveillance Devices Act 2007One-party consent; restrictions on disclosure

Rewynd plays a notification at the start of recorded calls to inform participants that the call may be recorded and summarised. Where all-party consent is required, continued participation after this notification may constitute implied consent, but you should seek independent legal advice for your specific circumstances.

5. Data Storage and Security

5.1 Storage Locations

Your data is stored on secure servers located in Australia and the United States (Amazon Web Services, US East region). In accordance with Australian Privacy Principle 8, where your data is transferred to or stored in the United States, we ensure that the overseas recipients are contractually bound to handle your data in a manner consistent with the Australian Privacy Principles, or are subject to a law or binding scheme substantially similar to the APPs.

5.2 Security Measures

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction, in accordance with Australian Privacy Principle 11. These measures include:

  • Encryption in transit (TLS 1.2+) and at rest
  • Access controls limiting data access to authenticated account holders
  • Secure cloud storage (Amazon S3) with server-side encryption
  • Regular security assessments and monitoring
  • HMAC-signed tokens for email opt-out links to prevent tampering

5.3 Data Breach Response

In the event of an eligible data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under Part IIIC of the Privacy Act 1988 (Notifiable Data Breaches scheme). We maintain a data breach response plan and will take reasonable steps to contain and remediate any breach.

6. Data Retention and Deletion

We retain your data as follows:

  • Answered call audio recordings: Deleted immediately after transcription is complete. Audio is used solely for the purpose of generating a text transcription and is not retained.
  • Voicemail audio recordings: Retained for 7 days after transcription to allow you to listen back, then automatically and permanently deleted. Voicemail transcripts are retained as part of your call history.
  • Transcriptions and action items: Retained for as long as your account is active. You may delete individual call records at any time through the Service.
  • Account data: If you close your account, we will delete all your data within 30 days, except where we are required to retain it by law.

When personal information is no longer needed for any purpose for which it may be used or disclosed, and we are not required by law to retain it, we will take reasonable steps to destroy or de-identify the information in accordance with APP 11.2.

7. Third-Party Services

We use the following third-party services to operate Rewynd:

ServicePurposeData SharedLocation
TelnyxTelephony and call routingCall audio, phone numbersUS
OpenAI (Whisper)Speech-to-text transcriptionCall audio (processed, not stored)US
Anthropic / OpenAIAI summarisation and action extractionCall transcriptions (processed, not stored)US
StripePayment processingEmail, subscription detailsUS
ResendEmail deliveryEmail address, notification contentUS
Amazon Web ServicesCloud hosting and storageAll service data (encrypted)US
Apple Push Notification ServicePush notificationsDevice tokens, notification contentUS

Each third-party service operates under its own privacy policy. We select providers that maintain appropriate data protection standards and, where data is transferred overseas, we take reasonable steps to ensure compliance with APP 8.

8. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you (APP 12)
  • Request correction of inaccurate personal information (APP 13)
  • Delete your personal information and account
  • Export your call data (transcriptions and action items)
  • Withdraw consent for optional data processing
  • Request that your data not be processed by AI (noting this will disable core features)
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

To exercise any of these rights, contact us at [email protected]. We will respond to access and correction requests within 30 days.

9. Children's Privacy

Rewynd is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, or wish to make a complaint about our handling of your personal information, contact us at:

AI Call Assist Pty Ltd

ABN 22 696 284 456

Canberra, ACT, Australia

[email protected]