Data Processing Addendum
Last updated 5 May 2026. Consult your own counsel for jurisdiction-specific advice.
Roles
For data the Practitioner collects from their Clients via Reverbe (intake responses, working-agreement signatures, session notes, generated audio), the Practitioner is the Controller and Reverbe is the Processor under GDPR / UK GDPR.
For data Reverbe collects directly from the Practitioner (account details, billing, audit logs about Practitioner actions), Reverbe is the Controller, see our Privacy Policy.
Subject matter and duration
Subject matter: provision of Reverbe’s SaaS platform. Duration: for as long as the Practitioner’s account is active, plus retention periods specified in the Privacy Policy.
Processing instructions
Reverbe processes Client data only on documented Practitioner instruction:
- Storing intake form responses on the Booking record
- Storing the Working Together Agreement signature on the SignedConsent record
- Sending intake + agreement records to the Practitioner via the dashboard
- Generating reinforcement audio scripts via Anthropic, using inputs the Practitioner provides
- Synthesising approved scripts into audio via ElevenLabs using the Practitioner’s voice clone
- Storing audio in Cloudflare R2 with per-Practitioner key prefix
- Delivering audio to the Client via magic-link email through Resend
Sub-processors
The following sub-processors process Client data on Reverbe’s behalf:
- MongoDB Atlas, primary database (EU region by default)
- Cloudflare R2, audio file storage (global, per-tenant key prefix isolation)
- Anthropic, AI script generation (zero-retention contract; data not used for model training)
- ElevenLabs, voice clone + text-to-speech (Practitioner consent recording stored for ToS compliance)
- Stripe, payment processing (handles its own controller obligations for payment data)
- Resend, transactional email delivery
- Clerk, Practitioner authentication (does not process Client data)
- GetStream Video, live session video infrastructure
- Trigger.dev, background job orchestration (audio generation pipeline)
We notify Practitioners by email at least 30 days before adding or replacing a sub-processor, with the option to object.
Security measures
- TLS 1.2+ in transit; encryption at rest for sensitive fields (AES-256-GCM)
- Per-tenant scope enforcement at the database layer (multi-tenant test suite)
- Per-Practitioner R2 key prefix; cross-tenant access throws at the storage helper
- Magic-link tokens are cryptographically random, single-purpose, and expire
- Audit log of every sensitive action with PII-anonymised retention
- Stripe webhook signatures verified via signing secret
Data subject rights
The Practitioner is responsible for handling data subject requests (access, rectification, erasure) from their Clients. Reverbe will assist promptly on the Practitioner’s instruction; specifically:
- Client deletion via the magic-link token endpoint (anonymises the Client record, revokes audio access)
- Audio purge: full hard-delete from R2 on request
- Practitioner-initiated GDPR delete also runs via the dashboard, with Clerk anonymisation done first (recoverable on support request)
International transfers
Where data is transferred outside the EEA / UK (e.g., to US-based sub-processors), transfers rely on Standard Contractual Clauses (SCCs) and supplementary measures. Cloudflare R2 audio is stored in the closest available region.
Audit rights
On reasonable written notice, the Practitioner may request a summary of relevant audit log entries pertaining to their Clients, our SOC reports (when published), and the security measures we have in place.
Termination
On termination of the Practitioner’s account, Reverbe deletes or anonymises the Practitioner’s data per the Privacy Policy retention schedule. Client audios are purged on the schedule the Practitioner sets (default 12 months).