Plain-English summary: Iverson Endpoint runs entirely on your PC. The Iverson mobile companion app's "Ask Iverson" AI runs entirely on your phone. Neither app phones home your files, your scan results, your browsing history, your spoken questions, or the AI's answers. The only personal data we hold is what you provide to buy a license (handled by Stripe) and the email address associated with your license key.
1. Who we are
Iverson Endpoint is a product of Iverson Labs Pty Ltd and Cyber Automation Pty Ltd (ABNs available on request), companies incorporated in Australia and headquartered in Canberra, ACT. When this policy says "we", "us", or "our", it means Iverson Labs Pty Ltd and Cyber Automation Pty Ltd.
We are the data controller for any personal information collected through this website (iverson.au) and the Iverson Endpoint application.
2. What we collect
2.1 When you purchase a license
License purchases are processed entirely by Stripe. We never see or store your card number, bank details, or billing address. What Stripe shares with us after a successful purchase is:
- Your email address (used to deliver your license key and send renewal notices)
- Your first name and last name (if provided during checkout)
- The country associated with your payment method (for Australian GST compliance)
- A Stripe customer ID and subscription/payment ID (so we can link your license to your account)
2.2 When you activate your license
When Iverson Endpoint activates a license key, it makes a single HTTPS request to our licensing server. That request contains:
- The license key you entered
- A stable machine identifier — a one-way hash of your Windows machine SID, not linked to your name or email
- The Iverson version number
- Your Windows edition (e.g., "Windows 11 Pro") and build number
This data is used solely to validate the key and enforce per-machine licensing. It is not combined with any other personal data.
2.3 When you visit this website
Our web server logs standard HTTP request metadata:
- IP address
- Browser user-agent string
- Referring URL
- Pages visited and timestamps
These logs are retained for 30 days for security and debugging purposes and are not used for advertising or sold to third parties.
2.4 When you contact support
If you email us, we store your email address and message content in order to respond to you and keep a record of the support interaction.
2.5 When you use the Iverson mobile app
The Iverson mobile app (iOS, available on the App Store) pairs with your desktop install via a one-time QR code shown by Iverson Endpoint. Once paired, the app fetches your existing scan posture and findings from the same licensing server your desktop is already talking to. The mobile app's communications with our servers are limited to:
- A device token generated when you pair (held in iOS Keychain on your phone; we use it solely to identify your phone when it polls for new findings)
- Requests for your own findings, scan summaries, and posture data — already collected by your Iverson Endpoint desktop install and stored under your license
- Requests to queue actions on your desktop (e.g. "run a security scan") which are picked up by your desktop install over the same channel
The mobile app does not upload your phone's contacts, photos, location, microphone audio, speech transcripts, AI prompts, or AI responses. See section 3 for specifics.
| Data element | Source | Purpose |
|---|---|---|
| Email address | Stripe checkout | License delivery, renewal notices |
| Name | Stripe checkout (optional) | Personalising communications |
| Country | Stripe checkout | GST compliance |
| Machine hash | Iverson app on activation | Per-machine license enforcement |
| Windows edition & build | Iverson app on activation | Compatibility checks |
| Web server logs | iverson.au visits | Security & debugging (30-day retention) |
| Phone pairing token | Iverson mobile app on pair | Authenticating the phone to your license |
3. What we don't collect
Iverson Endpoint processes your data locally, on your machine. It does not transmit your scan results, file contents, quarantine details, activity logs, or any information about the processes running on your PC to our servers. The Iverson mobile app's "Ask Iverson" AI runs entirely on your phone — your questions and the AI's answers never leave the device.
Specifically, we do not collect:
- The results of your Optimise, Detect, Secure, or Update scans
- The names of files moved to quarantine
- The contents of your Activity log or Windows Event Log entries written by Iverson
- A list of applications installed on your PC (beyond the Windows edition reported at activation)
- Your browsing history, bookmarks, or browser extension data
- Any files from your PC — scan results, quarantined items, or otherwise
- Precise geolocation data
- Third-party advertising identifiers
3.1 On-device AI in the mobile app
The "Ask Iverson" chat tab in our iOS app is powered by a two-layer hybrid that runs entirely on your phone:
- A deterministic responder built into the app. It looks at your security scan findings and the question you typed, picks the most relevant pre-written response template, and fills in your specific findings. No artificial-intelligence model is involved in this layer — it's straightforward Swift code shipped inside the app. This handles the vast majority of real questions ("what should I fix?", "is my computer safe?", "explain this finding", etc.) and is the path every Iverson user gets.
- An opportunistic escalation to Apple's on-device AI (the Foundation Models framework introduced in iOS 26), used only for open-ended questions outside our pre-written response set, and only on iPhones capable of Apple Intelligence (iPhone 15 Pro and newer). Apple's model runs inside Apple's own daemon on the same device; nothing about your question leaves the phone. On older iPhones, open-ended questions get a friendly fallback ("I'm best at specific questions about your findings"), not a third-party AI service.
What this means in plain English: we deliberately do not ship a large language model to your phone. We don't download AI weights, we don't keep one running in our app's memory, and we don't send your questions to a cloud server. Apple's AI is the only AI involved, and only on devices that already have it; on every other device the chat is a curated experience that draws on your own findings data.
On-device AI is a deliberate choice for your privacy, not a convenience: cloud-hosted models would mean your security findings — which describe exactly what's on your computer — could be read by whoever runs the server. We chose the local route specifically so that can never happen. Concretely, the chat tab does not transmit:
- The questions you type or speak into the chat tab
- The replies the app generates (whether templated or via Apple's AI)
- Any portion of your security posture or findings used to render those replies
- The microphone audio captured when you press the voice-input button (speech is transcribed by Apple's on-device speech recogniser; the audio is not retained and is not sent to Apple's cloud transcription service)
If a future version of the app ever adds a cloud-hosted AI path, this policy will be updated and existing users will be notified before the change takes effect.
4. How we use your information
We use the personal data we hold for the following purposes, each grounded in a lawful basis under the Australian Privacy Act 1988 and, where applicable, the EU/UK GDPR:
- License fulfillment — delivering your license key and activation emails (contractual necessity)
- License enforcement — preventing a single license key from being used on an unlimited number of machines (legitimate interest)
- Mobile-desktop pairing — letting your paired iPhone fetch your own findings from the licensing server and queue actions on your desktop install (contractual necessity)
- Customer support — responding to questions and resolving issues (legitimate interest / contractual necessity)
- Product updates — notifying you of important security patches or version updates for Iverson (legitimate interest — you can opt out at any time)
- Legal compliance — meeting our Australian GST obligations and responding to lawful requests from authorities (legal obligation)
- Security — protecting our website and services from abuse (legitimate interest)
We do not use your data for advertising, behavioral profiling, or sale to third parties. Ever.
5. Third parties
5.1 Stripe
All payment processing is handled by Stripe Payments Australia Pty Ltd. Stripe is a PCI DSS Level 1 certified payment processor. Your card details go directly to Stripe and are never transmitted to or stored by Iverson Labs Pty Ltd or Cyber Automation Pty Ltd. Stripe's privacy policy governs how they handle your payment data.
5.2 Hosting infrastructure
This website and the Iverson licensing server are hosted on infrastructure in Australia. Our hosting providers process server logs and request data as part of normal operations under confidentiality agreements.
5.3 No analytics services
We do not use Google Analytics, Meta Pixel, Hotjar, or any other third-party analytics or tracking service on this website.
5.4 Disclosure requirements
We may disclose your personal information if required to do so by Australian law, a court order, or a valid request from a law enforcement authority. We will notify you of any such request where permitted by law.
6. Data retention
- License records — retained for the duration of your license plus 7 years, as required by Australian tax law
- Support correspondence — retained for 3 years after the last interaction
- Web server logs — deleted after 30 days
- Machine hash records — deleted within 90 days of a license expiring or being revoked
When the retention period ends, data is securely deleted or anonymised.
7. Security
All communications between your browser or the Iverson application and our servers use TLS 1.2 or higher. License server endpoints accept only POST requests over HTTPS with a valid JSON payload; they do not serve web pages or accept arbitrary input.
Access to personal data within Iverson Labs Pty Ltd and Cyber Automation Pty Ltd is restricted to staff who need it to provide the service. We conduct periodic reviews of our access controls and logging.
No internet-connected system is perfectly secure. If you discover a vulnerability in Iverson or our website, please report it to security@cyberautomation.com.au before public disclosure. We take security reports seriously and will respond within two business days.
8. Your rights
Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — ask us to correct inaccurate or out-of-date information
- Deletion — request deletion of your personal data (subject to our legal retention obligations)
- Opt out of communications — unsubscribe from any marketing or update emails at any time using the link in those emails, or by contacting us directly
- Complaint — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your personal information
If you are located in the European Economic Area or United Kingdom, additional rights under the GDPR or UK GDPR may apply to you, including the right to data portability and the right to restrict processing. Contact us to exercise any of these rights.
To make a request, email us at privacy@cyberautomation.com.au. We will respond within 30 days.
10. Children
Iverson Endpoint is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "Effective date" at the top of this page and, where appropriate, notify existing license holders by email. The current version is always available at iverson.au/privacy.html.
Continued use of Iverson Endpoint or this website after the effective date of a revised policy constitutes acceptance of the updated terms.
12. Contact us
For privacy-related questions, data access requests, or to report a concern:
- Email: privacy@cyberautomation.com.au
- Website: www.cyberautomation.com.au
- Postal address: Iverson Labs Pty Ltd & Cyber Automation Pty Ltd, Canberra ACT, Australia
For security vulnerability reports: security@cyberautomation.com.au
For general product support: support@cyberautomation.com.au