Legal  ·  Iverson Labs Pty Ltd & Cyber Automation Pty Ltd

Privacy Policy.

We built Iverson to protect your PC, not to harvest your data. This policy explains exactly what we collect, why, and what we never touch.

Effective date: 7 May 2026  ·  Version 1.0

Plain-English summary: Iverson Endpoint runs entirely on your PC. It does not phone home your files, scan results, or browsing history. The only personal data we hold is what you provide to buy a license (handled by Stripe) and the email address associated with your license key.

1. Who we are

Iverson Endpoint is a product of Iverson Labs Pty Ltd and Cyber Automation Pty Ltd (ABNs available on request), companies incorporated in Australia and headquartered in Canberra, ACT. When this policy says "we", "us", or "our", it means Iverson Labs Pty Ltd and Cyber Automation Pty Ltd.

We are the data controller for any personal information collected through this website (iverson.au) and the Iverson Endpoint application.

2. What we collect

2.1 When you purchase a license

License purchases are processed entirely by Stripe. We never see or store your card number, bank details, or billing address. What Stripe shares with us after a successful purchase is:

  • Your email address (used to deliver your license key and send renewal notices)
  • Your first name and last name (if provided during checkout)
  • The country associated with your payment method (for Australian GST compliance)
  • A Stripe customer ID and subscription/payment ID (so we can link your license to your account)

2.2 When you activate your license

When Iverson Endpoint activates a license key, it makes a single HTTPS request to our licensing server. That request contains:

  • The license key you entered
  • A stable machine identifier — a one-way hash of your Windows machine SID, not linked to your name or email
  • The Iverson version number
  • Your Windows edition (e.g., "Windows 11 Pro") and build number

This data is used solely to validate the key and enforce per-machine licensing. It is not combined with any other personal data.

2.3 When you visit this website

Our web server logs standard HTTP request metadata:

  • IP address
  • Browser user-agent string
  • Referring URL
  • Pages visited and timestamps

These logs are retained for 30 days for security and debugging purposes and are not used for advertising or sold to third parties.

2.4 When you contact support

If you email us, we store your email address and message content in order to respond to you and keep a record of the support interaction.

Data element Source Purpose
Email address Stripe checkout License delivery, renewal notices
Name Stripe checkout (optional) Personalising communications
Country Stripe checkout GST compliance
Machine hash Iverson app on activation Per-machine license enforcement
Windows edition & build Iverson app on activation Compatibility checks
Web server logs iverson.au visits Security & debugging (30-day retention)

3. What we don't collect

Iverson Endpoint processes your data locally, on your machine. It does not transmit your scan results, file contents, quarantine details, activity logs, or any information about the processes running on your PC to our servers.

Specifically, we do not collect:

  • The results of your Optimise, Detect, Secure, or Update scans
  • The names of files moved to quarantine
  • The contents of your Activity log or Windows Event Log entries written by Iverson
  • A list of applications installed on your PC (beyond the Windows edition reported at activation)
  • Your browsing history, bookmarks, or browser extension data
  • Any files from your PC — scan results, quarantined items, or otherwise
  • Precise geolocation data
  • Third-party advertising identifiers

4. How we use your information

We use the personal data we hold for the following purposes, each grounded in a lawful basis under the Australian Privacy Act 1988 and, where applicable, the EU/UK GDPR:

  • License fulfillment — delivering your license key and activation emails (contractual necessity)
  • License enforcement — preventing a single license key from being used on an unlimited number of machines (legitimate interest)
  • Customer support — responding to questions and resolving issues (legitimate interest / contractual necessity)
  • Product updates — notifying you of important security patches or version updates for Iverson (legitimate interest — you can opt out at any time)
  • Legal compliance — meeting our Australian GST obligations and responding to lawful requests from authorities (legal obligation)
  • Security — protecting our website and services from abuse (legitimate interest)

We do not use your data for advertising, behavioral profiling, or sale to third parties. Ever.

5. Third parties

5.1 Stripe

All payment processing is handled by Stripe Payments Australia Pty Ltd. Stripe is a PCI DSS Level 1 certified payment processor. Your card details go directly to Stripe and are never transmitted to or stored by Iverson Labs Pty Ltd or Cyber Automation Pty Ltd. Stripe's privacy policy governs how they handle your payment data.

5.2 Hosting infrastructure

This website and the Iverson licensing server are hosted on infrastructure in Australia. Our hosting providers process server logs and request data as part of normal operations under confidentiality agreements.

5.3 No analytics services

We do not use Google Analytics, Meta Pixel, Hotjar, or any other third-party analytics or tracking service on this website.

5.4 Disclosure requirements

We may disclose your personal information if required to do so by Australian law, a court order, or a valid request from a law enforcement authority. We will notify you of any such request where permitted by law.

6. Data retention

  • License records — retained for the duration of your license plus 7 years, as required by Australian tax law
  • Support correspondence — retained for 3 years after the last interaction
  • Web server logs — deleted after 30 days
  • Machine hash records — deleted within 90 days of a license expiring or being revoked

When the retention period ends, data is securely deleted or anonymised.

7. Security

All communications between your browser or the Iverson application and our servers use TLS 1.2 or higher. License server endpoints accept only POST requests over HTTPS with a valid JSON payload; they do not serve web pages or accept arbitrary input.

Access to personal data within Iverson Labs Pty Ltd and Cyber Automation Pty Ltd is restricted to staff who need it to provide the service. We conduct periodic reviews of our access controls and logging.

No internet-connected system is perfectly secure. If you discover a vulnerability in Iverson or our website, please report it to security@cyberautomation.com.au before public disclosure. We take security reports seriously and will respond within two business days.

8. Your rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct inaccurate or out-of-date information
  • Deletion — request deletion of your personal data (subject to our legal retention obligations)
  • Opt out of communications — unsubscribe from any marketing or update emails at any time using the link in those emails, or by contacting us directly
  • Complaint — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your personal information

If you are located in the European Economic Area or United Kingdom, additional rights under the GDPR or UK GDPR may apply to you, including the right to data portability and the right to restrict processing. Contact us to exercise any of these rights.

To make a request, email us at privacy@cyberautomation.com.au. We will respond within 30 days.

9. Cookies

This website uses a minimal number of cookies:

  • Stripe cookies — Stripe sets cookies on the checkout pages it hosts for fraud detection. These are governed by Stripe's privacy policy.

We do not use advertising cookies, third-party tracking cookies, or persistent analytics cookies. You can configure your browser to block or delete cookies without affecting your ability to use this website.

10. Children

Iverson Endpoint is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Effective date" at the top of this page and, where appropriate, notify existing license holders by email. The current version is always available at iverson.au/privacy.html.

Continued use of Iverson Endpoint or this website after the effective date of a revised policy constitutes acceptance of the updated terms.

12. Contact us

For privacy-related questions, data access requests, or to report a concern:

For security vulnerability reports: security@cyberautomation.com.au

For general product support: support@cyberautomation.com.au