Privacy Policy

How we collect, use and protect your personal information.

Last updated: 24 May 2026 · Effective immediately

This Privacy Policy explains how IVOAI (trading as IVOAI Technologies Pty Ltd, ACN 698 504 184, ABN 50 856 845 860) collects, uses, stores and protects your personal information. We are committed to handling your data responsibly and in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information we collect

1.1 Account information

When you sign up, we collect:

  • Your name and email address
  • Phone number (if provided)
  • Billing and payment details (processed securely via Stripe — we do not store card numbers)
  • Your chosen plan and service preferences

1.2 Device telemetry

To deliver our KaaS monitoring and maintenance service, we collect:

  • Device hardware specifications (model, processor, memory, storage)
  • Operating system and software versions
  • Security status (antivirus, firewall, encryption state)
  • Performance metrics (CPU, memory, disk usage)
  • Network configuration (connection type, not browsing history)
  • Update and patch status

1.3 Usage data

  • Interactions with the BoB app (feature usage, support requests)
  • Communications with SaL (to deliver your AI assistant service)
  • Website analytics (page visits, referral source — no third-party trackers)

2. How we use your information

We use your information solely for:

  • Service delivery — monitoring, maintaining and securing your devices
  • Support — responding to your requests and resolving issues
  • Communication — sending service updates, health reports and billing notifications
  • Improvement — enhancing our services based on aggregated, anonymised usage patterns
  • Legal compliance — meeting our obligations under Australian law

3. What we do NOT do

This is our formal written guarantee:

  • We do not sell your personal data to anyone, ever
  • We do not share your data with third parties for marketing or advertising
  • We do not mine your data for advertising purposes
  • We do not access your personal files without your explicit request and consent
  • We do not use third-party tracking or advertising cookies

4. Data security

We protect your information using:

  • AES-256 encryption for data at rest
  • Proton end-to-end encryption for all email communications
  • Secure, encrypted connections (TLS) for all data in transit
  • Access controls limiting data access to authorised service processes only

4.1 Law enforcement access

Our communications infrastructure uses Proton's end-to-end encrypted architecture. This means that even we cannot access the content of encrypted communications. If we receive a lawful request from Australian authorities, we can only provide information that we technically have access to (such as account details). We cannot provide content that is end-to-end encrypted.

5. Data retention

  • Active accounts: we retain your data for as long as your account is active and as needed to deliver our services.
  • After termination: your data is retained for 90 days following account termination to allow for reactivation or data retrieval requests. After 90 days, all personal data is securely deleted.
  • Legal obligations: some data may be retained longer where required by Australian law (for example, financial records for tax purposes).

6. Third-party services

We use a limited number of third-party services to operate:

These providers are selected for their strong privacy practices. We do not share your data with any other third parties.

7. Cookies

We use minimal, essential cookies only. We do not use third-party tracking or advertising cookies. For full details, see our Cookie Policy.

8. Your rights

Under the Privacy Act, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — request correction of inaccurate or outdated information
  • Deletion — request deletion of your personal data (subject to legal retention requirements)
  • Complaint — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

9. SaL and your privacy

SaL, your personal AI assistant, operates under strict privacy controls:

  • SaL is single-user — it accepts instructions only from the account holder
  • Conversations with SaL are used solely to deliver your requested services
  • SaL does not share your information with other clients or external parties

10. Children's privacy

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, please contact us immediately.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the BoB app at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.

12. Governing law

This Privacy Policy is governed by the laws of South Australia and the Commonwealth of Australia.

13. Contact us

For privacy queries, data access requests or complaints:

We aim to respond to all privacy-related requests within 10 business days.