← Ichorbuild
§ 01 / Privacy

What we collect. Where it sits. Who touches it.

This notice covers the marketing site you are reading and the hosted operator console at app.ichorbuild.com. The Ichorbuild WordPress plugin ships under GPL-2.0-or-later and collects nothing of its own; this notice does not bind it.

Effective · 2026-05-19

Who we are

The data controller is Vero Scale (ABN 95 987 726 537), an Australian business based in Sydney. Ichorbuild is a Vero Scale product line. Privacy contact: privacy@ichorbuild.com.

What we collect

On the marketing site, we collect server-log fields (IP, page, user agent, timestamp) and nothing more. No advertising trackers, no third-party analytics. One essential session cookie.

In the hosted operator console, we collect what you give us in the course of running your account:

  • Account identity: the email address and display name held by Clerk, our identity provider. We do not store passwords; Clerk holds the credential.
  • Generated content: the prompts you submit, the page revisions produced from them, and the editorial metadata (titles, slugs, scheduling) you attach to revisions.
  • Billing identifier: a Stripe customer ID and the last four digits of the card on file. Card numbers themselves never reach us; Stripe holds them.
  • Plugin pairing token: a per-site secret minted in the dashboard and copied into your WordPress plugin so we can sign revisions you publish. The token is never displayed back to us; only its hash is stored.
  • Audit log: who did what in your account (revision published, plan changed, token rotated) and when — kept for the lifetime of the account so you can answer your own compliance questions.

Lawful basis

We process this data on two bases under the Australian Privacy Act 1988 (Cth) and, where applicable, the GDPR:

  • Contract performance — running the account you paid us to run.
  • Legitimate interest — keeping the service secure, preventing abuse, and being able to investigate incidents.

Sub-processors

We rely on the following sub-processors to operate the service. Each holds a portion of your data on our behalf under a written agreement.

  • Clerk — identity and authentication (account email, sign-in events). United States.
  • Convex — operational database for accounts, revisions, projects, audit log. United States.
  • Stripe — payment processing (customer record, card hold, invoice history). Card numbers do not reach us. Australia / United States.
  • Resend — transactional email delivery (welcome, receipt, password reset, support reply). United States.
  • Cloudflare — edge data store (D1) for waitlist sign-ups, ephemeral state (KV), and bot defence (Turnstile). Globally distributed across Cloudflare’s network.
  • OpenRouter — language-model inference routing for revision generation. United States.
  • Ollama Cloud — language-model inference for specific model families used in revision generation. United States.

We notify operators at least 14 days before adding a new sub-processor that materially changes where your data sits.

Cross-border transfer

Most of our sub-processors operate in the United States. Where we transfer your personal information outside Australia, we rely on the recipient's enforceable privacy commitments under APP 8 (Australian Privacy Principle 8 — cross-border disclosure). You consent to this transfer by using the service.

How long we keep it

Active-account data lives for the lifetime of your subscription. When you cancel, we retain account and revision data for 24 months past cancellation so you can resume without rebuilding, then permanently delete it. Audit-log entries tied to financial events follow Australian tax record-keeping rules and are kept for seven years. Server logs are kept for 30 days.

Your rights

Under the Privacy Act and (for EU/UK residents) the GDPR / UK GDPR, you can ask us to:

  • Tell you exactly what we hold for you.
  • Correct anything that is wrong.
  • Delete your account and the data tied to it.
  • Export your generated revisions in a portable format.

Email privacy@ichorbuild.com from the address on the account. We answer within 7 days and fulfil substantive requests within 30 days. Deletion is irreversible and triggers cancellation of any active subscription.

Complaints

If you believe we have mishandled your information, write to privacy@ichorbuild.com first — we will investigate. If you remain dissatisfied, Australian users may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. EU/UK users may complain to their local supervisory authority.

The plugin

The Ichorbuild WordPress plugin is GPL-2.0-or-later. It collects nothing about end visitors to your WordPress site beyond what your existing WordPress install already collects. The plugin stores its pairing secret in the WordPress options table and uses it solely to verify revisions you publish through the hosted console.

Security

Revisions are signed in transit between the hosted console and your plugin using HMAC over a per-site secret. Database access is restricted to the operator account and Vero Scale staff performing on-call duties. Incidents that affect your data are notified within 72 hours where notification is required under law.

Changes

When this notice changes materially, we update the effective date at the top, bump the policy version, and re-prompt your dashboard for acceptance on next sign-in. Non-material edits (typos, link tweaks) do not bump the version. The notice that applied when you signed up governs disputes about prior processing.

Contact

privacy@ichorbuild.com reaches a person, not an inbox monitor.

Back to home

Privacy / Terms / © 2026 Ichorbuild — a Vero Scale product line