Last updated July 2026.
Ilvern automates parts of a client's inbox and business admin, which means we're given real access to real systems. Here's what we commit to when that access is granted.
Our policy is to host and process client data on infrastructure located within Australia.
Data is encrypted in transit and at rest.
Access to client systems is limited to what's required to deliver the agreed automation, and reviewed as engagements change or end. We don't request access beyond the scope of what a client has approved.
Automations are designed so that anything outside clearly defined rules is flagged for human review rather than actioned automatically. Clients can adjust what requires review at any time.
Where Ilvern connects to a third-party tool a client already uses (for example, an email, calendar or CRM provider), that provider processes data under its own security practices in addition to ours. We'll always tell you exactly which third-party systems are involved in your specific engagement before access is granted.
On cancellation, client data is exported and deleted from Ilvern's systems on request, in line with our Privacy Policy and Terms of Service.
If you believe you've found a security issue affecting Ilvern or a client, please contact us directly at hello@ilvern.com — we'll treat it as a priority.