Privacy Policy

Last updated: 20 May 2026


The short version

KNM Labs only collects the information we need to deliver products you have bought, run our business, and comply with Australian law. We do not sell your data. We use a small set of trusted service providers (Stripe for payments, Resend for email, Google Ads + Google Analytics for marketing measurement). You can ask us at any time what we hold about you and request deletion.


1. Who we are

KNM Labs Pty Ltd (ABN supplied on tax invoices) is an Australian company. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).


2. What we collect

  • From you directly: name, email, billing details (handled by Stripe — we do not see full card numbers).
  • Automatically: IP address, browser type, pages viewed, referrer, UTM parameters, click IDs (gclid, fbclid). Used for conversion measurement and abuse prevention.
  • From cookies: session, A/B variant assignment, analytics. You can disable non-essential cookies in your browser; essential cookies (session, security) cannot be disabled if you want to use the site.

3. Why we collect it

  • To fulfil orders and deliver download links.
  • To send transactional emails (receipts, download links, updates).
  • To measure ad and marketing performance (Google Ads enhanced conversions, in hashed form only).
  • To improve products and detect fraud.
  • To comply with tax, accounting, and consumer-law obligations.

4. Who we share it with

  • Stripe — payment processing (PCI-DSS compliant; we do not store card details).
  • Resend — transactional email delivery.
  • Google — Google Analytics 4 + Google Ads conversion uploads (emails are SHA-256 hashed before upload).
  • PostHog — product analytics (anonymised where possible).
  • Hosting / infrastructure — our application is hosted in Australia (Sydney) on our own infra.

We do not sell personal information.


5. International transfers

Some service providers (Stripe, Resend, Google) operate servers outside Australia. Where this occurs, we take reasonable steps to ensure the recipient handles your data consistent with the APPs.


6. How long we keep it

Order records: 7 years (Australian tax record-keeping requirement). Marketing data: 24 months. Support emails: 24 months. We delete or anonymise anything beyond that, except where a legal hold applies.


7. Your rights

  • Access — request a copy of what we hold about you.
  • Correction — ask us to fix anything incorrect.
  • Deletion — ask us to delete (we will, except where law requires us to keep records).
  • Withdrawal of consent — for marketing emails, use the unsubscribe link in every email.
  • Complaint — to us first ([email protected]), then to the Office of the Australian Information Commissioner (oaic.gov.au) if unresolved.

8. Security

We use TLS in transit, encryption at rest where supported, hashed-and-salted authentication, and least-privilege access. No system is perfectly secure; we will notify affected users in line with the Notifiable Data Breaches scheme if a serious breach occurs.


9. Children

We do not knowingly sell products to anyone under 18. If you believe a minor has provided us personal information, contact us and we will delete it.


10. Updates

We update this policy as we change tools or as the law evolves. The current version is on this page with the date above.


11. Contact

Privacy questions: [email protected]