How we collect, use, disclose, and protect personal information when you use WebStream websites and Audentia-operated online services.
Effective date: 15 June 2026 · Last updated: 15 June 2026 · Version 1.0
Audentia Nova Pty Ltd ("Audentia", "we", "us", "our") provides the WebStream application control platform and related websites and services, including webstream-acp.com (the "Website"), the customer entitlement portal (the "Portal"), AWS Marketplace fulfilment, and the WebStream software deployed in customer environments (the "Software").
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our Website and Audentia-operated online services. It also explains how customer-hosted WebStream deployments differ.
WebStream is primarily deployed in customer-controlled environments (for example, on AWS EC2 instances in the customer's account). This creates two distinct situations:
We act as the data controller for personal information we collect through:
When you run WebStream in your own environment, you are generally the data controller for:
Customer Content remains under your control. Audentia provides a technology platform for application delivery and governance. We do not routinely access, inspect, or store the content of your applications or end-user documents except:
If you are an end user accessing WebStream through your employer or service provider, please contact that organisation for questions about how your session data is handled.
We may collect:
We do not currently use third-party website analytics (such as Google Analytics) on webstream-acp.com.
Our Website may load fonts and scripts from third-party CDNs (for example, Google Fonts, jsDelivr) which may receive your IP address as part of normal HTTP requests.
When you register for or use the Portal, we collect:
If you subscribe via AWS Marketplace, we receive and process:
ResolveCustomer and subscription notifications);If you use our community support board, we collect:
The Software may send operational and licence telemetry to Audentia or AWS infrastructure, including:
Essential licensing heartbeats and enforcement-related telemetry may be mandatory and cannot be fully disabled. Other telemetry may be configurable depending on edition and deployment.
We design telemetry to avoid collecting application document content. Telemetry is distinct from Customer Content stored in your deployment (Section 2B).
When you operate WebStream, the Software may process and store the following in your environment under your control:
| Data type | Typical handling |
|---|---|
| Usernames, display names, emails | IAM database (customer PostgreSQL) |
| Authentication events | IAM activity_log and session logs |
| IP addresses, user-agents | IAM audit and HTTP access logs |
| Session duration, performance metrics | Metrics Engine (customer PostgreSQL) |
| File transfer events | Filename, size, path — not file content |
| Print events | Event metadata; PDF output stored per customer configuration |
| Clipboard governance events | Event type, direction, policy outcome; up to 200 characters of clipboard text may be logged if activity logging is enabled |
| Session recordings (optional, higher editions) | Encoded session files (.wsrec) on customer storage; disabled by default |
| Screen streaming | Transient transport between browser and session host; not retained by Audentia |
Default activity log retention in the Metrics Engine is 10 days (configurable). Session recording retention defaults to 30 days when recording is enabled (configurable).
We use personal information to:
We do not sell your personal information. We do not use Portal data for unrelated third-party marketing.
We may share personal information with:
| Recipient | Purpose |
|---|---|
| AWS | Hosting (Lambda, DynamoDB, SES, Secrets Manager, Marketplace APIs). Portal data primarily in ap-southeast-5; Marketplace metering in us-east-1 |
| Web3Forms | Relaying PoC contact form submissions from acp.html; delivers as email to support@webstream-acp.com. May apply spam filtering (CleanTalk, Akismet). See Web3Forms Privacy Policy |
| Professional advisers | Legal, accounting, or compliance where required |
| Law enforcement / regulators | When required by law or to protect rights and safety |
We require service providers to handle information consistently with this policy and applicable law.
Audentia is based in Australia. Our cloud services use AWS regions including ap-southeast-5 and us-east-1. If you access our services from outside Australia, your information may be processed in those regions.
Where required, we take reasonable steps to ensure appropriate safeguards for cross-border transfers.
Website: We do not use advertising or analytics cookies on the marketing site.
Portal: We use cookies and browser storage necessary for authentication and session management (for example, access tokens). These are strictly functional.
WebStream client: The browser client may use sessionStorage for session identifiers and authentication tokens during an active session.
You can control cookies through your browser settings; disabling functional cookies may prevent Portal login.
| Data category | Retention |
|---|---|
| Portal accounts, licences, audit logs (Audentia cloud) | Duration of relationship + 2 years, then delete or anonymise |
| Support board posts/tickets | Duration of relationship + 2 years, unless you request earlier deletion where permitted |
| PoC form submissions | Received by Audentia via email (support@webstream-acp.com); retained relationship + 2 years. Web3Forms may temporarily process/store during relay per their policy |
| Web server logs | 90 days |
| Customer deployment logs/recordings | Customer-controlled — see Section 4 |
Metering and billing records may be retained longer where required for tax, accounting, or AWS Marketplace obligations.
We implement administrative, technical, and organisational measures appropriate to the information we hold, including encryption in transit (HTTPS/TLS), hashed passwords, AWS Secrets Manager for signing keys, and access controls on Portal APIs.
No method of transmission or storage is completely secure. You are responsible for securing your WebStream deployment, network access, and customer Content.
Australia: Under the Privacy Act 1988 (Cth) and Australian Privacy Principles, you may request access to or correction of personal information we hold about you, and complain to us or the Office of the Australian Information Commissioner (OAIC).
Other regions: If you are located outside Australia, you may have additional rights under local law (for example, to access, correct, delete, or restrict processing). Contact privacy@webstream-acp.com and we will respond in accordance with applicable law. A full GDPR/UK GDPR addendum may be published separately if we actively market to those regions.
We will verify your identity before responding to requests.
WebStream is a business platform. We do not knowingly collect personal information from children under 16.
The WebStream Ops MCP Server is open source and may be deployed separately by customers or operators. When deployed, it connects to your WebStream Gateway API and may expose administrative data to AI clients according to your configuration and privacy mode settings. Audentia is not responsible for MCP deployments you operate outside our hosted services.
We may update this policy from time to time. The "Last updated" date at the top will change. Material changes will be posted on this page. Continued use of our services after changes constitutes acknowledgement where permitted by law.
Audentia Nova Pty Ltd
Office 26, 217 Hay Street, Subiaco, Western Australia 6008
Email: privacy@webstream-acp.com