Privacy Policy

1. Information We Collect

WAVE Platform collects and processes the following types of information:

• Account Information: Email, name, profile data
• Usage Data: Streaming metrics, viewer analytics, engagement data
• Technical Data: IP addresses, device information, browser type
• Payment Information: Processed securely through Stripe (we do not store card details)
• Financial Account Data: When you connect a bank account via Stripe Financial Connections, we may access tokenized account and routing numbers, account balances, transaction history, and account ownership details
• Creator Payout Information: Bank account details for receiving creator earnings payouts via ACH transfer
• Card Program Data: If you participate in our creator card program (Stripe Issuing), we process card transaction data, spending limits, and merchant information

1A. Financial data we access via Stripe Financial Connections

When you link a financial account through Stripe Financial Connections, we may access:

• Tokenized account and routing numbers: Used to initiate ACH payouts, pay-ins, and top-ups to your account
• Account balances: Used to verify sufficient funds before initiating transactions and to prevent failed payments
• Transaction history: Used for financial management features and underwriting assessments
• Account ownership details: Used to verify that the bank account belongs to you, helping prevent fraud

This financial data is stored exclusively in the United States. We do not share this data with third parties except as required to process your transactions through Stripe. You can revoke access to your linked financial accounts at any time through your WAVE dashboard settings.

2. How We Use Your Information

• Provide and improve our streaming services
• Process payments and maintain accounts
• Send important service notifications
• Analyze platform usage and optimize performance
• Ensure security and prevent fraud
• Comply with legal obligations

3. Data Security

We implement industry-leading security measures:

• SOC 2 Type II compliant infrastructure
• End-to-end encryption for all data transmission
• Row-level security on all database tables
• Regular security audits and penetration testing
• GDPR and HIPAA compliance frameworks

4. Data Retention

We retain your data as long as your account is active. Upon account deletion, we securely delete all personal information within 30 days, except where required by law to retain for compliance purposes.

5. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request data deletion
• Export your data
• Opt-out of marketing communications
• Withdraw consent for data processing

6. GDPR Compliance

For users in the European Union, we comply with GDPR requirements including: data minimization, purpose limitation, storage limitation, and the right to be forgotten.

7. Cookies and Tracking Technologies

We use the following tracking technologies:

• Essential Cookies: Required for platform functionality (authentication, security)
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used with your consent for personalized advertising

You can manage cookie preferences through your browser settings or our cookie consent banner.

8. Legal Basis for Processing (GDPR)

We process your data based on:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Improving services, security, fraud prevention
• Legal Obligations: Compliance with applicable laws and regulations
• Consent: Where you have given explicit consent (e.g., marketing communications)

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. We use appropriate safeguards for international transfers including: Standard Contractual Clauses (SCCs), adequacy decisions, and data processing agreements with all third-party processors. For EU users, we comply with the EU-US Data Privacy Framework.

10. Children's Privacy

WAVE Platform is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at[email protected], and we will promptly delete such information.

11. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of personal information collected about you
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of your personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

To exercise these rights, contact us at[email protected]or call our toll-free number: 1-888-WAVE-NOW (1-888-928-3669).

12. Automated Decision-Making

We may use automated systems to detect fraudulent activity, enforce our terms of service, and provide personalized content recommendations. You have the right to request human review of any automated decision that significantly affects you. We do not use fully automated decision-making for consequential decisions without human oversight.

13. Data Controller Information

For privacy-related questions or to exercise your rights, contact our Data Protection Officer at:

WAVE Online, LLC
Attn: Data Protection Officer
251 Little Falls Drive
Wilmington, DE 19808
United States

Email: [email protected]
Phone: 1-888-WAVE-NOW (1-888-928-3669)

EU Representative:
WAVE Platform EU Ltd.
70 Sir John Rogerson's Quay
Dublin 2, D02 R296
Ireland
Email: [email protected]

14. SMS / Text Message Communications

WAVE Online, LLC may send SMS / text messages to phone numbers that users have voluntarily provided through their WAVE account. This section is required by U.S. carrier regulations (A2P 10DLC) and the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227.

What SMS data we collect

• The phone number you provide
• The timestamp and IP address of your opt-in
• Carrier metadata (line type, country code) returned by Twilio Lookup
• Delivery status of messages (delivered, failed)
• Your opt-out events (if you reply STOP, UNSUBSCRIBE, etc.)

Why we send SMS messages

We send SMS messages only for the following purposes, and only to phone numbers that have opted in: (1) two-factor authentication codes; (2) account and operational notifications; (3) payment-related notifications; (4) customer-service replies to support requests you initiate; (5) internal incident paging for WAVE employees who have opted in.

How we DO NOT use SMS data

WAVE will never share or sell your phone number for marketing purposes, send unsolicited marketing messages, share SMS message content with third parties (other than Twilio for delivery), or use SMS data for retargeting, profiling, or behavioral advertising. Phone numbers and SMS data are used only by WAVE Online, LLC and our delivery provider Twilio Inc. for the purposes listed above.

Service providers

We use Twilio Inc. as our SMS delivery provider, bound by their privacy policy and a Data Processing Agreement with WAVE.

Message frequency

You may receive up to 50 SMS messages per month per phone number, depending on account activity, security events, and stream activity. Most users receive between 1–15 messages per month.

Carrier and data rates

Message and data rates may apply. Standard message and data rates from your mobile carrier may apply when you receive SMS from WAVE. WAVE does not charge you for SMS, but your carrier may. Contact your carrier for details on your messaging plan.

How to opt in

1. Add your phone number on the Notification Settings page in your WAVE account dashboard and explicitly check the SMS opt-in box.
2. Reply START, YES, or SUBSCRIBE to a verification SMS we send when you initially add your phone number.

Opt-in is granular: you can opt in to specific message types (2FA only, all notifications, etc.) and change preferences at any time.

How to opt out

You can opt out of SMS communications at any time by replying STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT to any message we send, or by disabling SMS notifications on your Notification Settings page. When you opt out, you will receive one final confirmation message acknowledging your opt-out, and we will not send further SMS messages to that phone number except for transactional account-security messages required to protect your account.

How to get help

Reply HELP to any SMS message we send to receive a brief help reply with our support contact information. You can also email [email protected] with questions about SMS communications.

Data retention

• Phone numbers: retained while your WAVE account is active. Deleted within 30 days of account closure or upon request via DSAR.
• Opt-in / opt-out records: retained for 4 years after opt-out, as required by carrier compliance.
• Message delivery logs: retained for 18 months per Twilio policy.

Children

WAVE does not knowingly collect phone numbers from individuals under 13 years of age. If we learn we have collected SMS data from a child under 13, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website and, where required, by email. Continued use of our services after such changes constitutes acceptance of the updated policy.