WaveupGet Started Free

Privacy Policy

Last updated: March 2026

1. Introduction

[Company Name] ("we", "us", or "our") operates the Waveup platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data — name, email address, and authentication credentials when you create an account
  • Subscriber data — email addresses and optional names submitted through waitlist signup forms
  • Usage data — pages visited, features used, referral activity, and analytics interactions
  • Technical data — IP address, browser type, device information, and access timestamps
  • Payment data — billing information processed securely through our payment processor (Stripe)

3. How We Use Your Data

We use personal data to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage subscriptions
  • Send transactional emails (account verification, receipts)
  • Analyze usage patterns to improve user experience
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Contract performance — to provide the Service you have requested
  • Legitimate interests — to improve our Service, prevent fraud, and ensure security
  • Consent — where you have given explicit consent, such as for marketing communications
  • Legal obligation — to comply with applicable laws and regulations

5. Data Sharing

We do not sell your personal data. We may share data with the following categories of third parties:

  • Service providers — hosting (Vercel), database (Convex), authentication (WorkOS), and payment processing (Stripe)
  • Legal requirements — when required by law, regulation, or legal process
  • Business transfers — in connection with a merger, acquisition, or sale of assets

6. Cookies

We use essential cookies required for the Service to function (authentication sessions). We do not use third-party tracking cookies or advertising cookies. Essential cookies cannot be disabled as they are necessary for the Service to operate.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data — retained while your account is active, deleted within 30 days of account closure
  • Subscriber data — retained while the associated project is active, deleted when the project is deleted
  • Usage data — retained for up to 24 months for analytics purposes
  • Payment records — retained as required by applicable tax and accounting laws

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to restriction — request restriction of processing in certain circumstances
  • Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days.

9. Data Protection Officer

For any questions or concerns regarding this Privacy Policy or our data processing practices, please contact our Data Protection Officer:

Email: [email protected]

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.