Privacy and data handling

Wavey Privacy Policy

This policy explains how Wavey collects, uses, protects, and retains data.

Log InContact Support

Last Updated: 2026-06-10

Wavey is a product of SWMAI, LLC.

1. Information We Collect

We may collect and process the following categories of information:

  • Account and profile information
  • Usage logs and analytics data
  • Uploaded marketing, campaign, reporting, and business data
  • Payment metadata via secure payment processors
  • Information obtained through authorized integrations with advertising, analytics, and marketing platforms
  • Technical information necessary to operate, secure, and improve the Service

2. How We Use Information

We use information to:

  • Provide, operate, maintain, and improve the Service
  • Generate AI-powered outputs requested by users
  • Authenticate users and maintain account security
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Process subscriptions and billing
  • Provide customer support
  • Comply with legal and regulatory obligations

We do not sell personal information or customer data.

3. AI Data Handling

Customer Data, including data obtained through Google APIs, Meta APIs, and other connected platform APIs, is processed solely to provide the Service and deliver functionality requested by users.

Customer Data is not used to develop, improve, or train generalized artificial intelligence or machine learning models.

Any AI-generated outputs are produced solely for the benefit of the customer organization using the Service.

4. Advertising and Analytics Platform Integrations

Data We Access

When a user chooses to connect advertising, analytics, or marketing platforms to Wavey, we may access data from those services through authorized APIs.

Supported services may include:

  • Google Ads
  • Google Analytics
  • Meta Ads (Facebook and Instagram)
  • Other advertising, analytics, marketing, and business intelligence platforms that users elect to connect

Depending on the permissions granted by the user, Wavey may access:

  • Account profile and business account information
  • Advertising account identifiers and account hierarchy information
  • Campaign, ad group, ad, keyword, audience, and creative configuration data
  • Advertising performance metrics and campaign reporting data
  • Analytics reports and conversion measurement data
  • Audience insights and related performance information
  • User-authorized authentication credentials
  • OAuth access tokens and refresh tokens required to maintain platform connectivity

Wavey stores OAuth access tokens and refresh tokens necessary to maintain authorized connections to connected advertising and analytics platforms. These credentials are protected using security controls designed to prevent unauthorized access and are used solely to provide authorized platform functionality.

Wavey only accesses data that users explicitly authorize through each platform's authentication and consent process.

How We Use Platform Data

Wavey uses advertising and analytics platform data solely to provide services requested by users, including:

  • Connecting and managing advertising accounts
  • Displaying campaign performance metrics and reports
  • Generating dashboards, analytics, recommendations, and business insights
  • Assisting with campaign planning, optimization, and management
  • Supporting automated reporting and workflow features
  • Creating reports, presentations, dashboards, and other customer-requested outputs
  • Maintaining authenticated access to connected platforms

Wavey does not sell platform data and does not use platform data to create audience profiles for unrelated advertising purposes.

Data obtained from connected advertising and analytics platforms is used only to provide and improve the functionality of the Wavey platform for the authorized user or organization.

Workspace Collaboration and User-Controlled Sharing

Wavey supports collaborative workspaces and multi-user organizations.

Data connected by one authorized user may be accessible to other authorized users within the same customer organization or workspace according to permissions established by that organization.

Certain Wavey features allow authorized users to share reports, dashboards, presentations, analytics outputs, and other generated content with third parties at the user's discretion. Such sharing is initiated and controlled by the user or organization and not by Wavey.

Sharing of Platform Data

Wavey does not sell advertising or analytics platform data.

Platform data may be shared only:

  • With authorized members of the same customer organization or workspace
  • With infrastructure, hosting, security, and operational service providers that assist in delivering the Wavey platform and are bound by confidentiality and data protection obligations
  • When required by law, regulation, court order, or governmental request
  • In connection with a merger, acquisition, financing, or business transfer, subject to applicable privacy protections

Wavey does not share advertising platform data with data brokers, advertisers, marketing networks, or unrelated third parties.

Data Storage and Protection

Wavey employs commercially reasonable administrative, technical, and organizational safeguards designed to protect platform data from unauthorized access, disclosure, alteration, or destruction.

Security measures include:

  • Encryption in transit using TLS
  • Encryption at rest using AES-256 or equivalent industry-standard encryption technologies
  • Secure storage and protection of authentication credentials, OAuth access tokens, and refresh tokens
  • Role-based access controls that restrict access to authorized users and personnel
  • Monitoring, logging, and auditing procedures designed to detect and investigate unauthorized access
  • Security review and vulnerability management practices intended to maintain the integrity and confidentiality of customer data

Advertising platform data, analytics data, authentication credentials, access tokens, refresh tokens, and customer-generated content are stored using encrypted storage systems and protected through access controls and security monitoring designed to prevent unauthorized access.

Access to customer data is limited to authorized personnel, contractors, and systems that require such access to provide and support the Wavey service.

Data Retention and Deletion

Wavey retains platform data only for as long as necessary to provide requested services, maintain account functionality, comply with legal obligations, resolve disputes, enforce agreements, and support legitimate business operations.

Users may disconnect Google Ads, Google Analytics, Meta Ads, or other integrated services at any time through the Wavey platform or revoke Wavey's access directly through the applicable provider's account security settings.

Upon disconnection, associated authentication credentials, OAuth access tokens, and refresh tokens are revoked, deleted, or rendered unusable when technically feasible and in accordance with operational, legal, security, and backup restoration requirements.

Users may request access to, correction of, export of, or deletion of their account data through the Contact Us page available on the Wavey website. Verified requests will be processed in accordance with this Privacy Policy.

Wavey targets deletion of customer account data within 90 days following account termination, except where retention is required for legal obligations, regulatory requirements, fraud prevention, security purposes, backup restoration processes, contractual obligations, or other legitimate business needs.

Following verification of a deletion request, Wavey will delete applicable customer data within 90 days, subject to the retention exceptions described in this Privacy Policy.

Google API Services Disclosure

Wavey's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Information obtained through Google APIs:

  • Is used only to provide functionality requested by the user
  • Is not sold to third parties
  • Is not used for serving advertisements unrelated to the user's activities within Wavey
  • Is handled in accordance with the data security, retention, deletion, and protection practices described in this Privacy Policy
  • Is not used to develop, improve, or train generalized artificial intelligence or machine learning models except as expressly permitted by Google's policies and with appropriate user authorization

Other Advertising and Analytics Platform Disclosures

Wavey's use of information received from Meta Platforms APIs and other connected advertising, marketing, or analytics platform APIs complies with applicable platform terms, developer policies, and data protection requirements.

Information obtained through these platforms:

  • Is used only to provide functionality requested by the user
  • Is not sold to third parties
  • Is used solely for reporting, analytics, campaign management, optimization, and related services authorized by the user or organization
  • Is handled in accordance with the data security, retention, deletion, and protection practices described in this Privacy Policy
  • Is not used to develop, improve, or train generalized artificial intelligence or machine learning models without appropriate authorization and applicable legal basis

5. Marketing Cookies and Tracking

When you allow marketing cookies, Wavey and our marketing analytics, customer relationship management, and related service providers may collect online identifiers and browsing activity on Wavey public pages, including:

  • IP address
  • Cookie identifiers
  • Page views
  • Referrer information
  • Browser and device information
  • Interaction and engagement events

We use this information to:

  • Measure campaign performance
  • Understand website usage
  • Improve content and user experience
  • Support lead management and customer communications
  • Evaluate the effectiveness of marketing activities

Optional marketing cookies are not loaded unless you consent where required by applicable law.

You may withdraw or modify consent preferences through available cookie preference controls.

For California residents, this section describes categories of personal information collected, purposes of use, and categories of third parties with whom data may be shared for marketing analytics and outreach.

6. Security Measures

Wavey employs commercially reasonable administrative, technical, and organizational safeguards designed to protect customer data.

Security measures include:

  • Encryption in transit using TLS
  • Encryption at rest using industry-standard encryption technologies
  • Secure storage of authentication credentials and OAuth tokens
  • Role-based access controls
  • Monitoring, logging, and security review procedures
  • Access restrictions designed to limit data access to authorized personnel and systems

While no method of transmission, storage, or processing can be guaranteed to be completely secure, Wavey continuously works to maintain safeguards designed to protect customer information.

7. Data Retention

Wavey applies retention policies to operational, lifecycle, audit, security, and compliance records.

Operational lifecycle data is generally retained for up to 365 days unless a longer retention period is required for legal, billing, fraud prevention, security, compliance, or contractual obligations.

Deletion-proof audit records and related compliance documentation may be retained for longer periods, including up to seven years or longer where required by law or legitimate business needs.

California residents and other eligible individuals may request access to or deletion of applicable personal information through the Contact Us page available on the Wavey website.

8. Categories of Recipients / Third Parties

Depending on your use of the Service, we may disclose relevant data categories to:

  • Infrastructure and cloud hosting providers
  • Authentication, security, and abuse-prevention providers
  • Payment processors for billing and subscription operations
  • Marketing, CRM, and analytics providers, where configured and, where required, consent-gated
  • Professional advisors, auditors, and regulators where disclosure is legally required
  • Authorized members of the same customer organization or workspace when collaboration features are used

We do not sell personal information.

9. Contact Information

Questions regarding privacy, data protection, or requests for deletion of account data may be submitted through the Contact Us page available on the Wavey website.

Wavey will make commercially reasonable efforts to respond to verified privacy and data deletion requests in a timely manner.