Privacy Policy

1. Information We Collect

To provide and improve WavyOS, we collect the following types of information:

• Contact Information: Email addresses and phone numbers used for communication, authentication, and transactional SMS notifications.
• Business Operational Data: Data you input into WavyOS to run your business, including orders, scheduling information, and related operational metrics.
• Usage Data: Standard system logs and interactions with our portal to help us monitor performance and troubleshoot issues.

2. How We Use Your Information

We use your data strictly to deliver and improve our B2B services. Specifically, we use your information to:

• Provide, operate, and maintain WavyOS.
• Authenticate your identity via our passwordless One-Time Password (OTP) system.
• Store and process your business operational data (orders, schedules) to facilitate your workflows.
• Communicate with you via email and transactional SMS regarding support, updates, system alerts, and account notifications.

3. Third-Party Infrastructure & Subprocessors

We do not build our infrastructure from scratch. To provide a reliable, secure service, we utilize industry-leading third-party service providers. Your data is processed by:

• Vercel: Cloud hosting and application deployment.
• Airtable: Database management and data storage.
• Resend: Transactional email delivery and authentication.
• Telnyx: Transactional SMS delivery.
• Railway: Cloud infrastructure and backend services.
• Anthropic: AI-powered message processing, content analysis, and response generation. Data is processed transiently and not used to train models.
• OpenAI: Audio transcription services. Data is processed transiently and not used to train models.
• Stripe: Payment processing and subscription billing. Payment data is handled directly by Stripe and never stored on our servers.
• Cal.com: Appointment scheduling services.
• Better Stack: System uptime monitoring.
• Discord: Internal operational monitoring.

3.1 Instagram & Meta Platform Data

WavyOS integrates with the Instagram Graph API to provide automated direct message management on behalf of our business clients. Through this integration, we access and process:

• Instagram Business account identifiers and usernames
• Direct message content sent to our clients' Instagram accounts
• Customer Instagram user IDs for conversation threading

This data is used exclusively to operate the automated response features of WavyOS. We do not sell, share, or use Instagram user data for advertising or any purpose beyond delivering the contracted service to our business clients. All Instagram data is processed in accordance with Meta's Platform Terms and Developer Policies.

Clients may revoke WavyOS access to their Instagram account at any time through their Instagram account settings under “Apps and Websites.”

4. Data Sharing & Disclosure

We do not sell your personal or business data to third-party data brokers. Your information is only shared under the following circumstances:

• With Service Providers: As outlined above, strictly for infrastructure and operational purposes.
• For Legal Reasons: If required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency) within the Commonwealth of Virginia or applicable federal jurisdictions.

4.1 Mobile Information & SMS Consent

Notwithstanding any other provision in this policy, no mobile information will be shared with third parties or affiliates for marketing or promotional purposes. This includes text messaging originator opt-in data and consent, which will not be shared with any third parties. SMS communications are used exclusively for transactional account notifications between Wavy Systems LLC and its authorized business clients.

We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages. All of the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

5. Data Security

We implement commercially reasonable security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for keeping your email and phone devices secure to protect your OTP access.

6. Children's Privacy

WavyOS is a B2B platform intended for use by business owners and their authorized staff. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

7. Data Retention & Deletion

We retain your business operational data for the duration of your active subscription. Upon cancellation or termination of your WavyOS subscription:

• Your business data (orders, customer records, conversation history) will be retained for 30 days following termination to allow for data export.
• After the 30-day retention period, all client-specific data will be permanently deleted from our systems and subprocessor platforms.
• Aggregated, anonymized usage data may be retained indefinitely for service improvement purposes.
• You may request immediate deletion of your data at any time by contacting support@wavyautomations.com.

Cached or temporary data (session tokens, rate limiting counters) is automatically purged and not retained beyond its operational lifespan.

8. Data Breach Notification

In the event of a data breach affecting your personal or business information, we will notify affected clients via email within 60 days of discovering the breach, in accordance with the Virginia Consumer Data Protection Act (VCDPA). Notification will include the nature of the breach, the types of data affected, and steps we are taking to mitigate impact.

9. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us at: