Privacy Policy

1. Information We Collect

To provide and improve WavyOS, we collect the following types of information:

• Contact Information: Email addresses and phone numbers used for communication, authentication, and transactional SMS notifications.
• Business Operational Data: Data you input into WavyOS to run your business, including orders, scheduling information, and related operational metrics.
• Usage Data: Standard system logs and interactions with our portal to help us monitor performance and troubleshoot issues.

2. How We Use Your Information

We use your data strictly to deliver and improve our B2B services. Specifically, we use your information to:

• Provide, operate, and maintain WavyOS.
• Authenticate your identity via our passwordless One-Time Password (OTP) system.
• Store and process your business operational data (orders, schedules) to facilitate your workflows.
• Communicate with you via email and transactional SMS regarding support, updates, system alerts, and account notifications.

3. Third-Party Infrastructure & Subprocessors

We do not build our infrastructure from scratch. To provide a reliable, secure service, we utilize industry-leading third-party service providers. Your data is processed by:

• Vercel: For secure cloud hosting and application deployment.
• Airtable: For robust, structured database management and data storage.
• Resend: For delivering transactional emails and authentication OTPs.
• Telnyx: For delivering transactional SMS notifications to authorized recipients.
• Railway: For cloud hosting and deployment of the WavyOS Brain AI server.
• Anthropic: For AI-powered message understanding and response generation via the Claude API. Message content is processed transiently and not used to train Anthropic's models.

3.1 Instagram & Meta Platform Data

WavyOS integrates with the Instagram Graph API to provide automated direct message management on behalf of our business clients. Through this integration, we access and process:

• Instagram Business account identifiers and usernames
• Direct message content sent to our clients' Instagram accounts
• Customer Instagram user IDs for conversation threading

This data is used exclusively to operate the automated response features of WavyOS. We do not sell, share, or use Instagram user data for advertising or any purpose beyond delivering the contracted service to our business clients. All Instagram data is processed in accordance with Meta's Platform Terms and Developer Policies.

Clients may revoke WavyOS access to their Instagram account at any time through their Instagram account settings under “Apps and Websites.”

4. Data Sharing & Disclosure

We do not sell your personal or business data to third-party data brokers. Your information is only shared under the following circumstances:

• With Service Providers: As outlined above, strictly for infrastructure and operational purposes.
• For Legal Reasons: If required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency) within the Commonwealth of Virginia or applicable federal jurisdictions.

4.1 Mobile Information & SMS Consent

Notwithstanding any other provision in this policy, no mobile information will be shared with third parties or affiliates for marketing or promotional purposes. This includes text messaging originator opt-in data and consent, which will not be shared with any third parties. SMS communications are used exclusively for transactional account notifications between Wavy Systems LLC and its authorized business clients.

5. Data Security

We implement commercially reasonable security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for keeping your email and phone devices secure to protect your OTP access.

6. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us at: