Last updated May 2026
Prior versions of this Privacy Notice can be found at Privacy Notice archive.
The substantive changes from the previous version relate to Section 8: U.S. State Privacy Rights
About this Privacy Notice
Waves recognizes the importance of privacy, security, and data protection to our customers.
Moreover, data protection laws may give you certain rights over your personal data, no matter when or where it is being processed.
By accessing or using the website, you acknowledge that you have reviewed both the Waves' Terms of Use and this Privacy Notice and you understood them. Certain Waves offerings involve artificial intelligence, automated processing, and recorded communications, as further described in our Terms of Use.
This Privacy Notice applies to you and us, and it governs any and all data collection and usage made by us in compliance with applicable regulations. By using this Website, you acknowledge that your Personal Data may be collected and processed as described in this Privacy Notice, subject to applicable law. We gather various types of information from our users, as explained in more detail below, and we use such information internally in connection with our website, including to personalize, provide, and improve our services, to allow you to set up a user account and profile, to contact you if necessary, and to analyze how you use our services. In certain cases, we may also share certain information with third parties, but only as described below.
This Privacy Notice informs you of our privacy practices regarding what personal data we collect about you, how we use it, why we use it, and of the choices you can make and rights you can exercise in relation to your personal data.
This Privacy Notice applies to information that may be collected from your online activity at http://www.waves.com and all subdomains, collectively, the “Website”) and its subdomains, including during your conversations with our support chatbot, and, also, during your interactions you might have with Waves offline, such as when you engage with our customer support representatives.
THIS PRIVACY NOTICE IS NOT A CONTRACT.
1.1 Who We Are
1.1.1 Waves Audio Ltd. ("Waves", "we", "us" or "our") offers a variety of services and products as further detailed below and/or in our Terms. Our offices are located at Azrieli Center 3, The Triangle offers a variety of services and products as further detailed below and/or in our Terms of Use. Our offices are located at Azrieli Center 3, The Triangle Tower, 32nd Floor, Tel-Aviv 6701101, Israel. We may provide you with services through our wholly owned subsidiary, Waves Audio Inc., located at 2800 Merchants Drive, Knoxville, TN 37912 ("Waves Inc."). Waves Inc. collects and processes Personal Data on our behalf, as a “processor”, as further explained below. If you have questions about our company, your privacy, or if you want to exercise your rights, you can contact us at privacy@waves.com.
1.1.2 Representative for data subjects in the European Union (EU) and the United Kingdom (UK). We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact, if you are located in the EU or the UK. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase Personal Data). If you want to contact us via our representative, Prighter or to make use of your data subject rights, please visit the following website: https://prighter.com/q/11406283576.
1.2 Our Role: Controller and Processor Certain data protection laws, including the laws in the EU and UK, differentiate between a party that determines why and how personal data is processed (called a "controller") and a party that processes personal data solely on the controller's behalf and according to the controller's instructions (called a "processor"). Waves is the controller in respect of the processing described in this Privacy Notice, and Waves Inc. serves as Waves’s processor.
1.3 Definitions and Recommendations
1.3.1 When we refer to "services", we mean digital audio signal processing technologies through our software, hardware and apps and the Website, and providing the Website and our support chatbot, all as may be further detailed on the Website.
1.3.2 When we refer to "personal data", or “Personal Information”, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to, directly or indirectly, an identified or identifiable individual (and, where applicable, a household or device), including where such identification or linkage is possible when the information is combined with other information. This may include, for example, contact details such as your telephone number, general location information, time zone information, online identifiers such as Internet Protocol (IP) addresses, cookie identifiers, device identifiers, information about your speakers, microphone, and camera, and other information you provide when you communicate or interact with us or use our Website and services.
We may also use other analytics tools and similar technologies to collect information about your use of the Website and related technical and usage information, such as information about your device or system, operating system, software, language preference, browser type, approximate location (such as region or country) and other information about how you interact with the Website.
We may also collect or generate aggregated, de-identified, or statistical information, meaning information that is not intended to identify you and that is not reasonably capable of being used to identify, associate with, or be linked to you as an individual (or, in the case of aggregated information, with any consumer or household). Such information may be derived or generated from Personal Data collected through the Website or your use of a service(s). We process and use it solely in aggregated and/or de-identified form for purposes such as service improvement, research, analytics, and statistical reporting. We do not attempt to re-identify individuals from aggregated or de-identified information, except as permitted by applicable law.
1.3.3 When we refer to "you", we mean visitors to our website, job applicants and any user of our services, as applicable.
1.3.4 When we refer to “our support chatbot”, we mean our support assistant found on the Website that provides customer support and account management services by issuing responses (including in certain circumstances, artificial intelligence (AI) responses) to your support and services inquiries. Use of our support chatbot may involve monitoring, recording, and association of chatbot conversations with your account or other identifying information, as further described in our Terms of Use.
1.3.5 This Privacy Notice is meant to be read together with our Terms of Use, which you can find at www.waves.com/legal/terms-and-conditions ("Terms"). In general, we recommend that you routinely review this privacy notice and your preferences on our Website.
1.4 A Note on Legal Bases. Certain data protection laws may require that we have a lawful basis to process Personal Data. For example, under the EU's General Data Protection Regulation ("GDPR"), possible legal bases include: your consent, the processing is necessary to perform a contract with you, the processing is necessary to fulfill our legal obligations, or a company has a legitimate business interest to process your Personal Data. Where required by applicable law and where we are acting as a controller, we only collect and process data where we have established a legal basis. Below you can find more details about specific legal bases.
1.5 Choices. Your choices regarding the use and disclosure of your Personal Information depend on your location and the applicable data protection laws. Information about rights available under the GDPR and UK data protection laws is described in the relevant sections of this Privacy Notice, and information about rights available under U.S. state privacy laws is described in Section 8 (U.S. State Privacy Rights).
Personal Data We Collect as a Controller, How We Use It, and Why.
Below is a description of the types of Personal Data we collect, how we use it, and the purposes for which we use it. Where required by applicable law, we also describe the legal bases that may apply to certain processing activities. You are not required to provide us with Personal Data, but certain Personal Data may be necessary to provide specific services. (for example, to open an account, process an order, provide customer support, or comply with legal requirements). If you choose not to provide certain information, we may not be able to provide you with the requested service.
2.1 Website Visitors. When you visit the Website (including when you use our support chatbot), we may collect the following types of data about you
2.1.1 Contact Form Information – When you send us a message through the contact form on the Website or interacting with our support chatbot, we collect any data you choose to provide, such as your name, email, and the content of your message or input in our support chatbot. Please do not include sensitive Personal Information in your message or chatbot inputs (for example, payment card information, account passwords, or health information). When you sign up for our newsletters/mailing list we collect your email address. Not providing this data may prevent us from responding to your inquiries or providing you with newsletters and promotional materials.
How We Use this Data: To respond to your message, to communicate with you, to provide customer support, to provide you with informational newsletters about our products and services, and/or to provide you with promotional materials we think may be of interest to you, all as applicable. Additionally, when using our support chatbot, we use the collected data to assist you when interacting with our support chatbot, to communicate with you, for fraud prevention, research, development, analytical, and archival purposes, and to improve, maintain, and provide our support chatbot or other services. Chatbot conversations may be monitored and recorded for quality assurance, security, training, and compliance purposes and may be associated with your account and other identifying information.
Legal Basis: We process this Personal Data based on the performance of a contract with you, to take steps at your request before entering a contract, or our legitimate interest to answer your inquiries and provide customer support. Where required by applicable law, we process Personal Data for marketing communications based on your consent. You may withdraw your consent at any time by contacting us at privacy@waves.com or by using the unsubscribe link in our emails to opt-out of our marketing emails. .
2.1.2 Activity and System Data (automatically collected data, including through Cookies) – When you visit the Website, we automatically collect data about your computer or mobile device, including through the use of cookies and similar technologies, such as pixels, SDKs, device identifiers, and local storage. Such information includes Personal Data such as your IP address, device ID, time-zone, and other information processed through cookies and similar technologies, such as browsing history (e.g. the other sites you've visited before ours), and your activity on the Website (e.g. what pages you visited, for how long, and what links you clicked on). For more information about the cookies we use and how to adjust your preferences, see the Cookies and Similar Technologies section below and our Cookie Notice. Without this data, we may be unable to optimize your experience on the Website or support the security and functionality of our services.
How We Use this Data: We mainly use this data to generate analytics data about the use of our Website so we can maintain, develop, manage, enrich and improve the Website and develop new products or services. We also use statistical data to prevent illegal and/or unauthorized use of the Website and/or fraud, protect the security of our site and to comply with and enforce applicable legal requirements, relevant industry standards and policies, including this Privacy Notice and the Terms. Some cookies and Personal Data may be used to provide you with advertising for our products and services or those of third parties, based on your preferences and interests. We may also use this information to remember user preferences and support enhanced website functionality, such as embedded media, messaging tools, and community features. One of the tools we use to collect and analyze this data is "Google Analytics". For more information about how Google collects information and how you can control such use, see: www.google.com/policies/privacy/partners. Personal Data collected through cookies, analytics, or similar technologies is not used to train, fine-tune, or improve artificial intelligence or machine learning models unless explicitly disclosed and permitted by applicable law.
Legal Basis: When we process this Personal Data that is generated from cookies and similar technologies for the purpose of developing and improving our products and services and/or to advertise to you, we do so based on your consent where required by applicable law (and otherwise as permitted by applicable law, subject to any opt-out rights you may have). When we process this Personal Data, which is not generated from cookies and similar technologies, and/or for the purpose of preventing fraud, we do so based on our legitimate interests to develop and improve our products and services, market our own products and to prevent fraud. Where such processing involves cookies or similar technologies, your preferences are managed through the controls described in our Cookie Notice. We will only use your Personal Data for marketing third parties' products and Services if you have given your consent. You may withdraw your consent at any time at https://www.waves.com/legal/cookie-policy and by sending an email to the address: [privacy@waves.com]. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt-out is effective.
2.2 Users - If you are a user of our services, we collect the following information from and about you.
2.2.1 Registration Data – In order to access some of our services, including to make a purchase through our Website, you must first create an account. Registration Data includes information that you provide to us when you register for an account, create a user profile, or otherwise sign up to use our services. This may include your name, email address, and other information you choose to provide.
If you create an account, we may also collect account log-in credentials, such as a username and password (or other authentication information). Account log-in credentials may be considered “sensitive Personal Information” under certain privacy laws, including the California Privacy Rights Act (“CPRA”). We use account credentials only as necessary to create and administer your account, authenticate you, maintain account security, prevent fraud and unauthorized access, and comply with applicable law. We do not use account log-in credentials for advertising purposes, including cross-context behavioral advertising.
We may also indicate that the provision of certain Personal Data is voluntary, such as your telephone number, age and date of birth, your occupation, country and zip code. Failing to provide this data may restrict your access to certain services and features, such as making purchases or saving preferences.
We maintain administrative, technical, and organizational safeguards designed to protect Registration Data, including account credentials.
How We Use this Data: We use your registration information to allow you to access our services, save your preferences, manage your account, and address issues that arise. We also use Personal Data (including account authentication information) to help maintain the security of our services, verify accounts and activity, and prevent fraud, abuse, and unauthorized access. We use your contact details to communicate with you about our services, including providing customer support and sending service-related notices. We may also use your contact details to send you informational newsletters and other promotional materials relating to our products and services, subject to your opt-out rights (for example, by using the unsubscribe mechanisms included in our marketing emails) and, where required by applicable law, your consent. For more information about our marketing activities and how you can control your preferences, see the section on Our Marketing Activities below.
Legal Basis: When we process your registration data to provide you with our services, we do so to perform a contract with you, in this case our Terms/customer agreement. We process your payment data to perform a contract with you, specifically our Terms. When we process your payment data to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers. When we process your registration data to maintain our services, including to prevent fraud, protect the security of and/or address issues with our services, we do so on the basis of our legitimate interest to maintain our assets. When we use your Personal Data to send you promotional materials relating to our services, we do so based on our legitimate interest to promote and market our services. You have the right to object to this processing at any time, and you can opt-out by following the instructions provided in our communications or by contacting us directly.
2.2.2 Payment Data – If you make a purchase through the services, you will be required to provide customary billing information, including your name, address, phone number, whether you have a Tax / VAT number (and the number), and the details of your credit card or other payment instrument. We may receive information related to such purchase, such as the last four (4) digits of your credit card number. Without this information, we cannot process your transactions, which may prevent you from purchasing our products or services.
How We Use this Data: To process your payment and to prevent fraud.
Legal Basis: We process your payment data to perform a contract with you, specifically our Terms. When we process your payment data to prevent fraud, we do so based on our legitimate interest in protecting ourselves and our customers.
2.2.3 Materials You Upload or Generate – We collect any Personal Data that may be included in any materials, including audio, video, images, usernames, avatar, profile information, your online presets and other settings and configuration information (such as audio and video settings, and recording file location), or documents, you may upload to or are generated by the services. This section applies to information you choose to submit as content through uploads or user-generated inputs and does not refer to account registration or log-in information collected through the account creation and authentication process. If you choose not to upload materials, certain features that depend on those materials (such as sharing content or enabling personalized functionality) may not be available. To help protect your information, you should not include sensitive Personal Information in uploads or other content submissions (such as passwords or other log-in credentials, payment card information, or government identification numbers), unless we specifically request it for a particular feature or transaction.
How We Use this Data: To provide you with our services. When we process Personal Data that you may upload or is generated through our services, we process it to provide you with our services, maintain and improve the services and develop new products or services using analytics data, and provide you with advertising for our products based on your preferences and interests as reflected by such uploaded materials. For clarity, Personal Data included in uploaded or generated materials is not used to train, fine-tune, or improve artificial intelligence or machine learning models.
Legal Basis: We process the materials you provide to perform our contract with you, specifically, the Terms/customer agreement. When we process profile information, your online presets, and other settings and configuration information for analytics purposes and targeted advertising purposes, we do so based on our legitimate interests to improve and market our services.
2.2.4 Activity and System Data (automatically collected data, including through Cookies) – We collect data about your device and your activity through cookies and similar technologies as described more fully above in section 2.1.2, when you use our services online. We may collect information about your activity and use of our services, including Personal Data, when you use our software products. For more information about how we process your data for usage tracking on our software products, please the Cookies and Similar Technologies section of this Privacy Notice, our Cookie Policy, and see https://www.waves.com/legal/usage-data-tracking. Not providing this data may limit our ability to enhance your user experience, help maintain the security and functionality of our services, and provide personalized content or recommendations.
How We Use this Data: To provide you with our services and calculate and make royalty payments to third parties where we are contractually required to do so. We may also process usage data to maintain and improve the services and develop new products or services and offer you new products based on your preferences and interest including through targeted advertising, subject to any opt-out rights you may have under applicable U.S. state privacy laws.
Legal Basis: When we process this information to calculate and make royalty payments, our processing is based on the performance of our contract with you, specifically, the Terms and/or customer agreement, as applicable. When we process this information for analytics and targeted advertising purposes, we do so based on your consent where required by applicable law (and otherwise as permitted by applicable law, subject to any opt-out rights you may have), consistent with section 2.1.2 above.
If you are a user of our software product named “Cosmos”, then processing of such information for the improvement of our products and services is based on your consent. You may withdraw your consent to usage data tracking regarding our software products at any time by contacting us at privacy@waves.com or by accessing “Waves Central” settings page under the Privacy Section and turn-off the applicable toggle.
2.2.5 Android's App Set ID – We collect Android's App Set ID from your device when you use our app. Not providing this data may limit our ability to perform analytics and prevent fraud effectively.
How We Use this Data: We use the App Set ID for the essential purposes of analytics and fraud prevention. We do not connect the App Set ID to any Android advertising identifiers (for example, AAIDs) or any Personal Data for advertising purposes. We process the App Set ID in accordance with Google Play's User Data Policy. Where applicable under U.S. state privacy laws, you may also have the right to opt-out of certain processing activities. For details, see the U.S. State Privacy Rights section below; however, we do not use the App Set ID for targeted advertising purposes.
Legal Basis: When we process your App Set ID to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers. When we process it for analytics purposes, we do so based on our legitimate interests to improve our services.
2.2.6 Geo-Location – We collect your (geo)location when you use our services, subject to your consent where required by applicable law. If you do not provide this data, you may not receive location-based services or advertising tailored to your location.
How We Use this Data: We use your location to provide you with location-based advertising and for statistical analysis of our services.
Legal Basis: We process your location based on your consent. You may withdraw your consent at any point by changing your device settings.
2.3 Job Applicants - If you apply for a job with us, we collect the information you provide as part of your application and during the course of the application process. This may include your name, contact details, resume, recommendations, and any other information we may request or that you choose to share with us. Without this information, we cannot process your job application or consider you for employment opportunities.
How We Use this Data: We use this data to process your job application, including using your contact details to contact you for scheduling purposes and to provide you with updates. We also use this data to manage our recruitment campaigns, to analyze their results and improve future campaigns, as well as to consider your candidacy for future job opportunities. Candidates have the option that we remove their information from further consideration at any time.
Legal Basis: We process your application data based on our legitimate interest to attract and assess candidates for employment. We may also process this information as necessary to comply with applicable legal obligations and to protect our legal rights (for example, to respond to or defend against legal claims).
2.4 Customers of Distributors and Waves Inc. - When you use our services through one of our authorized distributors or through Waves Inc. (acting as a Waves distributor), the distributor, or Waves Inc., as applicable, will provide us with your contact information, such as your name and e-mail address, as well as payment data as set forth in Section 2.2.2 above. Not providing your contact information and payment data may prevent us from delivering the services you have requested through our authorized distributors or Waves Inc. It may also hinder our ability to communicate with you about your account, process transactions, and provide customer support effectively.
How We Use this Data: We use your registration information to allow you to access our services, save your preferences, protect the security of our services, prevent fraud, and address any issues that arise. We use your payment data to process your payment and to prevent fraud. We use your contact details to communicate with you about our services. We also use your contact details to send you informational newsletters about our products and services, subject to your opt-out rights (for example, by using the unsubscribe mechanism included in our marketing emails) and, where required by applicable law, your consent. In addition, we use your registration information to send you promotional materials relating to our products and services, subject to your opt-out rights (for example, by using the unsubscribe mechanism included in our marketing emails) and, where required by applicable law, your consent. For more information about our marketing activities and how you can control your preferences, see the section on Our Marketing Activities below.
Legal Basis: When we process your registration data to provide you with our services, we do so to perform a contract with you, in this case our Terms/customer agreement. We process your payment data to perform a contract with you, specifically our Terms. When we process your payment data to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers. When we process your registration data to maintain our services, including to prevent fraud, help maintain the security of and/or address issues with our services, we do so on the basis of our legitimate interest to maintain our assets. When we use your Personal Data to send you promotional materials relating to our services, we do so based on our legitimate interest to promote and market our services. You may opt out of marketing communications at any time by following the instructions provided in our communications or by contacting us directly.
As described above, we may use personal data we collect for advertising and marketing purposes. We try to limit the marketing material we send to a reasonable and proportionate level. Below we describe how you can control the marketing material you receive from us.
3.1 Email Marketing and Services Communications
3.1.1. We use your contact details to send you informational newsletters and other marketing material about our products and services, subject to your opt-out rights and preferences and, where required by applicable law, your consent. You may withdraw your consent (where applicable) at any time in your account.
3.1.2. You can stop the delivery of all marketing emails by following the "unsubscribe" link in any messages we send you. Alternatively, you can unsubscribe in your account.
3.1.3. If you are a registered user, you can change your preferences within your account to reflect how you would like us to communicate with you.
3.1.4. Note that if you are a registered user, we may need to contact you about administrative or service-related issues as part of the services we provide to you. This is not marketing communication and you will continue to receive these messages even if you opt-out of marketing emails.
Waves is committed to protecting your privacy. We disclose Personal Data to third parties only as described in this Privacy Notice and as permitted by applicable law.
We do not sell Personal Data for money. However, under certain U.S. state privacy laws (including the California Consumer Privacy Act as amended by the CPRA), some disclosures of Personal Data to third parties (including through cookies and similar technologies for advertising and analytics) may be considered a “sale” or “sharing” even if no money is exchanged. Where applicable, you may have the right to opt-out of such disclosures as described in the U.S. State Privacy Rights section below.
We may share or disclose your Personal Data in the following cases, including where you direct us to do so, where you provide consent (where required), or where such sharing is otherwise permitted by applicable law:
4.1 Affiliates. We may share your personal data with our affiliates, where this is necessary to provide you with our products and services and so that we can manage our business, such as to keep updated records of our users. A list of our affiliates is available at https://www.waves.com/contact-us under the section entitled “Waves Offices.”
4.2 Distributors. We may share your Personal Data, such as contact details, with our distributors, which (aside from Waves Inc.) act as an independent, separate controller of your Personal Data, and may use such data to offer you third party products or services. We share your Personal Data with distributors where this is necessary to provide you with our products and services and so that we can manage our business and as part of our contractual relationships. We may also share your Personal Data with distributors where necessary to provide you with the services you request (including purchase fulfillment and related customer support). Except where we act as the distributor, our authorized distributors generally act as independent, separate controllers and may process your Personal Data in accordance with their own privacy practices. Depending on the circumstances, these disclosures may be considered a “sale” or “sharing” of Personal Data under certain U.S. state privacy laws, even if we do not disclose Personal Data in exchange for money. Where applicable, you may have the right to opt-out of certain disclosures as described in the U.S. State Privacy Rights section below. For information about our distributors, please see our Dealers list, available at www.waves.com/dealers.
4.3 Customers. If you use our services in connection with a company that is our customer, that customer may have access to information about your use of our services. For example, a user with an administrator account may be able to see your data. This access is provided in accordance with applicable data protection laws and is limited to what is necessary for the performance of services. We ensure that such access is granted only with your consent or on a legitimate legal basis, such as contractual necessity. For U.S. state privacy law purposes, this may include disclosures made at the direction of the applicable customer or account administrator.
4.4 Users of our services. If you choose to use our services, which may include social features, such as sharing your audio or video files and comments with other users of such users, such users may be able to obtain Personal Data about you through the materials you choose to upload.
4.5 Service Providers. Below is a list of the types of service providers we use, the service each provides, and the types of Personal Data shared with each. All service providers have agreed to confidentiality restrictions and have undertaken to use your Personal Data solely as we direct. We share Personal Data with service providers only as needed for them to perform services on our behalf. Where required by applicable law, we enter into appropriate written agreements with service providers regarding their processing of Personal Data. We also take steps designed to help protect Personal Data when it is handled by service providers, including assessing providers where appropriate and limiting their access to Personal Data based on the services they perform for us.
| Type of Service | Description | Personal Data Shared |
|---|---|---|
| Cloud Computing | We use service providers that offer cloud computing services. They offer us space on their servers for us to store our files and programs, including your personal data. | All personal data that we collect from you is stored on third-party servers. |
| Customer Relationship Management (CRM) | We use an external CRM tool to help us keep track of our customers and information related to them, including their personal data. | Your name, company, position, email address, and phone number. |
| Email Marketing | We use an independent vendor to send out marketing emails on our behalf. | Your name and email address. |
| Payment Processors | When you make a payment through our services, the transaction is processed by an independent vendor. | The details of your credit card number or your account with such vendor, shared directly by you to the vendor. |
| Our Support Chatbot | When you use our support chatbot, the service is provided through an independent vendor. | Any data you provide, such as your name, email, and the content you include in our support chatbot. |
4.6 Advertisers. When you click on an ad, whether it's on our services, the relevant advertiser will be alerted that someone has visited the page on which the relevant advertisement was displayed and may be able to identify your device by using certain technologies, like cookies. For additional information, please visit our Cookies Policy. We may allow advertising and marketing partners to collect Personal Data through cookies and similar technologies on our Website (for example, information about your device, browser, and interactions with our Website), subject to your cookie choices and consent where required by applicable law. These partners may use such information for purposes such as measuring advertising effectiveness and delivering advertising that may be tailored to your interests. Under certain U.S. state privacy laws, these types of disclosures or collections may be considered a “sale” of Personal Information or “sharing” of Personal Information for cross-context behavioral advertising (even if no money is exchanged). You can opt-out of this type of processing as described in the U.S. State Privacy Rights section below.
Please note that such advertisers may also use cookies or other similar technologies to collect various data about you. As stated above, data collection and any use by those third parties is subject to their privacy policies.
4.7 Meta. For the purpose of advertising our services to you, we may share, subject to your consent where require by applicable law, your contact details with Meta Platforms Ireland Limited ("Meta"), which acts as an independent, separate controller of your Personal Data and may use such data to offer you third party products or services, or for other marketing profile purposes. We share your Personal Data with Meta for marketing and retargeting purposes, as set forth in Section 3 above. You may have certain rights and choices regarding this processing, including the ability to opt-out of certain marketing communications and, where required by applicable law, to withdraw your consent. Depending on the circumstances, this disclosure may be considered “sharing” of Personal Information for cross-context behavioral advertising under certain U.S. state privacy laws (even if no money is exchanged). Where applicable, you may have the right to opt-out of such “sharing” as described in the U.S. State Privacy Rights section below. For more information about how Meta processes your data, please see https://www.facebook.com/privacy/guide/ads.
4.8 Change of Ownership. If we are looking to sell our company, or any of its affiliates’ shares or assets, or liquidate assets, change of control or merge with another, in whole or in part, we may share your Personal Data with other interested parties as part of negotiations toward that transaction. In such case, or where we do sell our company, your Personal Data shall continue to be subject to the provisions of this Privacy Notice.
4.9 Law Enforcement Related Disclosure. We may share your Personal Data with government agencies or other relevant parties, such as a law office or independent auditor, : (i) if we believe that such disclosure is appropriate to protect our rights, property or safety (including the enforcement of the Terms and this Privacy Notice) or those of a third party; (ii) if required by law or court order; or (iii) as is necessary to comply with any legal and/or regulatory obligations, such as audit requirements.
We may use Service Providers for our servers and\or storage, which are located within the EU/EEA, or in a location where the EU has determined that it is acceptable to store such information in accordance with an adequacy decision. In such cases, we take steps designed to help protect your Personal Information when such Services Providers process or store it, including by selecting providers that implement appropriate safeguards for the physical security, integrity, and availability of data. We also take appropriate measures designed to help protect Personal Information in accordance with applicable laws.
5.1. If you are located in the EU, when we share your Personal Data with third parties based outside of the European Economic Area ("EEA"), we will ensure that they put in place appropriate agreements and safeguards that require them to comply with applicable law, keep your data secure at similar levels to the level described in this Privacy Notice, and make sure that your data protection rights are protected. We will also implement the following safeguards:
5.1.1. When we transfer your Personal Data to Israel, we rely on the decision by the European Commission that says that Israel is considered to provide an adequate level of data protection.
5.1.2. Where we transfer your personal data to other countries, we (i) take additional security measures to protect the data and (ii) use specific contracts approved by the European Commission, known as the Standard Contractual Clauses, to give your personal data the same protection it has in the EEA.
5.1.3. In certain cases, we may transfer your Personal Data to countries outside the EEA based on your explicit consent. You have the right to withdraw your consent at any time. For more information, please contact us at privacy@waves.com.
5.1.4. Please contact us at privacy@waves.com if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
The security of your Personal Data is important to us. We will take commercially reasonable measures to help protect Personal Data during transmission and while it is stored. We work hard to make sure that your Personal Data will be held securely and that it will not be accessed, disclosed, altered, or destroyed in unauthorized manner. However, it is impossible to guarantee absolute security. You should be aware that there is always a certain risk involved in transmitting information over the internet and that there is also some risk that others could find a way to thwart our and/or the Cloud Service Provider security systems. As a result, while we strive to protect your information, we cannot guarantee the security and privacy of your Personal Data or other content you may have provided while using our services, and you do so at your own risk and free will. We encourage you to exercise discretion regarding the Personal Data you choose to disclose.
The security of your Personal Data also depends on the security of the devices you use and the way in which you protect your user IDs and passwords. The measures we take include:
6.1 Technical Measures. The electronic safeguards we employ to protect your Personal Data include secure servers, firewalls, and anti-malware technology. We also maintain safeguards designed to protect account credentials and authentication information and help prevent unauthorized access.
6.2 Access Control. We limit access to your Personal Data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee's access as appropriate after his/her termination.
6.3 Internal Policies. We maintain and regularly review and update our privacy related and information security policies.
6.4 Personnel. We require employees to sign non-disclosure agreements according to applicable law and customary industry practice.
6.5 Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored in accordance with our backup and retention practices to preserve their confidentiality and integrity.
Depending on which laws apply, you have certain legal rights over your data. Below is some general information about rights that may apply to you, which may vary depending on your jurisdiction. To exercise your rights, please contact us at privacy@waves.com. If you want to exercise your rights regarding your Personal Data held by other controllers you can contact the applicable controller directly. We may ask for reasonable evidence to verify your identity before we can comply with any request. We will not discriminate against you for exercising your privacy rights.
7.1 Right of Access. You may have a right to know what Personal Data we collect about you. In certain circumstances we may charge a reasonable fee to provide you with this information, if permitted by law. If we are unable to provide you with all the information you request, we will do our best to explain why. See Article 15 of the GDPR for more details, if your personal data is subject to GDPR.
7.2 Right to Correct Personal Data. You may request a review and rectification (including correction and update) of your Personal Data. We update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data. See Article 16 of the GDPR for more details, if your personal data is subject to GDPR.
7.3 Deletion of Personal Data ("Right to Be Forgotten"). You may have the right to request that we delete your Personal Data. Note that we cannot restore information once it has been deleted. Even after you ask us to delete your Personal Data, we may be allowed to keep certain data for specific purposes under applicable law. See Article 17 of the GDPR for more details, if your Personal Data is subject to GDPR. If you wish to delete your Waves account and Personal Data, contact us.
7.4 Right to Restrict Processing. If your Personal Data is subject to the GDPR, you may have the right to ask us to stop processing your Personal Data. See Article 18 of the GDPR for more details, if your personal data is subject to GDPR.
7.5 Right to Data Portability. If your Personal Data is subject to the GDPR, you may have the right to request that we provide you with a copy of the Personal Data you provided to us in a structured, commonly used, and machine-readable format. See Article 20 of the GDPR for more details, if your personal data is subject to GDPR.
7.6 Right to Object. If your Personal Data is subject to the GDPR, you may have the right to object to certain processing activities. See Article 21 of the GDPR for more details, if your personal data is subject to GDPR.
7.7 Withdrawal of Consent. If we are processing your Personal Data based on your consent, you are always free to withdraw your consent, however, this won't affect processing we have done before you withdrew your consent by the "unsubscribe" button or contacting us at privacy@waves.com. Please note that withdrawing consent may affect our ability to provide certain services. You will receive confirmation once your consent has been withdrawn.
7.8 Right to Lodge a Complaint with Your Local Data Protection Authority. If your Personal Data is subject to the GDPR, you have the right to submit a complaint regarding the processing of your Personal Data by us to the relevant data protection authority if you have any concerns about how we are processing your Personal Data, you are entitled to report such dissatisfaction to the applicable supervisory authority in your country of residence. We encourage you to contact us first so we may try to resolve your concerns, but you are not required to do so.
If you are a resident of a U.S. state that provides privacy rights to individuals and our processing of your Personal Information is subject to an applicable U.S. state comprehensive privacy law, you may have certain rights regarding your Personal Information. These rights (and any applicable exceptions) can vary by state and by our relationship with you (for example, whether you are a Website visitor, customer, or user of our services).
This Section 8 is intended to describe a baseline set of rights and choices that commonly apply across U.S. state privacy laws. We will apply and honor the rights that are required under the law that applies to you. Depending on your state of residence, you may have certain rights with respect to your Personal Information under U.S. state privacy laws. The rights described in this Section 8 apply only to the extent required by applicable law and are subject to any limitations or exceptions provided therein.
For purposes of this Section 8, “Personal Information” has the meaning given to it under applicable U.S. state privacy laws and generally includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular individual or household. It does not include information that is de-identified or aggregated in accordance with applicable law.
Certain information we collect may be considered “sensitive” Personal Information under applicable U.S. state privacy laws (such as account log-in credentials). We process such information solely for the purposes reasonably necessary to provide our services, maintain account security, prevent fraud and unauthorized access, and comply with applicable legal obligations. We do not use sensitive Personal Information to infer characteristics about you, and we do not use or disclose sensitive Personal Information for cross-context behavioral advertising or targeting advertising. We also do not engage in profiling that produces legal or similarly significant effects concerning consumers unless permitted by applicable law.
8.1 Your Rights. Subject to applicable law and certain exceptions, you may have the right to:
8.2 How to Exercise Your U.S. Privacy Rights. You may request a review and rectification (including correction and update) of your Personal Data. We update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data. See Article 16 of the GDPR for more details, if your personal data is subject to GDPR.
8.2.1 Submitting a Request. YTo exercise any of the rights described above, please submit a verifiable request by emailing us at privacy@waves.com (or through any privacy request method we make available in our services or on our Website). To help us process your request, please include your name, the email address you use with Waves (if you have an account), the right you wish to exercise, and sufficient information for us to reasonably verify your identity and locate the relevant information. We may need to verify your identity before processing certain requests, including by confirming access to your account or requesting additional information. Where needed, we may ask you to confirm the state in which you reside so we can apply the appropriate legal requirements.
8.2.2 Authorized Agents. Where permitted by applicable law, you may use an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization to act on your behalf, and we may also require you to verify your identity (and confirm the agent’s authority) directly with us before we process the request.
8.2.3 Response Timing. We will respond to verifiable requests within the timeframes required by applicable law. In many cases, this is within 45 days, and, where permitted, we may extend our response time when reasonably necessary and will inform you of any extension as required by law.
8.2.4 Appeals. If we deny your request and the applicable law provides an appeal right, you may appeal by emailing privacy@waves.com with “Appeal” in the subject line and providing information sufficient for us to identify your original request. We will respond to appeals within the time required by applicable law and, where required, will provide instructions for escalating your concern to the appropriate state authority.
8.2.5 Opt-Out of Sale/Sharing and Targeted Advertising. Where applicable, you may opt-out of the sale of Personal Information, the sharing of Personal Information for cross-context behavioral advertising, and the use of Personal Information for targeted advertising by visiting our Cookie Notice & Personal Choices page. This mechanism allows you to enable or disable categories of cookies and similar technologies and applies your selections to the extent required by applicable law.
Submitting an opt-out request through this page will apply your choice to all such processing activities, to the extent required by applicable law.
Unless you provide information that enables us to associate your request with your account or other records, your opt-out choice will generally apply to the browser or device from which the request is submitted. You may also be able to manage certain cookie-based advertising preferences through our cookie settings, as described in our Cookie Notice.
Where required by applicable law, we will also honor recognized opt-out preference signals, such as the Global Privacy Control, as a valid request to opt-out of the sale or sharing of Personal Information and targeted advertising for the browser or device from which the signal is received.
When you exercise an opt-out choice through our “Your Privacy Choices” mechanism or a recognized universal opt-out signal, we will apply that choice to the extent required by applicable law to both client-side technologies (such as cookies or pixels) and server-side disclosures of personal information used for advertising, measurement, or similar purposes.
8.3 Universal Opt‑Out Signals (e.g., Global Privacy Control). Where required by applicable law, we will honor browser-based or device-based opt-out preference signals (such as Global Privacy Control) that indicate your choice to opt-out of certain processing (including the use of advertising related technologies that may constitute sale, sharing, or targeted advertising under applicable law). We generally treat such signals as reflecting your current preference for the browser or device from which they are sent. If we cannot associate the signal with you (for example, if you are not logged in), we will apply it to the browser or device on which it is received, to the extent feasible. We evaluate these signals on each visit based on the information received from your browser or device, and our handling of your preferences may change if those signals change. You may also be able to adjust cookie-based advertising preferences through our Cookie Notice and Privacy Choices page.
8.4 Sale/Sharing of Personal Information for Advertising and Analytics. We may disclose Personal Information to advertising, marketing, and analytics partners (for example through cookies, pixels, or similar technologies) for purposes such as measuring advertising performance, understanding usage of our Website and services, and delivering advertising that may be tailored to your interests. We do not sell Personal Information for monetary consideration.
However, under certain U.S. state privacy laws, the use of advertising cookies or similar technologies that allow advertising partners to collect information about interactions with our Website may be considered a “sale,” “sharing,” or use of Personal Information for targeted advertising even when no money is exchanged. You can opt-out of this type of processing as described in this Section 8.
8.5 Rhode Island Disclosure. To the extent required by the Rhode Island Data Transparency and Privacy Protection Act, we disclose that we have shared or may share Personal Information with certain advertising, marketing, or attribution partners in a manner that could be considered a “sale” or “sharing” under that law, even if no money is exchanged. Based on our use of cookies and similar technologies for advertising, marketing, and attribution purposes, we have sold, or may sell, personal data (such as online identifiers and information about interactions with our website) to the following third parties: Google LLC (including Google Ads and DoubleClick), Meta Platforms, Inc. (Facebook), TikTok, Inc., LinkedIn, Microsoft Corporation (Microsoft Advertising/Bing), X (formerly Twitter), Reddit, Criteo, Outbrain Inc., RTB House S.A.; Impact Tech, Inc. (Impact Radius), Yotpo Ltd., and Feed Optimise Ltd.. This disclosure reflects our current practices and may be updated from time to time.
We do not sell Personal Information for monetary consideration. Information about your privacy rights and how to exercise them, including the right to appeal a denied request, is described in Section 8 of this Privacy Notice.
8.6 Financial Incentives. We do not offer financial incentives, loyalty programs, discounts, or other benefits in exchange for the collection, retention, sale, or sharing of Personal Information. If we introduce such programs in the future, we will provide appropriate disclosures and obtain any consent required by applicable law.
We may retain all or any part of the information we collect or that you share with us only for as long as is reasonably necessary to fulfill the purposes for which it was collected and processed, including to provide our services. In addition, we may also retain such information as necessary to comply with our legal or business requirements or obligations, to resolve disputes, to enforce our Terms and to protect our legal rights, in accordance with applicable law. Where possible, we will delete, de-identify, or anonymize Personal Data when it is no longer needed for the purposes described above. If Personal Data is anonymized so that it can no longer be associated with you, we may retain it for analytics, research, or statistical purposes.
When deciding how long to store Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized access, the purposes for which the Personal Data was collected, as well as applicable legal requirements. We also consider whether we can achieve the relevant purposes through other means, and applicable legal, regulatory, tax, accounting, and contractual requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business's retention policy.
In some circumstances, we may store your Personal Data even after we're finished using it if required to do so by law (e.g. to fulfill tax or audit requirements), or to keep accurate records of our interactions in case there is a prospect of litigation relating to your Personal Data. In some circumstances, we may retain Personal Data for longer periods where required or permitted by law, including to comply with legal obligations, respond to lawful requests, prevent fraud, maintain security, and establish, exercise, or defend legal claims. In such cases, we will maintain appropriate safeguards and security measures consistent with applicable law.
Retention by our service providers, contractors, or sub-processors may vary depending on their retention policies and applicable legal requirements; however, where required by law, we will take appropriate steps to require that they retain and process Personal Data only for as long as necessary to perform services on our behalf and consistent with applicable law.
Please contact us at privacy@waves.com if you would like details about the retention periods for each type of Personal Data we process.
We use cookies and similar technologies (such as pixels, local storage, software development kits (SDKs), and device identifiers) to operate our Website and services, analyze usage, and support advertising and related data uses, as described in this Privacy Notice.
For detailed information about the types of technologies we use, the purposes for which they are used, and how you can control them, please see our Cookie Notice and Privacy Choices page.
You can manage your preferences regarding the use of cookies and similar technologies, including enabling or disabling non-essential technologies and exercising opt-out rights where applicable, through the “Your Privacy Choices” control available in the footer of our website pages. Where required by applicable law, we obtain your consent before using non-essential technologies.
You will not have to pay a fee to access your Personal Information (or to exercise any of your privacy rights). However, we may charge a reasonable fee (or refuse to act on a request) if your request is manifestly unfounded, excessive, or repetitive, or if you request additional copies of the information we provide beyond the first copy. If we determine that a fee is warranted (or that we will refuse your request), we will notify you in advance and explain our decision and any estimated cost before completing your request.
If you choose to sign in using a third-party service such as Google or Facebook, instead of signing in with a Waves account, we will receive certain information from that provider for the purpose of securely authenticating your account and enabling you to access our services. Signing in with Google or Facebook is optional. If you prefer not to use a third-party login, you may sign in using your Waves account credentials. Specifically, we collect and store only your email address from these services to enable login and user identification within our platform. While these providers may make additional information available through their APIs (such as your name, profile picture, or unique user ID), we do not store or use any of that information unless we explicitly disclose otherwise to you at the time of collection. We also do not use social login data to build user profiles, track your social activity, or access your contacts, friends list, or timeline. We do not request access to your contacts, friends list, messages, or social media activity, and we do not use social login information to track your behavior across other services. Our lawful basis for processing this data under the General Data Protection Regulation (GDPR) is Article 6(1)(b) is for the performance of a contract, namely, providing account access and authentication. Where necessary to maintain the security of our services and prevent fraud, we may also rely on Article 6(1)(f) (legitimate interests).
You may revoke our app’s access to your social login account at any time through your Google or Facebook account settings:
Please note that revoking access may prevent you from logging in using that third-party provider unless you sign in using your Waves account credentials. We retain your email address as long as your account remains active or as necessary to provide our services. If you delete your account or revoke access, we will delete the associated email address from our system unless retention is required for legal or compliance purposes. If you delete your account or revoke access, we will delete or de-identify this information unless we are required or permitted to retain it to comply with legal obligations, resolve disputes, enforce our agreements, or protect our legal rights.
Your use of third-party login services is subject to the privacy policies of the respective providers:
You may have access to third-party services through our services. Please note that all use of third-party services is at your own risk and subject to such third party's terms and privacy policies. We do not take any responsibility for the performance of other services. As stated above, data collection and any use by those third parties is subject to their privacy policies.
We do not knowingly collect Personal Data from children under 16. If you believe that a child has provided us with Personal Data, please contact us at privacy@waves.com so that we can take appropriate steps under applicable law.
We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business. We will place all updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version.