Security

Security at WAVE

We build on a hardened, compliance-aligned stack and welcome responsible disclosure.

Defense in depth

Every request is authenticated, scoped, and metered at one edge gateway. Built on Cloudflare, Supabase, and Stripe — all SOC 2 Type II infrastructure.

Encryption

TLS in transit and at rest across the platform. Secrets are centrally managed and never committed to source.

Compliance posture

GDPR/CCPA aligned, HIPAA-ready under a signed BAA, EU AI Act Article 26 record-keeping, with a signed DPA available.

Auditability

Immutable audit records with multi-year retention, carried end to end through the gateway.

Responsible disclosure