Trust

Trust & compliance

How WAVE protects data, who we build on, and where to find every legal commitment.

Our posture

Privacy by design

GDPR & CCPA aligned, with a signed DPA available for customers. Consent-first analytics; Do-Not-Track respected.

Healthcare-ready

HIPAA-ready under a signed Business Associate Agreement (BAA).

AI transparency

EU AI Act Article 26 record-keeping, with immutable audit records and multi-year retention.

Messaging compliance

A2P 10DLC compliant messaging across the platform.

Encryption

TLS in transit and at rest; secrets centrally managed, never committed to source.

Gateway-enforced access

Authentication, scope, entitlement, and metering enforced at one edge gateway — every product and agent.

Subprocessors

CloudflareEdge compute, CDN, storage, DNS — SOC 2 Type II
SupabaseDatabase & authentication — SOC 2 Type II
StripePayments & billing — PCI DSS / SOC 2 Type II
MuxVideo encoding & playback analytics

WAVE documents where data is stored and processed. See the Data Residency policy for specifics by region. Data Residency

Every commitment, in writing

Privacy PolicyTerms of ServiceData Processing AddendumService Level AgreementBusiness Associate AgreementEU AI Act ComplianceSMS / A2P ComplianceData ResidencySDK End User License AgreementSecurity & disclosure