Privacy Policy

We collect information you provide directly and information generated through your use of WavPost:

Account information: Name, email address, and authentication data when you sign up via Google.

Connected platform data: OAuth access tokens, profile identifiers, and metadata from platforms you connect (LinkedIn, Twitter/X, YouTube). These tokens are encrypted at rest using AES-256.

API usage data: Posts you publish through our API, the platforms targeted, timestamps, and delivery results.

Billing information: Subscription plan, credit balance, and transaction history. Payment processing is handled by Dodo Payments — we do not store raw card data.

Automatically collected: IP addresses, device type, browser, and usage patterns for security and abuse prevention.

We use the information we collect to:

- Deliver the WavPost service — authenticating you, routing API calls to connected platforms, and tracking credit usage
- Process payments and manage your subscription
- Send transactional emails (billing receipts, security alerts)
- Detect and prevent abuse, fraud, and unauthorized access
- Improve and debug the service using aggregated, anonymized usage data
- Comply with legal obligations

We do not use your content to train machine learning models, and we do not sell your personal data to third parties.

For users in the European Economic Area, we process your personal data under the following legal bases:

- Contract performance: Processing necessary to deliver the service you signed up for
- Legitimate interests: Security monitoring, fraud prevention, and service improvement
- Consent: Marketing communications (you may withdraw at any time)
- Legal obligation: Retaining transaction records as required by applicable law

We share your data only in the following circumstances:

Connected social platforms: When you publish via the API, your content and credentials are transmitted to the platforms you have authorized (LinkedIn, Twitter/X, YouTube). Each platform's own privacy policy governs that data.

Payment processor: Dodo Payments processes billing transactions. See their privacy policy for details.

Infrastructure providers: We use cloud providers for hosting and database services. All providers are under data processing agreements.

Legal requirements: We may disclose data to comply with applicable laws, court orders, or government requests.

We never sell, rent, or trade your personal data.

We retain your data for the following periods:

- Account data: Until you delete your account, plus 30 days for recovery
- OAuth tokens: Deleted immediately upon disconnecting a platform or deleting your account
- Transaction and billing records: 6 years (legal/tax requirement)
- API logs: 90 days rolling
- Aggregated analytics: Up to 26 months in anonymized form

We implement industry-standard security measures including:

- TLS encryption for all data in transit
- AES-256-CBC encryption for stored OAuth access tokens
- Access controls limiting who can access production systems
- Regular security reviews

No method of transmission or storage is 100% secure. We will notify affected users promptly in the event of a confirmed data breach affecting personal data.

Depending on your location, you may have the following rights regarding your personal data:

- Access: Request a copy of the data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: For any processing based on consent

To exercise any of these rights, email us at privacy@wavpost.com. We will respond within 30 days.

EU/EEA residents may also lodge a complaint with their local data protection authority.

WavPost uses a minimal set of cookies:

- Essential cookies: Required for authentication and session management. These cannot be disabled.
- Analytics: We use privacy-focused, cookieless analytics. No personal data is shared with advertising networks.

We do not use third-party advertising or tracking cookies.

WavPost is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If we become aware that we have inadvertently collected such data, we will delete it promptly. Please contact us at privacy@wavpost.com if you believe a minor has provided us with personal data.

Our service may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal data.

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or via a prominent notice in the dashboard at least 30 days before the change takes effect. Continued use of WavPost after that date constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your data rights, contact us at:

Email: privacy@wavpost.com

We aim to respond to all privacy inquiries within 30 days.