Our Commitment
AI Wave is built with security and privacy at its core. Your brand data, campaign materials, and analytics are yours — we never use them to train models for other customers.Data Privacy
What We Collect
| Data Type | Purpose | Shared with AI Models? |
|---|---|---|
| Account info | Authentication, billing | No |
| Company info | Brand DNA, campaign context | Yes — for your campaigns only |
| Campaign data | Strategy, content, scheduling | Yes — for your campaigns only |
| Analytics data | Performance tracking, reporting | Yes — for your reports only |
| Integration tokens | Publishing to connected platforms | No |
What We Don’t Do
- Never train on your data — Your workspace data is never used to improve models for other customers
- Never sell your data — Your information is never sold to third parties
- Never access without consent — Our team only accesses your workspace for support requests you initiate
Infrastructure Security
| Measure | Implementation |
|---|---|
| Encryption in transit | TLS 1.3 for all connections |
| Encryption at rest | AES-256 for stored data |
| Authentication | Powered by Clerk with MFA support |
| OAuth tokens | Encrypted, scoped to minimum required permissions |
| Payments | Processed by Stripe (PCI DSS Level 1) |
| Hosting | Vercel (SOC 2 Type II compliant) |
| Database | Supabase (SOC 2 Type II, encrypted backups) |
Access Controls
- Role-based access — Team members only see what their role permits
- Audit logging — All actions are logged in the activity feed
- Session management — Automatic session expiry after inactivity
- SSO/SAML — Available on Enterprise plans
GDPR Compliance
AI Wave is headquartered in Barcelona, Spain, and is fully GDPR compliant:- Data processing — We process data only as necessary to provide the service
- Right to access — Request a copy of all your data at any time
- Right to deletion — Delete your account and all associated data
- Data portability — Export your data in standard formats
- DPA — Data Processing Agreement available for Enterprise customers
AI Model Usage
AI Wave uses third-party AI models (OpenAI, Google) to power its agents:| Concern | Our Approach |
|---|---|
| Model training | Your data is NOT used to train these models. We use API access with data-use opt-out agreements. |
| Data retention | AI providers do not retain your prompts or outputs beyond the API request lifecycle. |
| Model selection | We select models based on capability, speed, and privacy terms. |
Reporting Issues
If you discover a security vulnerability, please report it responsibly:- Email: security@ai-wave.co
- We acknowledge reports within 24 hours
- We do not pursue legal action against good-faith security researchers
Questions?
For any privacy or security questions, contact our team:- Privacy: privacy@ai-wave.co
- Security: security@ai-wave.co
- General: support@ai-wave.co