Wave2

Wave2Wave2Wave2

Wave2

Wave2Wave2Wave2
  • Platform
  • Labs
  • Our Story
  • More
    • Platform
    • Labs
    • Our Story
  • Platform
  • Labs
  • Our Story

Privacy Policy

Wave2 Privacy Policy

Effective Date: 8/1/2025

Updated: 1/16/2026


This Privacy Policy describes how Wave2.ai LLC. (“Wave2”) collects, uses and discloses information, and what choices you have with respect to the information.


1. Purpose and Scope


Wave2.ai LLC (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and security of personal information processed through our software-as-a-service platform and related services (collectively, the “Services”).


This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in a manner consistent with applicable privacy laws and the AICPA Trust Services Criteria (SOC 2). This Policy applies to customers, authorized users, website visitors, and other individuals whose information we process.


This Privacy Policy does not apply to any third-party applications or software that integrate with the Services through the Wave2 platform (“Third-Party Services”), or any other third-party products, services or businesses. The organization (e.g., your employer or another entity or person) that agreed to the MSA (“Customer”) controls its instance of the Services and any associated Service Data (the “Customer Instance”).


2. Information We Collect


Wave2 may collect, generate, and receive Service Data and other information in a variety of ways:


2.1 Account information. To create Wave2 account, Customers and individuals granted access to a Customer Instance by a Customer (“Authorized Users”) provide information required to set up the account.


Information Provided by Users

  • Name, email address, organization, and role
  • Account credentials and authentication data
  • Billing and subscription information (processed by third-party providers)
  • Communications with support or customer success
  • Configuration data and user-submitted inputs


2.2 Log data. As with most technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.


Information Collected Automatically

  • IP address, device and browser information
  • Log data, timestamps, and usage metrics
  • Security-related telemetry (e.g., failed login attempts)


2.3 Customer Service data (Controller/Processor Model). Customers and individuals granted access to a Customer Instance by a Customer (“Authorized Users”) may submit Service Data to Wave2 when using the Services. 


This information includes information submitted by or on behalf of customers. The Company acts as a data processor with respect to Customer Data and processes such data solely in accordance with customer instructions and contractual obligations.


3. How Wave2 uses Information


Customer Service Data will be used by Wave2 in accordance with the applicable MSA, Customer’s use of Services functionality, and as required by applicable law. Wave2 is a processor of Service Data and Customer is the controller.

We use personal information for the following purposes, consistent with SOC 2 principles:

  • To provide, operate, and maintain the Services (Availability)
  • To authenticate users and enforce access controls (Security)
  • To support business operations, billing, and account management
  • To monitor, detect, and respond to security events (Security & Confidentiality)
  • To improve functionality and service reliability (Processing Integrity)
  • To comply with legal and regulatory requirements

We do not sell personal information or use it for cross-context behavioral advertising.


If Information is aggregated or de-identified so that it is no longer reasonably associated with an identified or identifiable natural person, Wave2 may use it for any business purpose. 


4. Artificial Intelligence and Data Use Controls


Wave2 Services may use artificial intelligence or machine learning components to deliver product functionality.

  • Customer Data is not used to train shared or generalized AI models unless expressly agreed in writing.
  • AI processing is limited to the scope necessary to deliver contracted services.
  • Access to AI-processed data is restricted based on role and business need.
  • Outputs generated by AI systems are subject to the same security and confidentiality controls as other system data.

5. Data Access and Confidentiality Controls


We follow data access practices consistent with SOC 2 confidentiality expectations:

  • Access to systems and data is limited to authorized personnel based on least-privilege principles.
  • Access rights are reviewed periodically and adjusted upon role changes or termination.
  • Employees and contractors are subject to confidentiality obligations.
  • Customer Data is logically segregated between customers.

6. Information Sharing and Subprocessors


We may disclose personal information only as follows:

  • Authorized service providers (e.g., cloud hosting, monitoring, payment processing) operating under written agreements.
  • Subprocessors supporting service delivery, subject to due diligence and contractual safeguards.
  • Legal or regulatory authorities when required by law.
  • Corporate transactions (e.g., merger or acquisition), subject to continued protection
  • With consent. Wave2 may share Information with third parties when Wave2 has consent to do so.

A current list of subprocessors may be made available upon request.


7. Data Retention and Disposal


Service and Account information is retained only for as long as necessary to:

  • Fulfill contractual and service obligations
  • Meet legal or regulatory requirements
  • Support security monitoring and audit requirements


Customer Data retention and deletion are governed by applicable MSA, Customer's use of Services and as required by applicable law. Data is securely deleted or anonymized when no longer required.


8. Security Safeguards


We maintain an information security program aligned with SOC 2 expectations, including:

  • Logical access controls and authentication mechanisms
  • Encryption of data in transit and at rest where appropriate
  • Centralized logging and monitoring
  • Vulnerability management and patching
  • Incident response procedures

While we follow recognized security practices, no system can be guaranteed to be completely secure.


9. Incident Response and Breach Notification


We maintain documented procedures to identify, assess, and respond to security incidents. In the event of a confirmed breach involving Customer Data, we will:

  • Notify affected customers without undue delay
  • Provide relevant details to support customer obligations
  • Take corrective actions to mitigate impact and prevent recurrence


10. Privacy Rights


Depending on applicable law, individuals may have the right to:

  • Access or request copies of personal information
  • Request correction or deletion
  • Restrict or object to certain processing activities
  • Request data portability

Requests may be submitted using the contact information below. We respond within legally required timeframes.


11. International Data Transfers


Personal information may be processed in the United States or other jurisdictions where service providers operate. Appropriate safeguards are implemented to protect transferred data as required by law.


12. Children’s Privacy


The Services are intended for business use and are not directed to individuals under the age of 16. We do not knowingly collect children’s personal information.


13. Policy Governance and Updates


This Privacy Policy is reviewed periodically and updated as needed to reflect:

  • Changes in services or data practices
  • Legal or regulatory requirements
  • SOC 2 audit findings or control enhancements

Material changes will be communicated through the Services or other reasonable means.


14. Contact Information

Wave2.ai LLC

Email: connect@wave2.ai

Address: Wave2.ai LLC, PO Box 72, 326 Conshohocken State Rd, Gladwyne, PA 19035-9998

Copyright © 2026 Wave2 - All Rights Reserved.

Powered by

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept