Privacy policy

Last update:
May 1, 2025

WAVEE – PRIVACY POLICY

This Privacy Policy explains how Wave Ai Ltd (“Wavee”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data when you use:

  • The Wavee Resident App
  • The Wavee Concierge & Building Portal
  • The Wavee Business Portal
  • The Wavee Pets App
  • Our websites and digital services
    (together, the “Platform”)

This Policy applies to all users, including residents, concierge and building staff, business users, pet owners, and service providers.

We comply with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018

1. Who We Are

Wavee is operated by:

Wave Ai Ltd
United Kingdom
Company Number: 16238277
Email: privacy@wavee.ai

Wavee provides technology that connects residents, concierge teams, buildings, local businesses, and pet communities.

2. Roles Under Data Protection Law

Depending on how the Platform is used, Wavee acts as:

  • Data Controller for:
    • Resident accounts
    • Concierge and building portal access
    • Business Portal accounts
    • Wavee Pets accounts
    • Platform messaging, forums, and community features
  • Data Processor where we process data strictly on documented instructions of building operators (for example, where concierge teams use the Portal to manage resident records)

Business Users as Independent Data Controllers

Where a resident transacts directly with a business (for example through bookings, payments, click & collect, or messaging):

  • The business acts as an independent data controller for customer transaction data
  • Wavee is not responsible for how businesses store, use, or process customer data outside the Platform
  • Businesses are responsible for their own GDPR compliance

3. What Data We Collect

A. Resident & User Account Data

  • Name
  • Email address
  • Phone number
  • Building name and unit reference
  • Profile photo (optional)
  • Notification preferences

B. Concierge & Building Staff Data

  • Staff name and role
  • Login credentials
  • Activity and audit logs
  • Operational communications

C. Business Account Data

  • Business name, address, and contact details
  • Business descriptions and promotions
  • Listings, menus, pricing
  • Staff access accounts
  • Customer communications through the Platform

D. Transaction & Booking Data

  • Order and booking records
  • Click & collect confirmations
  • Payment references (no card numbers stored by Wavee)
  • Refund and cancellation history

E. Messaging & Community Data

  • Resident chat messages
  • Concierge announcements
  • Business–resident communications
  • Reviews and feedback

F. Technical & Usage Data

  • IP address
  • Device identifiers
  • App usage logs
  • Crash diagnostics
  • Cookie identifiers (subject to consent)

G. Pet Community Data (Wavee Pets)

  • Pet names and profiles
  • Pet photos and diary entries
  • Service bookings and interactions

4. How We Use Your Data

We use personal data to:

  • Create and manage user accounts
  • Enable building communications and concierge services
  • Operate the Business Portal and Wavee Pets
  • Process bookings, reservations, and click & collect requests
  • Enable resident–business communications
  • Provide customer support
  • Monitor security and prevent fraud
  • Improve system performance and user experience
  • Send important service notifications
  • Send marketing communications where consent is given

We do not sell personal data.

5. Lawful Bases for Processing

We process personal data under one or more of the following legal bases:

  • Contractual necessity – to provide Platform services
  • Legal obligation – tax, fraud prevention, regulatory duties
  • Legitimate interests – security, analytics, service improvements
  • Consent – marketing, optional cookies, and analytics

6. Building & Business Responsibility for Data

Buildings

Building operators and concierge teams are responsible for:

  • Accuracy of resident records
  • Staff access rights
  • Internal security procedures
  • Timely removal of vacated residents and staff

Wavee is not responsible for incorrect approvals or delayed removals.

Businesses

Businesses are responsible for:

  • Customer order data
  • Booking records
  • Customer communications outside the Platform
  • Compliance with their own marketing and retention laws

7. How We Share Data

We may share data:

  • With building operators and concierge teams (for building operations)
  • With payment processors (for transactions)
  • With cloud hosting providers and infrastructure partners
  • With analytics providers (subject to consent)
  • With law enforcement where required by law

We never sell personal data.

8. International Data Transfers

Where data is transferred outside the UK:

  • Approved safeguards such as Standard Contractual Clauses (SCCs) are used
  • Equivalent data protection standards are applied

9. Data Security

We apply appropriate technical and organisational security measures, including:

  • Encrypted transmission and storage
  • Role-based access control
  • Segregated data environments
  • Secure cloud hosting
  • System monitoring and intrusion detection
  • Regular vulnerability testing

No digital system can be guaranteed 100% secure, but we adopt proportionate safeguards appropriate to the risk.

10. Data Retention

Personal data is retained in accordance with our Data Retention Policy, including:

  • Account data – for the duration of the account
  • Communications – typically up to 12 months
  • Transaction and finance records – up to 6 years
  • Backups – up to 90 days

11. Children’s Data

Wavee services are not intended for anyone under 16.
We do not knowingly collect data from children.

12. Cookies & Tracking

We use cookies and similar technologies as described in our Cookie Policy.
You can control cookie preferences through your browser and consent tools.

13. Your Rights Under UK GDPR

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to certain processing
  • Data portability
  • Withdraw consent at any time

Requests should be sent to:

privacy@wavee.ai

We respond within 30 days.

14. Data Breach Procedures

In the event of a confirmed personal data breach:

  • We investigate immediately
  • We notify the ICO where legally required
  • We notify affected users where there is a high risk

15. Third-Party Links & Services

Wavee may link to third-party services. We are not responsible for their privacy practices.

16. Changes to This Policy

We may update this Privacy Policy to reflect:

  • Legal changes
  • New platform features
  • Security improvements

The “Last Updated” date will always reflect the current version.

17. Contact

For all privacy-related requests and enquiries:

privacy@wavee.ai