Privacy policy

Last update:

May 1, 2025

WAVEE – PRIVACY POLICY

This Privacy Policy explains how Wave Ai Ltd (“Wavee”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data when you use:

The Wavee Resident App
The Wavee Concierge & Building Portal
The Wavee Business Portal
The Wavee Pets App
Our websites and digital services

(together, the “Platform”)

This Policy applies to all users, including residents, concierge and building staff, business users, pet owners, and service providers.

We comply with:

The UK General Data Protection Regulation (UK GDPR)
The Data Protection Act 2018
The Australian Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs), where applicable

1. Who We Are

Wavee is operated by:

Wave Ai Ltd
United Kingdom
Company Number: 16238277
Email: privacy@wavee.ai

Wavee provides technology that connects residents, concierge teams, buildings, local businesses, and pet communities.

2. Roles Under Data Protection Law

Depending on how the Platform is used, Wavee acts as:

Data Controller for:

Resident accounts
Concierge and building portal access
Business Portal accounts
Wavee Pets accounts
Platform messaging, forums, and community features

Data Processor

Where we process data strictly on documented instructions of building operators (for example, where concierge teams use the Portal to manage resident records)

Business Users as Independent Data Controllers

Where a resident transacts directly with a business (for example through bookings, payments, click & collect, or messaging):

The business acts as an independent data controller for customer transaction data
Wavee is not responsible for how businesses store, use, or process customer data outside the Platform
Businesses are responsible for their own GDPR compliance and applicable privacy law obligations, including Australian privacy law where relevant

3. What Data We Collect

A. Resident & User Account Data

Name
Email address
Phone number
Building name and unit reference
Profile photo (optional)
Notification preferences

B. Concierge & Building Staff Data

Staff name and role
Login credentials
Activity and audit logs
Operational communications

C. Business Account Data

Business name, address, and contact details
Business descriptions and promotions
Listings, menus, pricing
Staff access accounts
Customer communications through the Platform

D. Transaction & Booking Data

Order and booking records
Click & collect confirmations
Payment references (no card numbers stored by Wavee)
Refund and cancellation history

E. Messaging & Community Data

Resident chat messages
Concierge announcements
Business–resident communications
Reviews and feedback

F. Technical & Usage Data

IP address
Device identifiers
App usage logs
Crash diagnostics
Cookie identifiers (subject to consent)

G. Pet Community Data (Wavee Pets)

Pet names and profiles
Pet photos and diary entries
Service bookings and interactions

4. How We Use Your Data

We use personal data to:

Create and manage user accounts
Enable building communications and concierge services
Operate the Business Portal and Wavee Pets
Process bookings, reservations, and click & collect requests
Enable resident–business communications
Provide customer support
Monitor security and prevent fraud
Improve system performance and user experience
Send important service notifications
Send marketing communications where consent is given

We do not sell personal data.

5. Lawful Bases for Processing

We process personal data under one or more of the following legal bases:

Contractual necessity – to provide Platform services
Legal obligation – tax, fraud prevention, regulatory duties
Legitimate interests – security, analytics, service improvements
Consent – marketing, optional cookies, and analytics

6. Building & Business Responsibility for Data

Buildings

Building operators and concierge teams are responsible for:

Accuracy of resident records
Staff access rights
Internal security procedures
Timely removal of vacated residents and staff

Wavee is not responsible for incorrect approvals or delayed removals.

Businesses

Businesses are responsible for:

Customer order data
Booking records
Customer communications outside the Platform
Compliance with their own marketing and retention laws and applicable privacy legislation

7. How We Share Data

We may share data:

With building operators and concierge teams (for building operations)
With payment processors (for transactions)
With cloud hosting providers and infrastructure partners
With analytics providers (subject to consent)
With law enforcement where required by law

We never sell personal data.

8. International Data Transfers

Where data is transferred outside the UK:

Approved safeguards such as Standard Contractual Clauses (SCCs) are used
Equivalent data protection standards are applied

Where users are located in Australia, personal information may be transferred overseas, including to the United Kingdom and European Union. We take reasonable steps to ensure overseas recipients handle personal information in accordance with applicable privacy laws and maintain appropriate safeguards.

9. Data Security

We apply appropriate technical and organisational security measures, including:

Encrypted transmission and storage
Role-based access control
Segregated data environments
Secure cloud hosting
System monitoring and intrusion detection
Regular vulnerability testing

No digital system can be guaranteed 100% secure, but we adopt proportionate safeguards appropriate to the risk.

10. Data Retention

Personal data is retained in accordance with our Data Retention Policy, including:

Account data – for the duration of the account
Communications – typically up to 12 months
Transaction and finance records – up to 6 years
Backups – up to 90 days

11. Children’s Data

Wavee services are not intended for anyone under 16.

We do not knowingly collect data from children.

12. Cookies & Tracking

We use cookies and similar technologies as described in our Cookie Policy.

You can control cookie preferences through your browser and consent tools.

13. Your Rights Under UK GDPR and Applicable Privacy Laws

You have the right to:

Access your data
Correct inaccurate data
Request deletion
Restrict processing
Object to certain processing
Data portability
Withdraw consent at any time

Users located in Australia may also request access to or correction of their personal information under the Australian Privacy Act 1988 (Cth).

Requests should be sent to:

privacy@wavee.ai

We respond within 30 days.

14. Data Breach Procedures

In the event of a confirmed personal data breach:

We investigate immediately
We notify the ICO where legally required
We notify affected users where there is a high risk
Where required by applicable law, we also notify relevant regulators or individuals in other jurisdictions, including Australia

15. Third-Party Links & Services

Wavee may link to third-party services. We are not responsible for their privacy practices.

16. Changes to This Policy

We may update this Privacy Policy to reflect:

Legal changes
New platform features
Security improvements

The “Last Updated” date will always reflect the current version.

17. Contact

For all privacy-related requests and enquiries: