Legal

    Privacy Policy

    Last updated: January 22, 2025

    Wave Runner Media LLC ("Wave Runner," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the WaveRunner AI platform ("Platform"), visit our website, or interact with our services.

    1. Scope and Applicability

    This Privacy Policy applies to all users of the WaveRunner AI platform, including individuals who:

    • Visit our website or marketing pages
    • Create an account or subscribe to our services
    • Use our AI voice agent, workflow automation, or communication tools
    • Interact with AI agents deployed by our customers
    • Contact us for support or inquiries

    2. Role Under Data Protection Laws

    Wave Runner acts as a Data Controller for personal data related to account management, billing, website usage, and marketing activities.

    Wave Runner acts as a Data Processor when processing customer content (such as call recordings, transcripts, messages, and workflow data) on behalf of our customers, who remain the Data Controllers of that content.

    3. What Information Do We Collect?

    Information You Provide

    • Account information (name, email, phone number, company name)
    • Billing and payment information
    • Content you create or upload (AI agent configurations, scripts, workflows)
    • Communications with our support team
    • Survey responses and feedback

    Information Collected Automatically

    • Device and browser information (IP address, browser type, operating system)
    • Usage data (pages visited, features used, time spent on platform)
    • Call and conversation data (recordings, transcripts, metadata) when using our AI voice agents
    • Log data and analytics
    • Cookies and similar tracking technologies

    Information from Third Parties

    • Integration data from connected services (CRMs, calendars, communication platforms)
    • Payment processor information
    • Business information from data enrichment services

    4. How Do We Use The Information We Collect?

    We use your information to:

    • Provide and maintain our services
    • Process transactions and send related information
    • Send administrative communications (service updates, security alerts)
    • Respond to your inquiries and provide customer support
    • Improve and optimize our platform and services
    • Develop new features and functionality
    • Send marketing communications (with your consent where required)
    • Detect and prevent fraud, abuse, or security incidents
    • Comply with legal obligations

    5. Do We Share Your Personal Information?

    We may share your information with:

    • Service Providers: Third-party vendors who assist in operating our platform (hosting, payment processing, analytics, customer support)
    • Integration Partners: Services you choose to connect (CRMs, calendars, etc.) as directed by you
    • Legal Requirements: When required by law, subpoena, or legal process
    • Business Transfers: In connection with a merger, acquisition, or sale of assets
    • With Your Consent: For any other purpose disclosed at the time of collection

    A list of our current subprocessors is available at waverunnerai.com/subprocessors.

    6. Cookies & Tracking Technologies

    We use cookies and similar technologies to enhance your experience, analyze usage patterns, and deliver targeted advertising. Types of cookies we use include:

    • Essential Cookies: Required for basic platform functionality
    • Analytics Cookies: Help us understand how visitors interact with our website
    • Advertising Cookies: Used to deliver relevant ads and track campaign performance
    • Preference Cookies: Remember your settings and preferences

    Specific Tracking Technologies

    RB2B and Vector: We use RB2B and Vector for B2B visitor identification and lead enrichment. These services may identify business visitors based on IP address and publicly available business information. This data is used solely for business-to-business marketing purposes. If you wish to opt out of this tracking, you may contact us or use browser-based opt-out mechanisms.

    Microsoft Clarity and Microsoft Advertising: We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products and services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products and services and online activity. Additionally, we use this information for site optimization, fraud and security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

    EEA Cookie Consent

    For users located in the European Economic Area, non-essential cookies (including analytics, advertising, and enrichment technologies) are only set after you provide explicit consent through our cookie consent banner or preference manager.

    You can manage cookie preferences through your browser settings or our cookie preference center.

    7. How Do We Secure Your Personal Information?

    We implement industry-standard security measures to protect your personal information, including encryption in transit and at rest, access controls, regular security assessments, and secure development practices. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

    8. Data Retention & Storage

    We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider the nature of the data, our legitimate business needs, and applicable legal requirements.

    Example retention periods include:

    • Account data: Retained while the account is active
    • Call recordings and transcripts: 90 days by default, or deleted upon request
    • Logs and analytics data: Up to 12 months for security, troubleshooting, and performance monitoring

    Your data is stored on servers provided by DigitalOcean, located in the United States. For users in the European Economic Area (EEA), data transfers to the United States are conducted in compliance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required.

    9. Your Data Subject Rights

    Depending on your location, you may have rights regarding your personal information:

    GDPR Rights (EEA Residents)

    • Right of Access: Request a copy of your personal data
    • Right to Rectification: Request correction of inaccurate data
    • Right to Erasure: Request deletion of your data ("right to be forgotten")
    • Right to Restriction: Request limited processing of your data
    • Right to Data Portability: Receive your data in a portable format
    • Right to Object: Object to processing based on legitimate interests or direct marketing
    • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
    • Right to Lodge a Complaint: File a complaint with your local data protection authority

    CCPA Rights (California Residents)

    • Right to know what personal information is collected
    • Right to request deletion of personal information
    • Right to opt-out of the sale of personal information
    • Right to non-discrimination for exercising privacy rights

    Nevada Residents

    Nevada residents may opt out of the sale of covered information under Nevada law.

    To exercise any of these rights, please contact us at privacy@waverunnerai.com.

    10. How We Respond to Do Not Track Signals

    Some browsers offer a "Do Not Track" (DNT) feature. We currently do not respond to DNT signals because there is no industry-standard interpretation. However, you can manage tracking preferences through our cookie settings.

    11. Children Under 16

    Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will take steps to delete it promptly.

    12. Region-Specific Disclosures

    California

    Under the CCPA, California residents have specific rights regarding their personal information. We do not sell personal information as defined by the CCPA. For details on the categories of information collected and our data practices, see the sections above.

    Nevada

    We do not sell covered information as defined under Nevada law. Nevada residents may submit opt-out requests to privacy@waverunnerai.com.

    European Economic Area (EEA)

    If you are located in the EEA, we process your data under lawful bases including consent, contract performance, legitimate interests, and legal obligations. You have additional rights under GDPR as described above.

    13. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also provide additional notice (such as email notification).

    14. Contact Us

    If you have questions about this Privacy Policy or our data practices, please contact us: