Privacy Policy

Last updated: April 2026

1. Data We Collect

We collect the following information:

  • Account data: name, email address, phone number, password (encrypted)
  • Booking data: dates, times, payment amounts, session history
  • Provider data: business name, boat details, availability, pricing, location
  • Usage data: pages visited, device type, browser (via Vercel Analytics — no cookies, GDPR compliant)

2. How We Use Your Data

  • Process bookings and payments
  • Send transactional notifications via email and WhatsApp (booking confirmations, reminders, cancellations)
  • Verify your identity during signup
  • Enable communication between riders and providers
  • Improve the platform and user experience

3. Communications

By creating an account, you consent to receive transactional messages related to your bookings via email and WhatsApp. These include booking confirmations, reminders, cancellation notices, and payment receipts. You may opt out of non-essential communications at any time by contacting us.

4. Data Storage and Security

Your data is stored securely on Supabase (hosted in the EU/US) with row-level security policies. Passwords are hashed and never stored in plain text. Payment data is processed by Stripe — Wavee never sees or stores your card details.

5. Third-Party Services

We share data with:

  • Stripe — payment processing
  • Supabase — database and authentication
  • Meta (WhatsApp) — transactional messages
  • Resend — email delivery
  • Vercel — hosting and analytics
  • Google Maps — location display

We do not sell your data to third parties.

6. Your Rights (GDPR)

You have the right to:

  • Access — request a copy of your data
  • Rectification — correct inaccurate data
  • Erasure — permanently delete your account and personal data
  • Portability — receive your data in a machine-readable format
  • Withdraw consent — opt out of non-essential communications

To exercise these rights, contact us at privacy@wavee-ai.com

7. Data Retention

We retain your data for as long as your account is active. After account deletion, personal data is removed within 30 days. Anonymised booking records may be retained for legal and accounting purposes.

8. Cookies

Wavee uses only essential cookies for authentication session management. We do not use tracking cookies or advertising cookies. Vercel Analytics is cookie-free and GDPR compliant.

9. Contact

For privacy-related inquiries, contact us at privacy@wavee-ai.com