Wavly Privacy Policy

Last updated: Jan 22, 2026

Wavly (“Wavly,” “we,” “us,” or “our”) provides a B2B platform that helps teams activate and manage employee participation in company content and communications. This Privacy Policy explains how we collect, use, and share information when you use Wavly.

Wavly Privacy Policy

Last updated: January 22, 2026

1. Who this policy applies to

This policy applies to:

Visitors to our website
Customer administrators who manage Wavly for an organization
End users (for example, employees) who use Wavly through their organization

If you use Wavly through your employer or another organization, that organization may control how your data is used within Wavly.

2. Information we collect

Information you provide

Name, work email address, role, and organization
Profile information you choose to add
Content, comments, approvals, or messages you create in Wavly
Support requests and communications

Information collected automatically

Usage data such as features used, actions taken, and timestamps
Device and browser information
Log data and basic analytics
Content and activity generated within Wavly (for example drafts, approvals, participation actions)
Integration-related metadata (for example delivery status, timestamps)

Session and authentication data, including login timestamps, session duration, and authentication method used (such as Google, GitHub, Apple, X, or email). Sessions are stored securely in our database, with secure HTTP-only cookies used to maintain authentication state.

Security-related events such as login attempts, authentication flows, API requests, and administrative actions. These events are logged with timestamps, request details, and relevant context to support security monitoring, rate limiting enforcement, and audit requirements.

Gamification and engagement data, including points earned, streak counts, leaderboard rankings, content submissions, and scheduled post information to power the platform's engagement features.

Information from integrations

If you connect third-party services, we may receive information from them to provide the service:

LinkedIn: account connection data and limited post or publishing metadata, based on your permissions
Microsoft services (for example Teams or email): notification delivery and basic account identifiers
We do not access private messages or credentials for these services.

Wavly uses automated and AI-assisted systems, including OpenAI, to analyze content and activity within the platform. This includes sentiment analysis, risk scoring, and content guidance to support governance, safety, and participation quality. AI processing happens server-side when content is submitted or reviewed. AI-assisted processing does not publish content or take actions on a user's behalf without user initiation.

3. How we use information

We use information to provide, operate, and maintain Wavly. This includes enabling content workflows, notifications, approvals, and other core functionality, as well as supporting employer governance, reporting, and administrative features.

We use information to communicate with users and administrators about the service, including sending transactional emails and in-product notifications, such as when content is shared or boosted within an organization.

We use information to operate, analyze, and improve the service. This includes understanding usage patterns, troubleshooting issues, developing new features, maintaining reliability and performance, and protecting against misuse, fraud, or security incidents.

We process payments and manage billing through our payment provider, Stripe, including creating checkout sessions, tracking subscription status, and maintaining invoice records. Wavly does not store full payment card details.

4. Employer and admin access

Wavly is designed to support participation and governance, not private monitoring. Administrators can access activity and participation data generated within Wavly, but Wavly does not access private messages or personal social content outside actions taken through the platform.

5. How we share information

We share information with third-party service providers that help us operate and improve Wavly. This includes providers for hosting, analytics, email delivery, authentication, and customer support. These providers process information only on our behalf and in accordance with our instructions.

If you choose to connect third-party integrations, we share information with those services at your direction in order to perform the actions you request. The information shared depends on the integration and your settings.

When Wavly is used through an organization, authorized administrators may access information related to user activity, participation, and content generated within the platform, as described elsewhere in this policy.

We may also share information if required to comply with applicable laws, legal processes, or governmental requests, or to protect the rights, safety, and security of Wavly, our users, or others. In addition, information may be disclosed in connection with a business transaction such as a merger, acquisition, or sale of assets.

Billing and subscription management are handled through our payment processor, Stripe. Payment information is processed directly by Stripe, and Wavly does not store full payment card details.

6. Data hosting and subprocessors

Wavly is hosted using Replit’s managed cloud infrastructure, which provides the compute, storage, networking, and security resources required to operate and scale the service. Replit operates on top of major cloud infrastructure providers and abstracts underlying server management from application developers.

In addition, we use a limited number of third-party service providers to support the operation of Wavly, such as providers for:

Authentication and identity: Replit Auth (supporting Google, GitHub, Apple, X, and email sign-in)
AI and content analysis: OpenAI (for sentiment analysis and content risk scoring)
Payment processing: Stripe (for billing, subscriptions, and invoices)
Email delivery: Resend (for transactional notifications such as content boosts)
Application hosting: Replit, operating on cloud infrastructure
Database: PostgreSQL, hosted via Replit's managed database service

These providers process data only on our instructions and for the purposes described in this Privacy Policy. A current list of subprocessors is available upon request.

7. Data retention

We retain information while your organization’s account is active and as needed to provide the service. When an account is closed, we delete or anonymize data within a reasonable period, subject to legal or operational requirements. If an end user leaves an organization, their access may be removed by the organization’s administrator, and their data will be retained in accordance with the organization’s account settings and this policy.

8. Security

We use reasonable technical and organizational measures to protect information, including access controls, encrypted connections, and secure session handling. Sessions automatically expire after periods of inactivity. We support two-factor authentication (2FA) using authenticator apps for additional account protection. Security-related actions are logged for audit purposes, with sensitive information automatically redacted from logs. Rate limiting is applied to authentication endpoints to protect against abuse.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, or delete your personal information. End users should first contact their organization’s administrator. You may also contact us directly at the email below.

10. Children’s privacy

Wavly is not intended for children under 13, and we do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the date above.

12. Contact us

If you have questions about this Privacy Policy, contact us at: contact@getwavly.com

1. Who this policy applies to

This policy applies to:

Visitors to our website
Customer administrators who manage Wavly for an organization
End users (for example, employees) who use Wavly through their organization

If you use Wavly through your employer or another organization, that organization may control how your data is used within Wavly.

2. Information we collect

Information you provide

Name, work email address, role, and organization
Profile information you choose to add
Content, comments, approvals, or messages you create in Wavly
Support requests and communications

Information collected automatically

Usage data such as features used, actions taken, and timestamps
Device and browser information
Log data and basic analytics

Information from integrations

If you connect third-party services, we may receive information from them to provide the service:

LinkedIn: account connection data and limited post or publishing metadata, based on your permissions
Microsoft services (for example Teams or email): notification delivery and basic account identifiers
We do not access private messages or credentials for these services.

3. How we use information

We use information to:

Provide and operate Wavly
Enable content workflows, notifications, and approvals
Support employer governance and reporting features
Improve product performance and reliability
Communicate with you about the service
Maintain security and prevent misuse

We do not sell personal data.

4. Employer and admin access

If you use Wavly through an organization, authorized administrators may be able to see information related to your use of the platform, such as participation activity, content actions, and usage metrics. Your organization’s use of Wavly is governed by its own internal policies.

5. How we share information

We may share information:

With service providers that help us operate Wavly (for example hosting, analytics, and email delivery)
With integrated services at your direction
With your organization’s authorized administrators
If required by law or to protect rights and safety
In connection with a business transaction such as a merger or acquisition

6. Data hosting and subprocessors

Our core application infrastructure is deployed on Microsoft Azure, the cloud platform developed and operated by Microsoft Corporation, which manages a global network of secure data centers providing compute, storage, networking, and platform services.

Azure supports our application’s core services and enables scalable, enterprise-grade hosting with redundancy and compliance capabilities.

Wavly’s application code and web services are currently provisioned via Replit’s cloud deployment environment, which can run applications on cloud infrastructure and is integrated with Azure for enterprise-level deployments.

Other subprocessors we may use to deliver and operate the service, we also use additional third-party providers for:

Identity and authentication
Analytics and monitoring
Notifications and messaging
Email delivery and customer support

We maintain a list of subprocessors that process personal data on our behalf. A current list of subprocessors can be provided upon request.

7. Data retention

8. Security

We use reasonable technical and organizational measures to protect information, including access controls and encryption where appropriate. No system is 100 percent secure.

9. Your rights and choices

10. Children’s privacy

Wavly is not intended for children under 13, and we do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the date above.

12. Contact us

If you have questions about this Privacy Policy, contact us at:
privacy@wavly[dot]com