Privacy Policy
Effective Date: April 15, 2026 | Last Updated: April 15, 2026
This Privacy Policy describes how Adwave Inc. (“Adwave,” “we,” “us,” or “our”) collects, uses, shares, and protects your information when you use the Wavemaker platform (“Service”). By using the Service, you consent to the practices described in this policy.
1. Introduction
Adwave operates Wavemaker, an AI-powered video generation platform. This policy applies to all users of the Service, including the web application, API, and MCP endpoint.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address for authentication, communications, and account recovery
- Name as a display name within the platform
- Password, stored securely using industry-standard hashing (we never store plaintext passwords)
2.2 Organization Information
If you create or join an organization, we collect the organization name, billing contact information, and team member email addresses for invitations.
2.3 Content You Provide
When using the Service, you may provide:
- Text prompts describing videos you want to create
- Uploaded files including images, videos, and audio (subject to size limits)
- URLs submitted for content analysis
2.4 Generated Content
The Service generates and stores videos, images, voiceover audio, music, composition data, voice profiles, and visual reference data.
2.5 Usage & Technical Data
We automatically collect session metadata, generation history, timestamps, credits consumed, IP address, browser type, and device information from standard HTTP headers.
2.6 Payment Information
Payment processing is handled entirely by Stripe. We do not store credit card numbers or full payment details. We store only the identifiers necessary to manage your subscription and billing status.
3. How We Use Your Information
We use the information we collect to:
- Deliver the Service by processing your prompts, generating videos, and rendering exports
- Process payments by managing subscriptions, credits, and billing through Stripe
- Generate content by sending prompts and assets to third-party AI providers (see Section 4)
- Maintain accounts by authenticating users, managing team access, and handling support
- Enforce terms by detecting abuse, enforcing rate limits, and applying usage policies
- Improve the Service by analyzing aggregate, anonymized usage patterns (we do not use individual prompts or content for training or improvement)
4. How We Share Your Information
4.1 Third-Party AI Service Providers
To generate videos, your content is processed by third-party AI service providers. This may include your text prompts, uploaded media, or URLs. These providers process your content in real time solely to deliver the Service.
We do not develop, train, or operate our own AI models. All AI processing is performed by third-party providers.
4.2 AI Provider Data Practices
We do not train AI models on your content. Your content is sent to third-party providers solely for real-time service delivery. The major AI providers we work with have their own data handling policies. Contact us at privacy@adwave.com for a current list of our AI sub-processors and links to their privacy policies.
4.3 Payment Processing
Payment data is shared with Stripe for subscription management, credit purchases, and invoicing. Stripe’s privacy policy governs their handling of payment information.
4.4 Infrastructure
Your data is hosted on cloud infrastructure provided by Cloudflare. Cloudflare’s privacy policy applies to their handling of infrastructure data.
4.5 Legal Requirements
We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Adwave, our users, or the public.
4.6 What We Do NOT Do
- Sell your personal information to third parties
- Share your content with other users (unless you explicitly make it public via gallery features)
- Use your individual prompts or content to train or improve AI models
- Share data with advertisers
5. Data Storage & Security
5.1 Security Measures
- Passwords are securely hashed before storage
- API keys are hashed; the plaintext is shown only once at creation
- Authentication tokens expire after a limited period
- All data in transit is encrypted via HTTPS/TLS
- Data at rest is protected by our infrastructure provider’s encryption
5.2 Data Residency
Data may be stored and processed in any region where our infrastructure provider operates. AI provider processing occurs primarily in the United States. We do not currently offer data residency guarantees.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (email, name) | Duration of account; deleted upon request |
| Organization data | Duration of organization; deleted when dissolved |
| Uploaded files | 7 days, then automatically deleted |
| Generated media (images, video, audio) | Linked to composition lifecycle; deleted with composition |
| Compositions | Retained while account is active |
| Usage logs | Retained for billing purposes while account is active |
| API keys | Until revoked by user or account deletion |
| Payment records | Per Stripe’s retention policy |
After account termination, data is retained for 30 days to allow export, then permanently deleted.
7. Your Rights
7.1 All Users
You have the right to:
- Access your personal data and generated content
- Correct inaccurate account information
- Delete your account and associated data
- Export your compositions and generated content
- Revoke API keys at any time
7.2 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know what personal information is collected, used, and shared
- Right to Delete your personal information
- Right to Opt-Out of Sale (we do not sell personal information)
- Right to Non-Discrimination for exercising these rights
7.3 EU/EEA Residents (GDPR)
If you are located in the EU/EEA:
- Lawful Basis: We process your data under contract performance (delivering the Service) and legitimate interest (security, fraud prevention)
- Right to Portability: Request your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interest
- Right to Restrict Processing: Request restriction in certain circumstances
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise any of these rights, contact us at privacy@adwave.com.
8. Cookies & Local Storage
Wavemaker uses minimal client-side storage:
- Authentication token stored in the browser for session management, not shared with third-party domains
- No third-party tracking cookies. We do not currently use third-party analytics, advertising pixels, or tracking cookies
This section will be updated if we add analytics or tracking in the future.
9. Children’s Privacy
The Service is not directed at children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If we learn that a child has provided us with personal information, we will take steps to delete it promptly.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions as applicable.
11. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days’ notice via email or through a notice within the Service. Continued use after the effective date constitutes acceptance.
12. Contact
For questions, concerns, or requests:
Email: privacy@adwave.com
Adwave Inc.
For GDPR-related inquiries, you may also contact your local data protection authority.