WaveAlign Logo

Privacy Policy

Last Updated: October 30, 2025

Data Controller

WaveAlign
Email: contact@wavealign.com

Note on Children

Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal data from minors.

1. Introduction

Welcome to WaveAlign. We are committed to protecting your privacy and handling your personal data in a transparent and secure manner. This Privacy Policy describes how we collect, use, and share your personal data when you:

  • Visit our website (the "Site")
  • Use our desktop application (the "App")

Important Note for Beta Users: During the beta testing period, data collection is mandatory for desktop application users to help us improve the software. Full privacy controls will be available in the final release.

Please read this policy carefully. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

2.1 Website Data Collection

Anonymous Analytics (No Consent Required) We use anonymous analytics (PostHog) to understand basic website usage patterns without identifying individual users. This operates without cookies or persistent storage and collects:

  • Page views and navigation: Which pages you visit and how you navigate our Site
  • Traffic sources: UTM parameters and referrer information to understand how you found us (e.g., from search engines, social media, or advertising campaigns)
  • Device and browser information: Browser type, operating system, screen resolution, and user agent string
  • Approximate location: City and country derived from your IP address
  • Session data: A temporary, anonymous session identifier that changes daily and cannot identify you across different days or sessions

How it works: PostHog generates a privacy-preserving hash on our servers using your IP address, user agent, and a daily salt that is deleted after processing. This hash cannot be reversed to identify you and changes every day, meaning each day you visit appears as a new anonymous user. Legal Basis: Legitimate Interest in understanding website usage patterns and measuring marketing effectiveness.

Consent-Based Analytics (Requires Consent) If you accept analytics cookies through our cookie consent banner, we upgrade to persistent tracking which provides:

  • Cross-session identification: Recognition of you across multiple visits to our Site
  • User journey tracking: Understanding your behavior over time
  • Advanced analytics: Feature flag assignments, A/B testing, and detailed interaction tracking
  • Persistent identifiers: PostHog distinct IDs stored in cookies/local storage

This enhanced tracking collects the same data types as anonymous analytics, but with persistent identifiers that allow us to recognize you on return visits. Legal Basis: Consent (GDPR Article 6(1)(a))

Information You Provide:

  • Email Address: When you sign up for our beta program through the provided form
  • Marketing Consent: Whether you have provided explicit consent to receive marketing communications
  • Server Logs: Our hosting provider automatically collects standard server logs, which may include your IP address, browser type, page requests, and timestamps

2.2 Advertising and Marketing Technologies

We use advertising pixels and cookies from third-party platforms to measure the effectiveness of our marketing campaigns and deliver relevant advertising. These services may collect information about your visit to our website and your interactions with our ads.

Cookie Consent Requirement: Before any advertising technologies are activated, you will see a cookie consent banner asking for your explicit permission. You can choose to:

  • Accept all cookies (analytics + advertising)
  • Accept only essential cookies (advertising disabled)
  • Customize your preferences

Advertising pixels will only be activated if you provide explicit consent through this banner.

Platforms we use:

  • Google Ads (Conversion tracking and remarketing)
  • Meta Pixel (Facebook/Instagram advertising)
  • TikTok Pixel (TikTok advertising)

What they collect:

  • Your IP address
  • Browser type and version
  • Pages you visit on our website
  • Whether you arrived from one of our advertisements
  • Actions you take (e.g., signing up for our beta program)
  • Device identifiers and advertising IDs

How we use this data:

  • Measure conversion rates from our advertising campaigns
  • Show you relevant ads on Google, Facebook, Instagram, and TikTok
  • Create audiences of similar users who might be interested in waveAlign
  • Optimize our advertising spend

Your choices: You can opt out of personalized advertising:

2.3 Desktop Application Data Collection

During the beta testing period, data collection is mandatory for all users to help us improve the application. By using the beta version, you agree to this data collection.

Application Metadata:

  • App Version: Retrieved from application initialization
  • App Lifecycle Events: When the app starts (app_opened), closes (app_closed), and when analytics consent is granted (analytics_consent_accepted)

User Interface Interactions:

  • Button Clicks: Process button interactions (start/cancel actions), feedback button clicks, settings dialog openings
  • Settings Changes: Target loudness adjustments with previous and new values
  • Path Selections: Length (character count) of selected input paths, output paths, and backup paths (actual file paths are never collected)
  • Dead Click Tracking: Clicks on disabled interface elements for user experience analysis, including element identifiers

Audio Processing Data (Per Track): For each processed audio file, we collect:

  • File Extension: .mp3, .wav, .flac, .aiff, .aif - no other information about the processed file
  • Loudness Measurements: Original and adjusted loudness values (LUFS), original and adjusted peak values (dB)
  • Processing Status: Whether tracks were skipped due to clipping, caching, unsupported format, or processing errors

Technical Data Collected Automatically (via PostHog):

  • System Information: Operating system and version, browser engine details, device type
  • Network Data: IP address and approximate geographic location (city, country, timezone) derived from IP address
  • Display Information: Screen resolution and viewport/window dimensions
  • Session Data: Pseudonymous session and device identifiers for analytics correlation
  • Library Information: PostHog SDK version and configuration details

Privacy Safeguards in Desktop App:

  • Only file extensions are collected, never full file paths or file names
  • Only path lengths collected, not actual directory structures
  • Identifiers are pseudonymous (randomly generated, not personally identifiable)
  • Geographic data is approximate (city-level, derived from IP address)
  • Data collection limited to supported audio formats only
  • Beta Period: Data collection is required for beta participation to help us improve the application

3. How We Use Your Data (Purpose and Legal Basis)

3.1 Website Data Usage

To Analyze Site Usage, Measure Marketing Effectiveness, and Improve the Site (Anonymous Analytics - No Consent Required):

  • Purpose: Understand basic website traffic patterns, measure effectiveness of marketing campaigns (including UTM parameters from advertising sources), identify popular content, and optimize website performance
  • Legal Basis: Legitimate Interest in understanding how our website is used and measuring the return on our marketing investments
  • Data Processing: PostHog processes this data using anonymous, non-persistent identifiers that cannot track you across different days

To Enable Advanced Analytics and Cross-Session Tracking (Consent-Based):

  • Purpose: Recognize returning visitors, analyze user journeys over time, perform A/B testing, and deliver personalized feature experiences
  • Legal Basis: Your explicit Consent, obtained through the analytics consent banner
  • Data Processing: PostHog stores persistent identifiers in cookies/local storage only when you have consented

To Process Your Beta Signup:

  • Purpose: Add you to our beta waiting list and manage your request to join the beta program
  • Legal Basis: Necessary to take steps at your request prior to entering a contract or our Legitimate Interest in managing our beta program

To Send You Marketing Communications:

  • Purpose: Inform you about WaveAlign beta launch, provide updates, and send marketing information
  • Legal Basis: Your explicit Consent, obtained through the checkbox on the signup form

To Analyze Site Usage and Improve the Site:

  • Purpose: Understand how visitors use our Site, measure traffic, analyze user flows, identify popular content, and measure effectiveness of features
  • Legal Basis: Your explicit Consent, obtained through the analytics consent banner

3.2 Desktop Application Data Usage

To Improve Application Performance and User Experience (Beta Period):

  • Purpose: Understand how users interact with the application, identify usability issues, measure feature effectiveness, and optimize the user interface during beta testing
  • Legal Basis: Necessary for the performance of our beta testing agreement with you, and our Legitimate Interest in developing and improving our software

To Enhance Audio Processing Features (Beta Period):

  • Purpose: Analyze processing patterns, identify common issues, improve audio processing algorithms, and ensure compatibility with various audio formats
  • Legal Basis: Necessary for the performance of our beta testing agreement with you, and our Legitimate Interest in developing and improving our software

To Provide Technical Support (Beta Period):

  • Purpose: Diagnose technical problems, understand error patterns, and improve application stability during the beta testing phase
  • Legal Basis: Necessary for the performance of our beta testing agreement with you, and our Legitimate Interest in developing and improving our software

3.3 Shared Purposes (Website and Desktop App)

For Security and Troubleshooting:

  • Purpose: Monitor for and prevent fraudulent or malicious activity, diagnose technical problems, and maintain security
  • Legal Basis: Our Legitimate Interest in protecting our services and business operations

To Comply with Legal Obligations:

  • Purpose: Comply with applicable laws, regulations, and legal processes
  • Legal Basis: Compliance with a legal obligation

4. How We Share Your Data (Third Parties)

We share your personal data with third-party service providers who perform services on our behalf. These third parties are obligated to protect your data and use it only for the purposes we specify.

Brevo (Email Marketing Service): We share your email address and marketing consent status with Brevo to manage our email contact list and send you beta announcements and marketing communications (website only). PostHog (Analytics and A/B Testing): We share usage data, identifiers, and event information with PostHog to perform:

  • Website analytics, A/B testing, and feature flag management (website data)
  • Application usage analytics and user experience analysis (desktop app data, mandatory during beta testing period)
  • Geographic and technical data processing for both website and desktop analytics
  • Anonymous Analytics (no consent required): Page views, traffic sources (including UTM parameters), device information, and approximate location are processed using privacy-preserving, non-persistent identifiers. Data is hosted on PostHog Cloud EU servers in Frankfurt, Germany.

Advertising and Marketing Platforms: We share your website usage data, device information, and interaction data with the following advertising platforms to measure campaign effectiveness, perform conversion tracking, and deliver relevant advertising:

  • Google Ads - for advertising campaigns, conversion tracking, and remarketing (Privacy Policy)
  • Meta Platforms (Facebook/Instagram) - for advertising campaigns and the Meta Pixel for conversion tracking and remarketing (Privacy Policy)
  • TikTok - for advertising campaigns and TikTok Pixel for conversion tracking and remarketing (Privacy Policy)

These platforms may collect:

  • IP address and browser information
  • Pages visited on our website
  • Interactions with our advertisements
  • Device identifiers and advertising IDs
  • Conversion events (e.g., beta signup completion)

Hosting Provider: Your website data, including server logs, is processed and stored by our hosting provider as necessary to operate the Site. We do not sell your personal data. We may also disclose your data if required by law or in response to valid requests by public authorities.

5. Cookies and Tracking Technologies

5.1 Website Cookies

Anonymous Analytics (No Cookie Consent Required) Our website uses PostHog anonymous analytics by default, which operates without cookies or persistent browser storage. This means:

  • No data is stored on your device
  • You cannot be tracked across different days or sessions
  • Each visit appears as a new anonymous user
  • Page views and UTM parameters (traffic sources) are collected to understand basic website usage and marketing effectiveness

Legal Basis: Legitimate interest in understanding website usage and measuring marketing campaign performance.

Cookie Consent Banner: When you first visit our website, you will see a cookie consent banner that allows you to:

  • Accept all cookies (including advertising and analytics)
  • Reject non-essential cookies (advertising and analytics disabled)
  • Customize your cookie preferences
  • Review and change your choices at any time

Our website uses cookies and similar tracking technologies from both first-party (PostHog) and third-party services (Google, Meta, TikTok) to:

  • Analyze website usage (requires consent)
  • Remember your preferences (essential, no consent required)
  • Track advertising effectiveness (requires consent)
  • Enable retargeting campaigns (requires consent)

You can control cookies through:

  1. Our cookie consent banner (recommended)
  2. Your browser settings (may limit functionality)

Cookie Duration:

  • Essential cookies: Session end or a few days
  • Analytics cookies: Up to 1–2 years unless consent is withdrawn
  • Advertising cookies: Up to 1–2 years unless consent is withdrawn

Withdrawing Consent: You can withdraw your cookie consent at any time by clearing your browser cookies or using the "Manage Cookie Preferences" link at the bottom of this page.

5.2 Desktop Application Tracking

The desktop application uses PostHog for analytics with:

  • capture_pageview: Disabled (no automatic page view tracking)
  • Data Collection: System information, usage events, and geographic data (mandatory during beta testing period)
  • Identifiers: Pseudonymous session and device identifiers for analytics correlation
  • Beta Requirement: Data collection cannot be disabled during the beta testing phase as it is essential for improving the application

6. Data Retention

Email Address and Marketing Consent: Retained while you remain subscribed to our mailing list or until you withdraw consent, unless a longer retention period is required by law.

Website Analytics Data: Stored according to PostHog's retention settings and our account configuration.

Desktop Application Analytics Data: Stored according to PostHog's retention settings and our account configuration. You can request deletion of your application analytics data at any time.

Audio Processing Data: Aggregated and anonymized processing statistics may be retained to improve our algorithms, but individual track data is not linked to personal identifiers.

7. Data Security

We have implemented appropriate technical and organizational security measures designed to protect your personal data from accidental loss and unauthorized access, use, alteration, and disclosure. However, no method of transmission over the Internet or electronic storage is 100% secure.

Desktop Application Security: Analytics data from the desktop application is transmitted using secure protocols and encrypted in transit.

In the event of a personal data breach, we will notify affected individuals and regulators as required by law.

8. Your Data Protection Rights

For Users in the European Economic Area (EEA), UK, and Switzerland: Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right to Be Informed — Know what data we collect and how we use it
  • Right to Access — Request a copy of the personal data we hold about you
  • Right to Rectification — Ask us to correct inaccurate data
  • Right to Erasure — Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing — Ask us to limit how we use your data
  • Right to Data Portability — Receive your data in a portable format
  • Right to Object — Object to processing based on legitimate interest or direct marketing
  • Right to Withdraw Consent — Withdraw consent for marketing or analytics at any time
  • Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority:
  • Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI)
  • Other EU countries: Find your local authority

9. How to Exercise Your Rights

To exercise your rights or withdraw consent, contact us at contact@wavealign.com.

9.1 Website Consent Management

Withdraw Marketing Consent: Click the "unsubscribe" link in any marketing email or contact us directly.

Withdraw Website Analytics Consent:

  • Click "Manage Cookie Preferences" at the bottom of this page to re-open the consent banner
  • OR: Clear your browser cookies and refresh the page
  • OR: Contact us at contact@wavealign.com and we will manually remove your consent

Withdraw Advertising Consent:

  • Use the same methods as analytics consent above
  • Additionally, you can opt out directly through advertising platforms:

9.2 Desktop Application Consent Management

During Beta Testing Period:

  • Data collection is mandatory for beta participation and cannot be disabled
  • You maintain all other data protection rights (access, rectification, erasure after beta participation ends)
  • Contact us directly to exercise your rights or if you wish to discontinue beta participation

Post-Beta Release:

  • Full consent management controls will be available in application settings
  • You will be able to opt out of analytics data collection in the final release

10. International Data Transfers

Your personal data may be transferred outside your jurisdiction (e.g., to the US). These countries may have different levels of data protection than your own.

We rely on safeguards such as the EU Standard Contractual Clauses (SCCs) to protect your data when transferring from the EU/UK. You may request a copy of these clauses by contacting us.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be published on this page with a revised "Last Updated" date. For desktop application users, we will also notify you of significant changes through the application itself. We encourage you to review this page regularly.

12. Contact Us

If you have questions about this policy or want to exercise your data rights, contact us:

Email: contact@wavealign.com

For desktop application-specific privacy questions, please include "Desktop App Privacy" in your subject line.

If you want to change your cookie preferences or see the consent banner again, you can do so here: