WavyCom legal documents

Privacy Policy

Information notice on personal data processing pursuant to Articles 13 and 14 of the GDPR.

Last updated: June 5, 2026 · Consent version 2026-06-05

Data controller

The data controller is WavyCom, a project managed by the owner of the wavycom.com domain. For privacy requests, exercise of rights or reports, you can write to privacy@wavycom.com.

If a company or a different legal entity is established in the future, this notice will need to be updated with the name, registered office, VAT number or tax code, and contacts of the new controller.

Data processed

Account data: email, username, encrypted password, age/date of birth, email verification status, preferred language, and profile photo if uploaded.

Billing data: user type, personal or company data, tax code, VAT number, address, postal code, city, province, country, SDI code, PEC, invoices and actual payments.

Location data: current position, point selected on the map, saved POIs, message radius and duration, and SOS position when you use the emergency feature.

Content: public geolocated messages, replies, reactions, private chats, audio/video/image attachments, reports, friend requests, memos and SOS email contacts.

Technical data: IP address, user agent, device identifiers, web/native push notification tokens, security logs, technical cookies and data needed to prevent abuse.

Purposes and legal bases

Performance of a contract or pre-contractual measures: account creation, login, sending and receiving messages, wallet management, payments, invoices, private chats, POIs, memos and requested notifications.

Consent: device geolocation, push notifications, uploading profile photos or attachments, and any non-technical cookies if introduced in the future.

Legal obligation: accounting, electronic invoicing, retention of tax documents, and cooperation with competent authorities.

Legitimate interest: service security, fraud and abuse prevention, defense of rights, content moderation, and technical continuity.

Vital interest or explicit user request: use of the SOS feature when you decide to send an emergency alert.

Geolocation, POIs and SOS

WavyCom works with messages based on position and radius. If you enable geolocation, the service uses your location to deliver messages relevant to the area and calculate the sender’s costs.

POIs are points of interest chosen by you. If you save a POI, you may receive messages related to that area even when you are not physically there.

The SOS feature sends messages and notifications to nearby people and/or configured email contacts. It must be used responsibly and only for real requests for help or relevant situations.

Recipients and suppliers

Data may be processed by technical providers necessary for the service: hosting and database providers, SMTP email providers, push notification systems, payment providers, electronic invoicing services, backup and security providers.

Public geolocated messages are visible to users who fall within the delivery rules. Private chats are visible to participants and to administrators only within the limits necessary for security, support or legal obligations.

We do not sell personal data. We do not use location data for behavioral advertising profiling.

Transfers outside the EEA

Some technology providers, such as push or payment services, may involve processing or transfers outside the European Economic Area. In such cases, GDPR tools are used, such as adequacy decisions, standard contractual clauses or appropriate technical and organizational measures.

Retention

Account and profile: for the entire duration of the account and subsequently for the time necessary for legal obligations, security and defense of rights.

Messages, replies and chats: for the time necessary for service operation and moderation, unless deletion, legal obligations or security needs apply.

Tax data and invoices: for the periods required by Italian tax law.

Technical and security logs: for a period proportionate to preventing abuse, incidents and fraud.

Data subject rights

You may request access, rectification, erasure, restriction, portability, objection and withdrawal of consent where processing is based on consent.

You may lodge a complaint with the Italian Data Protection Authority. First, you can contact us at privacy@wavycom.com for direct handling of your request.

Minors

The service is reserved for users who meet the minimum age indicated during registration. If we discover unauthorized minors’ data, we will remove it according to law.

These texts are prepared for WavyCom based on the current features. Before full commercial production, a review by a privacy/legal consultant is recommended, especially for controller details, suppliers, retention periods and internal procedures.