Privacy Policy

1. Data We Collect

Account information: Name, email address, and password (hashed) when you register.

Billing & payment: Billing address and order history stored by WooCommerce. Card details are processed directly by Stripe and are never stored on our servers.

Usage data: Credits consumed, AI tool interactions, content generated (prompts, images, videos, audio), and feature logs used to maintain and improve the service.

Technical data: IP address, browser type, device identifiers, referring URLs, and pages visited, collected automatically via server logs and LiteSpeed cache.

Communications: Support emails or messages you send us.

2. How We Use Your Data

• To create and manage your account and credit balance.
• To process payments and manage subscriptions via WooCommerce and Stripe.
• To deliver AI-generated outputs by passing your prompts to third-party AI APIs (see Section 4).
• To send transactional emails (receipts, password resets, low-credit alerts).
• To detect fraud, abuse, and enforce our Acceptable Use Policy.
• To improve platform performance and develop new features.
• To comply with legal obligations under UK law.

Legal bases: contract performance, legitimate interests, legal obligation, and (for marketing) consent.

3. Cookies

We use cookies and similar technologies for the following purposes:

You can disable non-essential cookies via your browser settings. Disabling session cookies will prevent you from logging in.

4. Third-Party Services

To deliver our AI features, your prompts, images, or audio inputs are sent to the relevant third-party API. Each provider has its own privacy policy:

• Leonardo AI — AI image generation. Privacy Policy
• Anthropic (Claude) — AI chat and content generation. Privacy Policy
• OpenAI (TTS) — Text-to-speech only. Privacy Policy
• Kling AI — AI video ad generation. Privacy Policy
• ElevenLabs — Text-to-speech and voice cloning. Privacy Policy
• D-ID / HeyGen — AI avatar and talking-face video. Refer to the respective provider’s privacy policy.
• Stripe — Payment processing. Privacy Policy
• WooCommerce (Automattic) — E-commerce infrastructure. Privacy Policy

We share only the minimum data necessary for each service to function. We do not sell your personal data to any third party.

5. Data Retention

• Account data: Retained for as long as your account is active, plus 12 months after closure (for dispute resolution).
• Transaction records: 7 years (UK tax and financial record-keeping obligations).
• AI-generated content: Stored on our servers for up to 30 days to allow download; deleted automatically thereafter unless saved to your library.
• Server logs: 90 days, then anonymised.

6. Your Rights (UK GDPR)

Under UK GDPR you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate or incomplete data.
• Erasure — ask us to delete your data (“right to be forgotten”), subject to legal retention requirements.
• Restriction — limit how we process your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests.
• Withdraw consent — at any time for consent-based processing (e.g. marketing emails).

To exercise any right, email us at privacy@wavesaistudio.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

7. Security

We use HTTPS/TLS encryption in transit, hashed passwords, and regular security updates. No transmission over the internet is 100% secure; you use the platform at your own risk.

8. Contact Us

Data Controller: WavesAI Studio, United Kingdom.
Email: privacy@wavesaistudio.com
Website: wavesaistudio.com

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top and, for material changes, notify you by email or an in-app notice. Continued use of the platform after changes constitutes your acceptance of the updated policy.