Privacy Policy
The Wave VPN service ("we", "us", the "Service") is operated by WELCOME TECH LLP, Stoney Works, 8 Stoney Lane, London, United Kingdom, SE19 3BD. This policy explains what we collect, why, and what your choices are. It applies to the Wave VPN apps and the wavevpn.io website. By using the Service you agree to this policy. Privacy contact: privacy@wavevpn.io.
Only the minimum needed to run the service: your email address (sign-in and receipts), your subscription status, and anonymized, aggregated server-load statistics that cannot be tied to any individual user.
We do not collect or store browsing history, traffic contents, DNS queries, source IP addresses, connection timestamps, or bandwidth per user. Our VPN servers run entirely in RAM and never write traffic logs to disk. This zero-log policy is verified annually by an independent auditor; reports are published at wavevpn.io/audit.
We use your email and subscription status to provide the Service, deliver receipts, answer support requests, and send essential service notices (for example, a change to this policy). We do not sell personal data, show ads, or share data with advertisers or data brokers.
The wavevpn.io website uses no third-party analytics, advertising trackers, or fingerprinting. We store only your interface preferences (theme and language) locally in your browser; they never leave your device.
Payments are processed by the App Store, card acquirers, or SBP (NSPK). Payment processors handle card data under their own privacy policies and PCI-DSS requirements. We never receive or store card numbers — only the fact, amount, and date of a payment.
We keep account data (email, subscription status) only for as long as your account exists, plus what tax and accounting law requires for payment records. Aggregated statistics contain no personal data and may be kept indefinitely.
Our VPN servers are located in many countries; account data is stored on infrastructure we control. Wherever data is processed, we apply the same safeguards described in this policy.
If we receive a lawful demand, we can only disclose what we actually hold: an email address, subscription status, and payment facts. We cannot disclose your activity, because we do not record it. If the Service is ever part of a merger or acquisition, we will notify you by email before your data is transferred.
Account data is encrypted in transit and at rest and is accessible to a small number of authorized staff. No method of transmission or storage is 100% secure, but we treat minimizing the data we hold as the strongest protection.
The Service is not directed at children under 13, and we do not knowingly collect data from them. If you believe a child has provided us data, contact privacy@wavevpn.io and we will delete it.
You may request access to, an export of, or deletion of your account data at any time: privacy@wavevpn.io. Deletion is completed within 30 days. You may also delete your account directly in the app.
Our Service may link to sites we do not operate. Their privacy practices are their own; we advise reviewing their policies.
We will post any changes on this page with a new effective date, and notify you by email or an in-app notice before material changes take effect.
Privacy questions: privacy@wavevpn.io. We reply within 72 hours.