Legal Basis: We collect and process your data based on consent, contract performance, and legitimate interests.

We collect information you provide directly to us, such as:

• Account information (name, email address) - Contract performance
• Content you create using our services - Contract performance
• Communications with our support team - Legitimate interest
• Payment information (processed securely by Stripe) - Contract performance
• Usage analytics and preferences - Consent/Legitimate interest

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices and support messages
• Respond to your comments and questions
• Develop new features and services

We do not sell, trade, or otherwise transfer your personal information to third parties except:

• With your explicit consent
• To trusted service providers who assist in operating our services
• When required by law or to protect our rights
• In connection with a business transfer or acquisition

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Account Data: Until account deletion or 3 years after last activity
• Project Files: Until manual deletion by user or account deletion
• Usage Analytics: 24 months for performance optimization
• Support Communications: 36 months for quality assurance
• Financial Records: 7 years as required by law

You may request deletion of your account and associated data at any time through ourPrivacy Dashboard.

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your data ("Right to be Forgotten")
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, visit our Privacy Dashboard or contact us at privacy@wordwavestudio.com

We will respond to your request within one month (extendable to three months for complex requests).

We use cookies and similar technologies to enhance your experience. We categorize cookies as follows:

• Necessary Cookies: Essential for website functionality (authentication, security)
• Analytics Cookies: Help us understand usage patterns (with your consent)
• Functional Cookies: Enable enhanced features and personalization (with your consent)
• Marketing Cookies: Used for targeted advertising (with your consent)

You can control cookie settings through our cookie banner or your browser preferences. Disabling certain cookies may affect website functionality.

Cookie Consent: We obtain explicit consent before placing non-essential cookies on your device.

We use the following third-party services that may process your data:

• Clerk: Authentication and user management (GDPR compliant)
• Stripe: Payment processing (GDPR compliant, PCI DSS certified)
• Backblaze B2: Cloud storage for your files (GDPR compliant)
• Vercel: Hosting and analytics (GDPR compliant)

We have Data Processing Agreements (DPAs) with all third-party processors to ensure GDPR compliance. These services may have their own privacy policies.

Your data may be transferred and stored in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Binding Corporate Rules where applicable

If you have any questions about this privacy policy or wish to exercise your data rights, please contact us: